rpms/tracker-miners
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import tracker-miners-3.1.2-3.el9

Browse Source
This commit is contained in:
CentOS Sources 2023-03-28 12:23:43 +00:00 committed by Stepan Oksanichenko
parent 2dcfb51094
commit f5d20340df
2 changed files with 89 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
SOURCES/0001-libtracker-common-Backport-seccomp-additions-from-3..patch Normal file
View File

@ -0,0 +1,74 @@
From 18becd68b4f5b6ebb4024dcfaac1231647778f4b Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Tue, 1 Nov 2022 17:10:42 +0100
Subject: [PATCH] libtracker-common: Backport seccomp additions from 3.4.x
---
src/libtracker-miners-common/tracker-seccomp.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
index f8be94924..6b1c35450 100644
--- a/src/libtracker-miners-common/tracker-seccomp.c
+++ b/src/libtracker-miners-common/tracker-seccomp.c
@@ -102,12 +102,15 @@ tracker_seccomp_init (void)
/* Memory management */
ALLOW_RULE (brk);
+ ALLOW_RULE (get_mempolicy);
+ ALLOW_RULE (set_mempolicy);
ALLOW_RULE (mmap);
ALLOW_RULE (mmap2);
ALLOW_RULE (munmap);
ALLOW_RULE (mremap);
ALLOW_RULE (mprotect);
ALLOW_RULE (madvise);
+ ALLOW_RULE (mbind);
ERROR_RULE (mlock, EPERM);
ERROR_RULE (mlock2, EPERM);
ERROR_RULE (munlock, EPERM);
@@ -116,6 +119,7 @@ tracker_seccomp_init (void)
/* Process management */
ALLOW_RULE (exit_group);
ALLOW_RULE (getuid);
+ ALLOW_RULE (getgid);
ALLOW_RULE (getuid32);
ALLOW_RULE (getegid);
ALLOW_RULE (getegid32);
@@ -140,19 +144,25 @@ tracker_seccomp_init (void)
ALLOW_RULE (lstat64);
ALLOW_RULE (statx);
ALLOW_RULE (access);
+ ALLOW_RULE (faccessat);
+ ALLOW_RULE (faccessat2);
ALLOW_RULE (getdents);
ALLOW_RULE (getdents64);
+ ALLOW_RULE (getcwd);
ALLOW_RULE (readlink);
ALLOW_RULE (readlinkat);
ALLOW_RULE (utime);
ALLOW_RULE (time);
ALLOW_RULE (fsync);
ALLOW_RULE (umask);
+ ERROR_RULE (fchown, EPERM);
/* Processes and threads */
ALLOW_RULE (clone);
+ ALLOW_RULE (clone3);
ALLOW_RULE (futex);
ALLOW_RULE (futex_time64);
ALLOW_RULE (set_robust_list);
+ ALLOW_RULE (rseq);
ALLOW_RULE (rt_sigaction);
ALLOW_RULE (rt_sigprocmask);
ALLOW_RULE (sched_yield);
@@ -175,6 +185,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (pipe);
ALLOW_RULE (pipe2);
ALLOW_RULE (epoll_create);
+ ALLOW_RULE (epoll_create1);
ALLOW_RULE (epoll_ctl);
/* System */
ALLOW_RULE (uname);
--
2.38.1

16
SPECS/tracker-miners.spec
View File

@ -10,7 +10,11 @@
%global tracker_version 3.1.0
%if 0%{?with_rss}
%global systemd_units tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-fs-control-3.service tracker-miner-rss-3.service tracker-writeback-3.service
%else
%global systemd_units tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-fs-control-3.service tracker-writeback-3.service
%endif
# Exclude private libraries from autogenerated provides and requires
%global __provides_exclude_from ^%{_libdir}/tracker-miners-3.0/
@ -20,7 +24,7 @@
Name: tracker-miners
Version: 3.1.2
Release: 1%{?dist}
Release: 3%{?dist}
Summary: Tracker miners and metadata extractors
# libtracker-extract and libtracker-miner libraries are LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code
@ -28,6 +32,8 @@ License: GPLv2+ and LGPLv2+
URL: https://gnome.pages.gitlab.gnome.org/tracker/
Source0: https://download.gnome.org/sources/tracker-miners/3.1/tracker-miners-%{tarball_version}.tar.xz
Patch1: 0001-libtracker-common-Backport-seccomp-additions-from-3..patch
BuildRequires: asciidoc
BuildRequires: gcc
BuildRequires: giflib-devel
@ -138,6 +144,14 @@ This package contains various miners and metadata extractors for tracker.
%changelog
* Tue Nov 22 2022 Carlos Garnacho <cgarnach@redhat.com> - 3.1.2-3
- Do not include RSS miner service on RHEL
Resolves: rhbz#2041633
* Tue Nov 01 2022 Carlos Garnacho <cgarnach@redhat.com> - 3.1.2-2
- Backport seccomp rules from recent releases
Resolves: rhbz#2130143
* Wed Aug 25 2021 Kalev Lember <klember@redhat.com> - 3.1.2-1
- Update to 3.1.2