Remove EPERM patchset

Not doing this in RHEL. This is likely going to break if the container system's runc is outdated. Consider updating the container host. Related: RHEL-30209
2024-04-18 13:48:40 -05:00 · 2024-04-18 13:48:40 -05:00 · 8ea9fb9ac9
commit 8ea9fb9ac9
parent 836cf47f36
2 changed files with 0 additions and 47 deletions
--- a/glib2.spec
+++ b/glib2.spec
@ -12,10 +12,6 @@ Source:         https://download.gnome.org/sources/glib/2.79/glib-%{version}.tar
 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903
 Patch:          gnutls-hmac.patch

-# recent close_range() changes break CircleCI and GitHub actions -- we can remove this when
-# the baremetal Docker is updated there i.e. lets be a little bit pragmatic...
-Patch:          gspawn-eperm.patch
-
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  gettext
--- a/gspawn-eperm.patch
+++ b/gspawn-eperm.patch
@ -1,43 +0,0 @@
-diff --git a/glib/gspawn.c b/glib/gspawn.c
-index 67be6a6af..aaefd5b0d 100644
--- a/glib/gspawn.c
-+++ b/glib/gspawn.c
-@@ -1598,9 +1598,18 @@ safe_fdwalk_set_cloexec (int lowfd)
-    *
-    * Handle ENOSYS in case it’s supported in libc but not the kernel; if so,
-    * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC`
-   * is not supported. */
-+   * is not supported.
-+   *
-+   * Also handle EPERM for the cases where GLib is running under broken versions
-+   * of Docker+libseccomp which don’t recognise `close_range()` so block calls
-+   * to it under a default security policy which returns EPERM rather than (the
-+   * correct) ENOSYS. This workaround should be carried in distributions until
-+   * they have versions of libseccomp and Docker which contain:
-+   *  - https://salsa.debian.org/debian/libseccomp/-/blob/debian/bullseye/debian/patches/syscalls_add_close_range_syscall.patch
-+   *  - https://github.com/opencontainers/runc/issues/2151
-+   */
-   ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC);
-  if (ret == 0 || !(errno == ENOSYS || errno == EINVAL))
-+  if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM))
-     return ret;
- #endif  /* HAVE_CLOSE_RANGE */
- 
-@@ -1624,9 +1633,15 @@ safe_closefrom (int lowfd)
-    * situations: https://bugs.python.org/issue38061
-    *
-    * Handle ENOSYS in case it’s supported in libc but not the kernel; if so,
-   * fall back to safe_fdwalk(). */
-+   * fall back to safe_fdwalk().
-+   *
-+   * Also handle EPERM for the cases where GLib is running under broken versions
-+   * of Docker+libseccomp which don’t recognise `close_range()` so block calls
-+   * to it under a default security policy which returns EPERM rather than (the
-+   * correct) ENOSYS.
-+   */
-   ret = close_range (lowfd, G_MAXUINT, 0);
-  if (ret == 0 || errno != ENOSYS)
-+  if (ret == 0 || !(errno == ENOSYS || errno == EPERM))
-     return ret;
- #endif  /* HAVE_CLOSE_RANGE */
-