diff options
Diffstat (limited to 'www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc')
| -rw-r--r-- | www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc b/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc index 6bbdac2476f3..5ad9c05f4d35 100644 --- a/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc +++ b/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc @@ -1,6 +1,6 @@ ---- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2024-11-16 12:20:41 UTC +--- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2025-09-10 13:22:16 UTC +++ sandbox/policy/openbsd/sandbox_openbsd.cc -@@ -0,0 +1,392 @@ +@@ -0,0 +1,393 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. @@ -38,7 +38,6 @@ +#include "base/time/time.h" +#include "build/build_config.h" +#include "crypto/crypto_buildflags.h" -+#include "ppapi/buildflags/buildflags.h" +#include "sandbox/constants.h" +#include "sandbox/linux/services/credentials.h" +#include "sandbox/linux/services/namespace_sandbox.h" @@ -194,6 +193,7 @@ +bool SandboxLinux::SetUnveil(const std::string process_type, sandbox::mojom::Sandbox sandbox_type) { + FILE *fp; + char *s = NULL, *cp = NULL, *home = NULL, **ap, *tokens[MAXTOKENS]; ++ char *xdg_var = NULL; + char path[PATH_MAX]; + const char *ufile; + size_t len = 0, lineno = 0; @@ -258,6 +258,13 @@ + strncpy(path, home, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + strncat(path, tokens[0], sizeof(path) - 1 - strlen(path)); ++ } else if (strncmp(tokens[0], "XDG_", 4) == 0) { ++ if ((xdg_var = getenv(tokens[0])) == NULL || *xdg_var == '\0') { ++ LOG(ERROR) << "failed to get " << tokens[0]; ++ continue; ++ } ++ strncpy(path, xdg_var, sizeof(path) - 1); ++ path[sizeof(path) - 1] = '\0'; + } else { + strncpy(path, tokens[0], sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; @@ -333,14 +340,8 @@ + break; + case sandbox::mojom::Sandbox::kGpu: + case sandbox::mojom::Sandbox::kOnDeviceModelExecution: -+ SetPledge("stdio drm rpath flock cpath wpath prot_exec recvfd sendfd tmppath", NULL); ++ SetPledge("stdio drm inet rpath flock cpath wpath prot_exec recvfd sendfd tmppath unix", NULL); + break; -+#if BUILDFLAG(ENABLE_PPAPI) -+ case sandbox::mojom::Sandbox::kPpapi: -+ // prot_exec needed by v8 -+ SetPledge("stdio rpath prot_exec recvfd sendfd", NULL); -+ break; -+#endif + case sandbox::mojom::Sandbox::kAudio: + SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_audio"); + break; |