commit ad2fcfecb9d5bad37a7fcae4f509bd29389bd995 Author: Alexandre Lissy lissyx+mozillians@lissyx.dyndns.org Date: Wed Jun 9 13:45:28 2021 +0000
Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D117297 --- security/sandbox/linux/SandboxFilter.cpp | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index b60902e841e4..4ee50a23d461 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -633,6 +633,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase { case __NR_clone: return ClonePolicy(InvalidSyscall());
+ case __NR_clone3: + return Error(ENOSYS); + // More thread creation. #ifdef __NR_set_robust_list case __NR_set_robust_list: @@ -1311,6 +1314,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { case __NR_clone: return ClonePolicy(Error(EPERM));
+ case __NR_clone3: + return Error(ENOSYS); + # ifdef __NR_fadvise64 case __NR_fadvise64: return Allow();