The following error occured while I was building file-5.44: ``` Making all in magic make[2]: Entering directory '/var/tmp/portage/sys-apps/file-5.44/work/file-5.44-abi_x86_64.amd64/magic' ../src/file -C -m magic make[2]: *** [Makefile:863: magic.mgc] Bad system call make[2]: Leaving directory '/var/tmp/portage/sys-apps/file-5.44/work/file-5.44-abi_x86_64.amd64/magic' make[1]: *** [Makefile:462: all-recursive] Error 1 make[1]: Leaving directory '/var/tmp/portage/sys-apps/file-5.44/work/file-5.44-abi_x86_64.amd64' make: *** [Makefile:371: all] Error 2 ``` Running dmesg shows the following error: `[ 9657.919747] audit: type=1326 audit(1672473078.697:16): auid=1000 uid=250 gid=250 ses=3 subj=kernel pid=757092 comm="file" exe="/var/tmp/portage/sys-apps/file-5.44/work/file-5.44-abi_x86_64.amd64/src/.libs/file" sig=31 arch=c000003e syscall=439 compat=0 ip=0x7f295f34a91f code=0x0` Syscall 439 is faccessat2. Therefore I tried to add a ALLOW_RULE to src/seccomp.c, which surprisingly worked and got it to compile. The patch is also attached below for reference. I suppose either the kernel version or the glibc version caused the usage of faccessat2, but I am unable to confirm it. Also, I am unsure if this is the ultimate fix, so more info is welcome. Reproducible: Always Steps to Reproduce: 1. Build file-5.44 with the seccomp USE flag 2. Watch it fail Actual Results: Build error in the magic directory Expected Results: file builds successfully Portage 3.0.42 (python 3.11.1-final-0, default/linux/amd64/17.1/desktop/plasma/systemd, gcc-12, glibc-2.36-r6, 6.0.7-gentoo-x86_64 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-6.0.7-gentoo-x86_64-x86_64-AMD_Ryzen_9_4900H_with_Radeon_Graphics-with-glibc2.36 KiB Mem: 28651540 total, 2675092 free KiB Swap: 67108860 total, 67106556 free Timestamp of repository gentoo: Sat, 31 Dec 2022 04:45:01 +0000 Head commit of repository gentoo: 1189cb67f26b1d0b18421d053c6e3000bb6c0273 Timestamp of repository 4nykey: Wed, 28 Dec 2022 10:33:06 +0000 Head commit of repository 4nykey: 2d46728924cf1428134fb621d1058a0b35d9deec Timestamp of repository ArchFeh: Tue, 27 Dec 2022 16:49:19 +0000 Head commit of repository ArchFeh: 9c997d3a81cfd9c5bce0a02730adce85faa9d8cf Timestamp of repository Miezhiko: Thu, 29 Dec 2022 09:03:06 +0000 Head commit of repository Miezhiko: fcb8e9cb1eca19df1622034f64ef2766fd68c0cb Timestamp of repository ROKO__: Thu, 29 Dec 2022 17:48:03 +0000 Head commit of repository ROKO__: 578103f4bb8aa6ad2e5053ab42bb7976f89dca20 Head commit of repository The-Anime-Game: 9db1fafe8be2fb1c805ba50546581b87a5922748 Timestamp of repository brave-overlay: Tue, 27 Dec 2022 16:49:12 +0000 Head commit of repository brave-overlay: dfa02661d0653739d43fb35f39aadb19a3ac5ab0 Timestamp of repository earshark: Tue, 27 Dec 2022 16:49:04 +0000 Head commit of repository earshark: d45a0008c03439ad51067bcbff4e57856a28bbd1 Head commit of repository gcloud-Overlay: de4ee164a635fb7aa39bd165e19be9fa35922d1c Timestamp of repository gentoo-zh: Fri, 30 Dec 2022 07:32:00 +0000 Head commit of repository gentoo-zh: 466999d67108c13e76af63e8fbe6e1d94a0c7682 Head commit of repository gig: 29d737fec9fa710c87c53514f7dd398b1ec750b5 Timestamp of repository hamari: Fri, 30 Dec 2022 10:02:15 +0000 Head commit of repository hamari: 1da0f9feac4518a8483f0f039c44596fc6cb86a4 Timestamp of repository natinst: Tue, 27 Dec 2022 16:49:24 +0000 Head commit of repository natinst: 752d775aaa23b95c74e2528552d39f2874b343cd Head commit of repository nvidia-docker-overlay: f00c4841709df0f832dd00ce134a408aa98936e8 Timestamp of repository steam-overlay: Tue, 27 Dec 2022 16:49:00 +0000 Head commit of repository steam-overlay: 40d6049781a464f1d47e1a42e2d35f0d091fb7b1 Timestamp of repository thegreatmcpain: Fri, 30 Dec 2022 05:17:00 +0000 Head commit of repository thegreatmcpain: 66bd0fb04dd90aa6be1737255b39047ac207d851 Timestamp of repository vifino-overlay: Wed, 28 Dec 2022 10:33:06 +0000 Head commit of repository vifino-overlay: 1b46f8a198591f2981f939c750b9282dd7eba604 sh bash 5.2_p15 ld GNU ld (Gentoo 2.38 p4) 2.38 app-misc/pax-utils: 1.3.5::gentoo app-shells/bash: 5.2_p15::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.36.0-r1::gentoo dev-lang/python: 3.8.16::gentoo, 3.9.16::gentoo, 3.10.9::gentoo, 3.11.1::gentoo, 3.12.0_alpha3::gentoo dev-lang/rust: 1.64.0-r1::gentoo dev-lang/rust-bin: 1.66.0::gentoo dev-util/cmake: 3.25.1::gentoo dev-util/meson: 0.64.1::gentoo sys-apps/baselayout: 2.9::gentoo sys-apps/sandbox: 2.30::gentoo sys-apps/systemd: 252.3::gentoo sys-devel/autoconf: 2.13-r7::gentoo, 2.71-r5::gentoo sys-devel/automake: 1.16.5::gentoo sys-devel/binutils: 2.38-r2::gentoo, 2.39-r4::gentoo sys-devel/binutils-config: 5.4.1::gentoo sys-devel/clang: 14.0.6-r1::gentoo, 15.0.6::gentoo sys-devel/gcc: 11.3.1_p20221209::gentoo, 12.2.1_p20221210::gentoo sys-devel/gcc-config: 2.9::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/lld: 14.0.6-r1::gentoo, 15.0.6::gentoo sys-devel/llvm: 14.0.6-r2::gentoo, 15.0.6::gentoo sys-devel/make: 4.4::gentoo sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.36-r6::gentoo Repositories: (I deleted this part as the URL triggers the spam filter) ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y --complete-graph y" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live candy config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" LANG="en_US zh_TW" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" LINGUAS="en_US zh_TW" MAKEOPTS="-j17" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" RUSTFLAGS="-C opt-level=2 -C target-cpu=native" SHELL="/bin/bash" USE="10bit 12bit 7z 7zip X a52 aac aacplus aacs acl acpi activities adns aio alsa amd64 anthy base bash-completion bdplus bittorrent bluetooth bluray branding bzip2 cairo caps cdda cdr cgroup-hybrid chewing chromaprint cjk clang cli clippy conntrack corefonts crypt cryptsetup cuda cups custom-cflags cxx dbus declarative device-mapper dns-over-tls dnssec dolphin dri dropbox dts dvd dvdr encode eselect-ldso exif ffmpeg flac font_types_otf fontconfig fortran gdbm geolocation gif gmp gpm gps gstreamer gtk gui handbook iconv icu idn inotify iproute2 ipv6 ithreads jmol joystick jpeg jpeg2k json jumbo-build kde kwallet lame lcms ldap libevent libglvnd libkms libnotify libtirpc lm-sensors lm_sensors lrz lz4 lzma lzo mad matroska mdnsresponder-compat mng modern-top mp3 mp4 mpeg mpi mpi-threads multilib nat ncat ncurses netlink networkmanager nftables nls nptl offensive offload ogg opencl opengl openmp openssl opus osmesa pam pango pcre pdf pgo pic pie plasma png policykit posix postproc ppds pulseaudio python qml qt5 quicktime rar raw readline rust-src rustfmt samba sasl sdl seccomp secure-delete semantic-desktop sound speex spell split-usr ssl startup-notification static-lib svg systemd test-rust theora threads thunderbolt tiff trayicon truetype udev udf udisks unicode unzip upnp upnp-av upower usb usbredir user-session v4l vaapi vdpau vorbis vulkan widgets wifi wxwidgets x264 x265 xattr xcb xft xml xv xvid zeroconf zip zlib zsh-completions zstd" ABI_X86="64 32" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput joystick synaptics" KERNEL="linux" L10N="en-US zh-TW" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10 python3_11" RUBY_TARGETS="ruby27" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi radeon nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS ================================================================= Package Settings ================================================================= sys-apps/file-5.44::gentoo was built with the following: USE="bzip2 lzma seccomp zlib zstd -lzip -python -static-libs -verify-sig" ABI_X86="32 (64) (-x32)" PYTHON_TARGETS="python3_10 python3_11 -python3_8 -python3_9"
Created attachment 845988 [details, diff] A patch that adds faccessat2 to the list of allowed syscalls in src/seccomp.c
*** Bug 889076 has been marked as a duplicate of this bug. ***
*** Bug 889180 has been marked as a duplicate of this bug. ***
Thanks for the analysis. It's exposed by sandbox-2.30.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a43a1114f05d985cef96402cab1451580a6339b commit 0a43a1114f05d985cef96402cab1451580a6339b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 12:51:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 12:52:10 +0000 sys-apps/file: allow faccessat2 syscall in seccomp for sandbox-2.30 Closes: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> .../{file-5.43-r1.ebuild => file-5.43-r2.ebuild} | 4 ++-- .../file/{file-5.44.ebuild => file-5.44-r1.ebuild} | 5 ++-- sys-apps/file/file-9999.ebuild | 6 ++--- .../file/files/file-5.43-portage-sandbox.patch | 28 ++++++++++++++++++++++ .../files/file-5.43-seccomp-fstatat64-musl.patch | 22 +++++++++++++++++ sys-apps/file/files/file-5.44-seccomp-utimes.patch | 18 ++++++++++++++ 6 files changed, 76 insertions(+), 7 deletions(-) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a07366122f0949b3264f1d4037345e7a95a079f commit 3a07366122f0949b3264f1d4037345e7a95a079f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 12:57:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 12:57:48 +0000 sys-apps/portage: depend on fixed file for sandbox-2.30 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> ....0.38.1-r5.ebuild => portage-3.0.38.1-r6.ebuild} | 18 +++++++++++++----- ...ge-3.0.41-r1.ebuild => portage-3.0.41-r2.ebuild} | 21 +++++++++++++++------ ...rtage-3.0.42.ebuild => portage-3.0.42-r1.ebuild} | 21 +++++++++++++++------ sys-apps/portage/portage-9999.ebuild | 15 +++++++++++---- 4 files changed, 54 insertions(+), 21 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfb9674fe7d1123bf213c8ea9bdb28e96d5ee5f3 commit dfb9674fe7d1123bf213c8ea9bdb28e96d5ee5f3 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 13:25:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 13:27:10 +0000 sys-apps/sandbox: add blocker on older versions of sys-apps/file to 2.30-r1 My distaste for blockers-as-a-dependency limit are well known, but this is still useful for a specific case where someone is partially upgrading and therefore doesn't get the Portage upgrade which has a proper >= dep. It serves as a notice that they need to upgrade file, which is good enough. It's worth doing this because of how severe file not working can be. Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/sandbox/{sandbox-2.30.ebuild => sandbox-2.30-r1.ebuild} | 3 +++ 1 file changed, 3 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 commit 0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 14:40:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 14:45:35 +0000 bin: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. Things can go catastrophically wrong if file misses valid input, as we may have invalid VDB metadata. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> NEWS | 16 +++++++++++++--- bin/estrip | 2 +- bin/install-qa-check.d/10ignored-flags | 2 +- bin/misc-functions.sh | 2 +- 4 files changed, 16 insertions(+), 6 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d40af3c56436cdbf774707cb36a8cdc832b3dd commit c5d40af3c56436cdbf774707cb36a8cdc832b3dd Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 04:02:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 unpacker.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/unpacker.eclass | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=592c4558b9be2f82969ceec835240ebec23ac932 commit 592c4558b9be2f82969ceec835240ebec23ac932 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 04:02:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 mono.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/mono.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a52eaeab3ca96b55c45d774dac60d004db8bb39 commit 4a52eaeab3ca96b55c45d774dac60d004db8bb39 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-03 03:59:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-05 00:33:06 +0000 dotnet.eclass: pass -S to file to disable seccomp Files being installed by Portage are generally trusted but also the syscalls allowed by file are quite broad anyway. With e.g. new libc or sandbox version (or any number of things...), the syscalls used by file can change which leads to its seccomp filter killing the process. This is an acceptable tradeoff when users are calling file(1), but it makes less sense with trusted input within Portage, especially where it may lead to confusing errors (swallowed within pipes, subshells, etc). Indeed, it might even be the case that file(1) is broken, but the user needs to complete a world upgrade to get a newer file/portage/???, but can't because of various ebuilds (like ones using this eclass) failing. Disable seccomp for these calls to keep working. Bug: https://bugs.gentoo.org/811462 Bug: https://bugs.gentoo.org/815877 Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> eclass/dotnet.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91bff8e1a6489728a3951a052ff7bd3daa1903b3 commit 91bff8e1a6489728a3951a052ff7bd3daa1903b3 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-13 03:46:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-13 03:46:34 +0000 sys-apps/file: depend on newer libseccomp for faccessat2() This ensures correct upgrade ordering and also mitigates issues w/ partial upgrades - newer libseccomp is needed for faccessat2 to be defined properly. Bug: https://bugs.gentoo.org/889046 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/file/{file-5.43-r2.ebuild => file-5.43-r3.ebuild} | 14 +++++++++----- sys-apps/file/{file-5.44-r2.ebuild => file-5.44-r3.ebuild} | 10 +++++++--- sys-apps/file/file-9999.ebuild | 12 ++++++++---- 3 files changed, 24 insertions(+), 12 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dbbbf5f526aff28f9c8ba79c7a277bc3aa09398b commit dbbbf5f526aff28f9c8ba79c7a277bc3aa09398b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-10-19 18:06:37 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-10-19 18:08:42 +0000 sys-apps/file: add another seccomp fix for sandbox Bug: https://bugs.gentoo.org/728978 Bug: https://bugs.gentoo.org/889046 Bug: https://bugs.gentoo.org/915890 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../{file-5.45-r1.ebuild => file-5.45-r2.ebuild} | 2 +- .../file/files/file-5.45-seccomp-sandbox.patch | 48 ++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-)
