From d568f35e4787079d862f1ca5b9b84d1d7b8b43ba Mon Sep 17 00:00:00 2001
From: Eike Rathke <erack@redhat.com>
Date: Mon, 9 Aug 2021 15:04:05 +0200
Subject: [PATCH] Resolves: #1982162 Add upstream D117297-clone3.diff

https://phabricator.services.mozilla.com/D117297
---
 D117297-clone3.diff | 24 ++++++++++++++++++++++++
 firefox.spec        |  2 ++
 2 files changed, 26 insertions(+)
 create mode 100644 D117297-clone3.diff

diff --git a/D117297-clone3.diff b/D117297-clone3.diff
new file mode 100644
index 0000000..662a9d8
--- /dev/null
+++ b/D117297-clone3.diff
@@ -0,0 +1,24 @@
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -858,6 +858,9 @@
+       case __NR_clone:
+         return ClonePolicy(InvalidSyscall());
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+         // More thread creation.
+ #ifdef __NR_set_robust_list
+       case __NR_set_robust_list:
+@@ -1504,6 +1507,9 @@
+       case __NR_clone:
+         return ClonePolicy(Error(EPERM));
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+ #  ifdef __NR_fadvise64
+       case __NR_fadvise64:
+         return Allow();
+
diff --git a/firefox.spec b/firefox.spec
index 5446ac9..eb68035 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -294,6 +294,7 @@ Patch515:        mozilla-bmo1626236.patch
 Patch516:        D87019-thin-vec-big-endian.diff
 Patch517:        mozilla-1703636-slot-fail-workaround.patch
 Patch518:        D110204-fscreen.diff
+Patch519:        D117297-clone3.diff
 
 # Flatpak patches
 
@@ -690,6 +691,7 @@ sed -ie 's|/usr/include|/app/include|' %_sourcedir/firefox-pipewire-0-3.patch
 %patch516 -p1 -b .D87019-thin-vec-big-endian.diff
 %patch517 -p1 -b .mozilla-1703636-slot-fail-workaround
 %patch518 -p1 -b .D110204-fscreen.diff
+%patch519 -p1 -b .D117297-clone3.diff
 
 
 %patch1001 -p1 -b .ppc64le-inline