rpms/tracker-miners
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-03-11 07:22:39 +00:00
parent 5166043f24
commit 08d0962e8d
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
SOURCES/seccomp-disallow-fchown.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c.fchown tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c
--- tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c.fchown 2025-01-16 16:21:36.991391911 +0100
+++ tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c 2025-01-16 16:21:58.078407022 +0100
@@ -135,6 +135,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (fsync);
ALLOW_RULE (umask);
ALLOW_RULE (chdir);
+ ERROR_RULE (fchown, EPERM);
/* Processes and threads */
ALLOW_RULE (clone);
ALLOW_RULE (futex);

7
SPECS/tracker-miners.spec
View File

@ -14,7 +14,7 @@
Name: tracker-miners
Version: 2.1.5
Release: 2%{?dist}.1
Release: 3%{?dist}
Summary: Tracker miners and metadata extractors
# libtracker-extract is LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code
@ -23,6 +23,7 @@ URL: https://wiki.gnome.org/Projects/Tracker
Source0: https://download.gnome.org/sources/%{name}/2.1/%{name}-%{version}.tar.xz
Patch1: backport-seccomp-improvements.diff
Patch2: seccomp-disallow-fchown.patch
BuildRequires: giflib-devel
BuildRequires: intltool
@ -129,6 +130,10 @@ rm -f %{buildroot}%{_libdir}/tracker-miners-2.0/*.so
%changelog
* Wed Nov 20 2024 Carlos Garnacho <cgarnach@redhat.com> - 2.1.5-3
- Backport seccomp rules
Resolves: RHEL-33587
* Tue Dec 05 2023 Carlos Garnacho <cgarnach@redhat.com> - 2.1.5-2
- Backport stricter seccomp jail
Resolves: RHEL-12466