diff options
| author | Michael Forney <mforney@mforney.org> | 2025-02-02 01:46:07 -0800 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2025-04-28 22:04:42 -0700 |
| commit | ed3b50be88c8c1c62c38c959919de131838e3855 (patch) | |
| tree | 0e7eba0860587d1401ef9457c46c1a3b090fa297 /pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch | |
| parent | ea3cbbd89c92c107b719e121e2675d22a75585f7 (diff) | |
bubblewrap: Update to 0.11.0
Diffstat (limited to 'pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch')
| -rw-r--r-- | pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch b/pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch new file mode 100644 index 00000000..77b02a26 --- /dev/null +++ b/pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch @@ -0,0 +1,75 @@ +From 0859d2570ddc7ff9ff5c7dc1309dea88eef2168a Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Tue, 4 Jul 2023 19:20:51 -0700 +Subject: [PATCH] Use external string-to-cap function + +--- + bubblewrap.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/bubblewrap.c b/bubblewrap.c +index d834618..bc53891 100644 +--- a/bubblewrap.c ++++ b/bubblewrap.c +@@ -30,8 +30,8 @@ + #include <sys/eventfd.h> + #include <sys/fsuid.h> + #include <sys/signalfd.h> +-#include <sys/capability.h> + #include <sys/prctl.h> ++#include <linux/capability.h> + #include <linux/sched.h> + #include <linux/seccomp.h> + #include <linux/filter.h> +@@ -44,6 +44,10 @@ + #define CLONE_NEWCGROUP 0x02000000 /* New cgroup namespace */ + #endif + ++int capset(void *, void *); ++int capget(void *, void *); ++int cap_from_name(const char *); ++ + /* We limit the size of a tmpfs to half the architecture's address space, + * to avoid hitting arbitrary limits in the kernel. + * For example, on at least one x86_64 machine, the actual limit seems to be +@@ -2604,7 +2608,7 @@ parse_args_recurse (int *argcp, + } + else if (strcmp (arg, "--cap-add") == 0) + { +- cap_value_t cap; ++ int cap; + if (argc < 2) + die ("--cap-add takes an argument"); + +@@ -2616,7 +2620,8 @@ parse_args_recurse (int *argcp, + } + else + { +- if (cap_from_name (argv[1], &cap) < 0) ++ cap = cap_from_name (argv[1]); ++ if (cap < 0) + die ("unknown cap: %s", argv[1]); + + if (cap < 32) +@@ -2630,7 +2635,7 @@ parse_args_recurse (int *argcp, + } + else if (strcmp (arg, "--cap-drop") == 0) + { +- cap_value_t cap; ++ int cap; + if (argc < 2) + die ("--cap-drop takes an argument"); + +@@ -2642,7 +2647,8 @@ parse_args_recurse (int *argcp, + } + else + { +- if (cap_from_name (argv[1], &cap) < 0) ++ cap = cap_from_name (argv[1]); ++ if (cap < 0) + die ("unknown cap: %s", argv[1]); + + if (cap < 32) +-- +2.44.0 + |