Branch: refs/heads/release-14.12
Home: https://github.com/NixOS/nixpkgs
Commit: 47c741fa6086c1c580157d97af2a2eb73745896f
https://github.com/NixOS/nixpkgs/commit/47c741fa6086c1c580157d97af2a2eb73745896f
Author: aszlig <[email protected]>
Date: 2015-01-23 (Fri, 23 Jan 2015)
Changed paths:
M
pkgs/applications/networking/browsers/chromium/source/sandbox_userns_36.patch
Log Message:
-----------
chromium: Fix userns patch for kernel 3.18.2.
Writing the gid_map is already non-fatal, but the actual sandbox process
still tries to setresgid() to nogroup (usually 65534). This however
fails, because if user namespace sandboxing is present, the namespace
doesn't have CAP_SETGID at this point.
Fortunately, the effective GID is already 65534, so we just need to
check whether the target gid matches and only(!) setresgid() if it
doesn't.
So if someone would run a SUID version of the sandbox, it would still
work nonetheless without a negative impact on security.
Fixes #5730, thanks to @wizeman for reporting and initial debugging.
Signed-off-by: aszlig <[email protected]>
(cherry picked from commit 536feffc685f3550f7b54f292d629e1643ae8c15)
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
