diff --git a/SOURCES/0001-libtracker-common-Backport-seccomp-additions-from-3..patch b/SOURCES/0001-libtracker-common-Backport-seccomp-additions-from-3..patch new file mode 100644 index 0000000..e6801ea --- /dev/null +++ b/SOURCES/0001-libtracker-common-Backport-seccomp-additions-from-3..patch @@ -0,0 +1,74 @@ +From 18becd68b4f5b6ebb4024dcfaac1231647778f4b Mon Sep 17 00:00:00 2001 +From: Carlos Garnacho +Date: Tue, 1 Nov 2022 17:10:42 +0100 +Subject: [PATCH] libtracker-common: Backport seccomp additions from 3.4.x + +--- + src/libtracker-miners-common/tracker-seccomp.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c +index f8be94924..6b1c35450 100644 +--- a/src/libtracker-miners-common/tracker-seccomp.c ++++ b/src/libtracker-miners-common/tracker-seccomp.c +@@ -102,12 +102,15 @@ tracker_seccomp_init (void) + + /* Memory management */ + ALLOW_RULE (brk); ++ ALLOW_RULE (get_mempolicy); ++ ALLOW_RULE (set_mempolicy); + ALLOW_RULE (mmap); + ALLOW_RULE (mmap2); + ALLOW_RULE (munmap); + ALLOW_RULE (mremap); + ALLOW_RULE (mprotect); + ALLOW_RULE (madvise); ++ ALLOW_RULE (mbind); + ERROR_RULE (mlock, EPERM); + ERROR_RULE (mlock2, EPERM); + ERROR_RULE (munlock, EPERM); +@@ -116,6 +119,7 @@ tracker_seccomp_init (void) + /* Process management */ + ALLOW_RULE (exit_group); + ALLOW_RULE (getuid); ++ ALLOW_RULE (getgid); + ALLOW_RULE (getuid32); + ALLOW_RULE (getegid); + ALLOW_RULE (getegid32); +@@ -140,19 +144,25 @@ tracker_seccomp_init (void) + ALLOW_RULE (lstat64); + ALLOW_RULE (statx); + ALLOW_RULE (access); ++ ALLOW_RULE (faccessat); ++ ALLOW_RULE (faccessat2); + ALLOW_RULE (getdents); + ALLOW_RULE (getdents64); ++ ALLOW_RULE (getcwd); + ALLOW_RULE (readlink); + ALLOW_RULE (readlinkat); + ALLOW_RULE (utime); + ALLOW_RULE (time); + ALLOW_RULE (fsync); + ALLOW_RULE (umask); ++ ERROR_RULE (fchown, EPERM); + /* Processes and threads */ + ALLOW_RULE (clone); ++ ALLOW_RULE (clone3); + ALLOW_RULE (futex); + ALLOW_RULE (futex_time64); + ALLOW_RULE (set_robust_list); ++ ALLOW_RULE (rseq); + ALLOW_RULE (rt_sigaction); + ALLOW_RULE (rt_sigprocmask); + ALLOW_RULE (sched_yield); +@@ -175,6 +185,7 @@ tracker_seccomp_init (void) + ALLOW_RULE (pipe); + ALLOW_RULE (pipe2); + ALLOW_RULE (epoll_create); ++ ALLOW_RULE (epoll_create1); + ALLOW_RULE (epoll_ctl); + /* System */ + ALLOW_RULE (uname); +-- +2.38.1 + diff --git a/SPECS/tracker-miners.spec b/SPECS/tracker-miners.spec index a50dce4..7a1c7bf 100644 --- a/SPECS/tracker-miners.spec +++ b/SPECS/tracker-miners.spec @@ -10,7 +10,11 @@ %global tracker_version 3.1.0 +%if 0%{?with_rss} %global systemd_units tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-fs-control-3.service tracker-miner-rss-3.service tracker-writeback-3.service +%else +%global systemd_units tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-fs-control-3.service tracker-writeback-3.service +%endif # Exclude private libraries from autogenerated provides and requires %global __provides_exclude_from ^%{_libdir}/tracker-miners-3.0/ @@ -20,7 +24,7 @@ Name: tracker-miners Version: 3.1.2 -Release: 1%{?dist} +Release: 3%{?dist} Summary: Tracker miners and metadata extractors # libtracker-extract and libtracker-miner libraries are LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code @@ -28,6 +32,8 @@ License: GPLv2+ and LGPLv2+ URL: https://gnome.pages.gitlab.gnome.org/tracker/ Source0: https://download.gnome.org/sources/tracker-miners/3.1/tracker-miners-%{tarball_version}.tar.xz +Patch1: 0001-libtracker-common-Backport-seccomp-additions-from-3..patch + BuildRequires: asciidoc BuildRequires: gcc BuildRequires: giflib-devel @@ -138,6 +144,14 @@ This package contains various miners and metadata extractors for tracker. %changelog +* Tue Nov 22 2022 Carlos Garnacho - 3.1.2-3 +- Do not include RSS miner service on RHEL + Resolves: rhbz#2041633 + +* Tue Nov 01 2022 Carlos Garnacho - 3.1.2-2 +- Backport seccomp rules from recent releases + Resolves: rhbz#2130143 + * Wed Aug 25 2021 Kalev Lember - 3.1.2-1 - Update to 3.1.2