summaryrefslogtreecommitdiff
path: root/packages/net-www/chromium-stable/files/chromium-fix-sandbox-with-glibc-2.34.patch
blob: 20ba7969252f29e53d94530ba55fa7986f667d29 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Upstream: yes
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 05c39f0..086c56a2 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -178,6 +178,12 @@
     return RestrictCloneToThreadsAndEPERMFork();
   }
 
+  // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
+  // to force the libc to use clone. See https://crbug.com/1213452.
+  if (sysno == __NR_clone3) {
+    return Error(ENOSYS);
+  }
+
   if (sysno == __NR_fcntl)
     return RestrictFcntlCommands();