Commit 7d36d4f2 authored by Daniel Santana's avatar Daniel Santana Committed by Bart Ribbers
Browse files

community/qt5-qtwebengine: fix seccomp policies

This patch should fix the Renderer process crashing when trying to play
audio files and similar issues related to thread priority changes. These
changes are also present in `community/chromium/musl-sandbox.patch`.
parent fc7f3ae8
# Maintainer: Bart Ribbers <bribbers@disroot.org>
pkgname=qt5-qtwebengine
pkgver=5.15.2
pkgrel=3
pkgrel=4
pkgdesc="Qt5 - QtWebEngine components"
url="https://www.qt.io/developers/"
# ppc64le and s390x are not supported
......@@ -87,7 +87,6 @@ source="https://download.qt.io/$_rel/qt/${pkgver%.*}/$pkgver/submodules/qtwebeng
yasm-nls.patch
nasm.patch
musl-hacks.patch
sandbox-sched_getparam.patch
remove-glibc-check.patch
"
builddir="$srcdir/qtwebengine-everywhere-src-$pkgver"
......@@ -124,9 +123,8 @@ d1662975ecd6a9fbf37ddba095764412bdaa1af78f171d5f45dd10f9d8aa41b401712cef2663c1c3
b37fbc4df03c82123f94982039defa12d9bb8c885c9dcf8fff556b5f9cc58182fa471f970cc3a5e2d5dbe964855f591b474366b6a8926d94ae6a78e883811c1a qt-musl-thread-stacksize.patch
7e4e404913bfa23e4cf5ff7cd6abf6f57064da86a3740933eb84cf34b88db94dd605cd886b3554b24994c62f01ddeb328dd2f1ace0145b3cc670451761c2f5f9 qt-musl-elf-arm.patch
173c401e1a0daa7a1471880807e4fb0a74fc338a0f306dc067147878c29e7bb94cae43c37fe2bf21dd7a7ffd2d739697fd21d10c059ce647df01d8236612cc68 qt-musl-crashpad.patch
dec69ea8dd9cfa2973264ec405092d364513bbd47303a94c128d873a3de7294760340f3ad31753e6bddd42e98c547312e070b49a062f693b2e19aa01d772063a musl-sandbox.patch
33d902118062c5ab16a4a6c175df8847a42d7f3db9939795c25648c7f881fb7a915399df3a1355f2c1d1f95a6c0a601ac1a0f8a50cfe75c8c9c6ea1c8d87ebf8 musl-sandbox.patch
f6b1941e40f44b675ab554166e3cd8d3272b23f48571b4949b3af7b8e1c642ee84fe0ee26dd2457fc3bf20e9924cddb411e293b7a8a103029ee196587371a1e2 yasm-nls.patch
9add958caa0d6acb2866d3927aadfa6b378c92d62463f1b3d65ae1e5400915d89388ac54beb30c4d4d42d2901ee28f404d8574b771854556f6a75698301870eb nasm.patch
b99eaa4a0b06ab1cb461fc4bfc7416c779ba1e847614b96f08de97a137a09577ea642813e5e3235167ccc5180c6ffcc06ebf2a61e3b4c210de9dee765e0e7404 musl-hacks.patch
dbe606be93377f094c6a1ab0358ae042f3e7aff95c635b07ebc04aa3173f7221a478fd544e8347152a4ca125a837d6da774929423868d5c9d5bd6165bdd1ba6d sandbox-sched_getparam.patch
7153ce7372fed73dccb676079bc5af37f56be113f42ee64ed48cd7997dc2a4aa287523f36f0b8d3c717f1c4ad7f796843850b86a2dce50de5f0ade6a47785bee remove-glibc-check.patch"
......@@ -160,3 +160,20 @@ index 349504aee..6a6d4756f 100644
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
diff --git a/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc b/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
--- a/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
+++ b/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
@@ -88,11 +88,11 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
case __NR_sysinfo:
case __NR_times:
case __NR_uname:
- return Allow();
- case __NR_sched_getaffinity:
case __NR_sched_getparam:
case __NR_sched_getscheduler:
case __NR_sched_setscheduler:
+ return Allow();
+ case __NR_sched_getaffinity:
return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_prlimit64:
// See crbug.com/662450 and setrlimit comment above.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment