diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2023-01-10 14:52:32 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-01-26 23:37:05 +0000 |
| commit | b6f577e2e705a45f9131b8b50092fa32fb3f79eb (patch) | |
| tree | 9d8d061a2dad0061da408cb91323b689d7ede0ea | |
| parent | dc62b99bdfcef6626ff1d61ce54aaddbd3b80c38 (diff) | |
| download | poky-b6f577e2e705a45f9131b8b50092fa32fb3f79eb.tar.gz | |
dhcpcd: backport two patches to fix runtime error
In case of nodistro, dhcpcd gives us 'Bad system call'
error and exits. This is because there are syscalls that
should be allowed but not in privsep. Backport two patches
to fix this issue.
(From OE-Core rev: a40acd3741069bb70283581d186e09d1d7df2a7a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1e6a0c16d6685096ec9313301aa431e73d02c07)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
3 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 1d03de09c8..5cf77fa0f6 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb | |||
| @@ -14,6 +14,8 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" | |||
| 14 | SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ | 14 | SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ |
| 15 | file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ | 15 | file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ |
| 16 | file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ | 16 | file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ |
| 17 | file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ | ||
| 18 | file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \ | ||
| 17 | file://dhcpcd.service \ | 19 | file://dhcpcd.service \ |
| 18 | file://dhcpcd@.service \ | 20 | file://dhcpcd@.service \ |
| 19 | " | 21 | " |
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch new file mode 100644 index 0000000000..68ab93416a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Roy Marples <roy@marples.name> | ||
| 3 | Date: Fri, 26 Aug 2022 09:08:36 +0100 | ||
| 4 | Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc | ||
| 5 | |||
| 6 | Fixes #120 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b] | ||
| 9 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 10 | --- | ||
| 11 | src/privsep-linux.c | 3 +++ | ||
| 12 | 1 file changed, 3 insertions(+) | ||
| 13 | |||
| 14 | diff --git a/src/privsep-linux.c b/src/privsep-linux.c | ||
| 15 | index b238644b..479a1d82 100644 | ||
| 16 | --- a/src/privsep-linux.c | ||
| 17 | +++ b/src/privsep-linux.c | ||
| 18 | @@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = { | ||
| 19 | #ifdef __NR_getpid | ||
| 20 | SECCOMP_ALLOW(__NR_getpid), | ||
| 21 | #endif | ||
| 22 | +#ifdef __NR_getrandom | ||
| 23 | + SECCOMP_ALLOW(__NR_getrandom), | ||
| 24 | +#endif | ||
| 25 | #ifdef __NR_getsockopt | ||
| 26 | /* For route socket overflow */ | ||
| 27 | SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET), | ||
| 28 | -- | ||
| 29 | 2.17.1 | ||
| 30 | |||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch new file mode 100644 index 0000000000..c5d2cba305 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Roy Marples <roy@marples.name> | ||
| 3 | Date: Fri, 26 Aug 2022 09:24:50 +0100 | ||
| 4 | Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well | ||
| 5 | |||
| 6 | Allows newer glibc variants to work apparently. | ||
| 7 | As reported in #84 and #89. | ||
| 8 | |||
| 9 | Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] | ||
| 10 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 11 | --- | ||
| 12 | src/privsep-linux.c | 3 +++ | ||
| 13 | 1 file changed, 3 insertions(+) | ||
| 14 | |||
| 15 | diff --git a/src/privsep-linux.c b/src/privsep-linux.c | ||
| 16 | index 479a1d82..6327b1bc 100644 | ||
| 17 | --- a/src/privsep-linux.c | ||
| 18 | +++ b/src/privsep-linux.c | ||
| 19 | @@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { | ||
| 20 | #ifdef __NR_nanosleep | ||
| 21 | SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ | ||
| 22 | #endif | ||
| 23 | +#ifdef __NR_newfstatat | ||
| 24 | + SECCOMP_ALLOW(__NR_newfstatat), | ||
| 25 | +#endif | ||
| 26 | #ifdef __NR_ppoll | ||
| 27 | SECCOMP_ALLOW(__NR_ppoll), | ||
| 28 | #endif | ||
| 29 | -- | ||
| 30 | 2.17.1 | ||
| 31 | |||