| commit | f3c917946fa2720d12edc43d44c81733e6abc71f | [log] [tgz] |
|---|---|---|
| author | Sergio Gómez <[email protected]> | Fri Jun 27 00:01:07 2025 |
| committer | Chromeos LUCI <[email protected]> | Wed Jul 09 18:58:04 2025 |
| tree | 7536e13ac34f9bb66ec32adb41ae8f11a7cf5c0d | |
| parent | 5c05e87dd9183995ee002f802d1981b83b463bdb [diff] |
seccomp: allow the clone3 syscall in seccomp policies We currently only allow conditionally the clone3 syscall through the +clone3 USE flag. Gentoo removed this flag starting with glibc version 2.36, since the last app that used the flag (Discord) fixed the issue (see https://bugs.gentoo.org/827386#c4). Also, this syscall is implemented in all versions of our kernels (it was introduced in v5.3), so it is safe to allow it. Since glibc internally forwards clone() to clone3(), we add clone3 to the seccomp policies that already have a rule for clone. BUG=b:428902090 TEST=rebuilt SDK and cros toolchain with clone3 enabled; boot on jacuzzi and drive for a while. Change-Id: I32e1e91855f67f08f592fd9303da7d61cbc3119a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/6695735 Commit-Queue: ChromeOS Auto Retry <[email protected]> Reviewed-by: Jorge Lucangeli Obes <[email protected]> Tested-by: Sergio Andres Gomez Del Real <[email protected]> Reviewed-by: Hugo Benichi <[email protected]>