diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2018-11-22 16:41:51 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2018-11-22 16:41:51 +0100 |
commit | 7f2280ce8ee4e6bc9bebb57258a0ff9dab7001fd (patch) | |
tree | 42d9ebbec05b6f0e904b324468bb98819380f256 | |
parent | 7acbb1633b7f621728a26e8c5f8871986f0143f7 (diff) | |
download | packages-7f2280ce8ee4e6bc9bebb57258a0ff9dab7001fd.tar.xz |
extra/ctags: hotfix for seccomp sandbox
-rw-r--r-- | extra/ctags/PKGBUILD | 13 | ||||
-rw-r--r-- | extra/ctags/ctags-seccomp32.patch | 16 |
2 files changed, 29 insertions, 0 deletions
diff --git a/extra/ctags/PKGBUILD b/extra/ctags/PKGBUILD new file mode 100644 index 00000000..e6235180 --- /dev/null +++ b/extra/ctags/PKGBUILD @@ -0,0 +1,13 @@ +# See https://github.com/universal-ctags/ctags/issues/1937 and +# https://github.com/universal-ctags/ctags/pull/1938 + +source+=('ctags-seccomp32.patch') +sha512sums+=('749f3db52c17a6af85a725a76e625c06ecf9bd1fd785e1c268800fb882a88f6229cbbab3c9af01a1e4a01ed00de5d887f8616942f77322c1bdc3b626b9165ba0') + +eval "$( + declare -f prepare | \ + sed ' + /}/ i \ + patch -Np1 < ${srcdir}/ctags-seccomp32.patch + ' +)" diff --git a/extra/ctags/ctags-seccomp32.patch b/extra/ctags/ctags-seccomp32.patch new file mode 100644 index 00000000..f371b969 --- /dev/null +++ b/extra/ctags/ctags-seccomp32.patch @@ -0,0 +1,16 @@ +diff -rauN ctags/main/seccomp.c ctags-seccomp32-patch/main/seccomp.c +--- ctags/main/seccomp.c 2018-11-22 16:36:35.366666457 +0100 ++++ ctags-seccomp32-patch/main/seccomp.c 2018-11-22 16:37:05.683333126 +0100 +@@ -41,10 +41,12 @@ + + // The bowels of stdio want to know the size of a file, even for stdout. + seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat), 0); ++ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat64), 0); + + // seems unnecessary, but this comes from + // main/parse.c:2764 : tagFilePosition (&tagfpos); + seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0); ++ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (_llseek), 0); + + // libxml2 uses pthread_once, which in turn uses a futex + seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0); |