commit: de6efe6b3e28eea299401244e7b506a6f9c22d51 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Wed Dec 23 19:13:51 2020 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Wed Dec 23 19:13:51 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de6efe6b
sys-apps/man-db: allow clock_gettime64 syscall Closes: https://bugs.gentoo.org/744712 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> .../files/man-db-2.9.3-clock_gettime64.patch | 44 ++++++++++++++++++++++ .../{man-db-9999.ebuild => man-db-2.9.3-r1.ebuild} | 5 ++- sys-apps/man-db/man-db-9999.ebuild | 4 +- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch new file mode 100644 index 00000000000..0da1b2c5b2b --- /dev/null +++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch @@ -0,0 +1,44 @@ +From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001 +From: "S. Gilles" <sgil...@umd.edu> +Date: Wed, 12 Aug 2020 16:40:07 -0400 +Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks + +libcs such as musl expect ENOSYS to be returned (not EPERM) in their +fallback code, so change the seccomp filter to be more agreeable to +them. + +At the same time, clock_gettime is permitted in the filter, so permit +clock_gettime64 as well -- it will be needed by 2038 in any case. + +* lib/sandbox.c (make_seccomp_filter): Set default action to +SCMP_ACT_ERRNO (ENOSYS). Allow clock_gettime64. +* NEWS: Document this. +--- + NEWS | 9 +++++++++ + lib/sandbox.c | 3 ++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/sandbox.c b/lib/sandbox.c +index 21ec28aa..d934a0f9 100644 +--- a/lib/sandbox.c ++++ b/lib/sandbox.c +@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + ; + + debug ("initialising seccomp filter (permissive: %d)\n", permissive); +- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM)); ++ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS)); + if (!ctx) + error (FATAL, errno, "can't initialise seccomp filter"); + +@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + /* systemd: SystemCallFilter=@default */ + SC_ALLOW ("clock_getres"); + SC_ALLOW ("clock_gettime"); ++ SC_ALLOW ("clock_gettime64"); + SC_ALLOW ("clock_nanosleep"); + SC_ALLOW ("execve"); + SC_ALLOW ("exit"); +-- +cgit v1.2.1 + diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild similarity index 97% copy from sys-apps/man-db/man-db-9999.ebuild copy to sys-apps/man-db/man-db-2.9.3-r1.ebuild index 25d02ea5f57..35e2bb5d6ce 100644 --- a/sys-apps/man-db/man-db-9999.ebuild +++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild @@ -46,7 +46,10 @@ RDEPEND=" " PDEPEND="manpager? ( app-text/manpager )" -PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch ) +PATCHES=( + "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch + "${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch +) pkg_setup() { if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150 diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild index 25d02ea5f57..cf3711365b0 100644 --- a/sys-apps/man-db/man-db-9999.ebuild +++ b/sys-apps/man-db/man-db-9999.ebuild @@ -46,7 +46,9 @@ RDEPEND=" " PDEPEND="manpager? ( app-text/manpager )" -PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch ) +PATCHES=( + "${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch +) pkg_setup() { if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
