commit 161de9f58ff7c8783cb019e7c806047976a45eb7 Author: Yawning Angel yawning@schwanenlied.me Date: Wed Apr 12 22:21:09 2017 +0000
Add `prlimit64` to the firefox system call whitelist.
ESR52 calls it, and I don't have the time to check every instance to see if returning ENOSYS is acceptable. --- ChangeLog | 1 + data/torbrowser-amd64.seccomp | 1 + 2 files changed, 2 insertions(+)
diff --git a/ChangeLog b/ChangeLog index 1007ae3..92ce6c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ Changes in version 0.0.5 - UNRELEASED: * Fix e10s Web Content crash on systems with grsec kernels. + * Add `prlimit64` to the firefox system call whitelist.
Changes in version 0.0.4 - 2017-04-12: * Bug 21928: Force a reinstall if an existing hardened bundle is present. diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp index 11e42e5..17be3d7 100644 --- a/data/torbrowser-amd64.seccomp +++ b/data/torbrowser-amd64.seccomp @@ -151,6 +151,7 @@ getuid: 1 geteuid: 1 getgid: 1 getegid: 1 +prlimit64: 1 rt_sigaction: 1 rt_sigprocmask: 1 rt_sigreturn: 1