rpms/tracker-miners
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update patch from last change so it actually compiles

Browse Source 
Resolves: RHEL-33587
This commit is contained in:
Tomas Popela 2025-01-16 16:25:08 +01:00
parent 3ff0fed367
commit 1e7ee47456
3 changed files with 12 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-seccomp-Disallow-fchown.patch
View File

@ -1,30 +0,0 @@
From cdf284962357abf5521670470e3239e92c4e4a31 Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Tue, 4 Oct 2022 17:38:28 +0200
Subject: [PATCH] seccomp: Disallow fchown
This is needed by SQLite on some circumstances, but these mostly
apply to databases being opened with other users. This is something
that happens on CI, but is not expected to happen in real circumstances.
Anyhow, SQLite does not check for fchown return value, so just error
out softly if that happens.
---
src/libtracker-miners-common/tracker-seccomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
index 2f9cb8176..3102d0997 100644
--- a/src/libtracker-miners-common/tracker-seccomp.c
+++ b/src/libtracker-miners-common/tracker-seccomp.c
@@ -155,6 +155,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (time);
ALLOW_RULE (fsync);
ALLOW_RULE (umask);
+ ERROR_RULE (fchown, EPERM);
/* Processes and threads */
ALLOW_RULE (clone);
ALLOW_RULE (clone3);
--
2.47.0

11
seccomp-disallow-fchown.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c.fchown tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c
--- tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c.fchown 2025-01-16 16:21:36.991391911 +0100
+++ tracker-miners-2.1.5/src/libtracker-miners-common/tracker-seccomp.c 2025-01-16 16:21:58.078407022 +0100
@@ -135,6 +135,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (fsync);
ALLOW_RULE (umask);
ALLOW_RULE (chdir);
+ ERROR_RULE (fchown, EPERM);
/* Processes and threads */
ALLOW_RULE (clone);
ALLOW_RULE (futex);

2
tracker-miners.spec
View File

@ -23,7 +23,7 @@ URL: https://wiki.gnome.org/Projects/Tracker
Source0: https://download.gnome.org/sources/%{name}/2.1/%{name}-%{version}.tar.xz
Patch1: backport-seccomp-improvements.diff
Patch2: 0001-seccomp-Disallow-fchown.patch
Patch2: seccomp-disallow-fchown.patch
BuildRequires: giflib-devel
BuildRequires: intltool