commit d38a45b50f59e50be559f7aaad5989a1e35ea836
parent fac10c955204d20991198efd2fa2ca7e4d4e12eb
Author: St John Karp <contact@stjo.hn>
Date: Sun, 3 Jul 2022 07:41:19 -0400
flatpak: Fix no-libcap patch
The old patch no longer appled, so I manually reapplied these changes
and regenerated the patch.
Diffstat:
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/flatpak/flatpak/patches/no-libcap.patch b/flatpak/flatpak/patches/no-libcap.patch
@@ -1,5 +1,5 @@
diff --git a/app/flatpak-builtins-enter.c b/app/flatpak-builtins-enter.c
-index 4a7c51d..3cd365f 100644
+index 44e14e9..26ea6b0 100644
--- a/app/flatpak-builtins-enter.c
+++ b/app/flatpak-builtins-enter.c
@@ -36,21 +36,11 @@
@@ -24,7 +24,7 @@ index 4a7c51d..3cd365f 100644
gboolean
flatpak_builtin_enter (int argc,
char **argv,
-@@ -226,8 +216,6 @@ flatpak_builtin_enter (int argc,
+@@ -242,8 +232,6 @@ flatpak_builtin_enter (int argc,
if (setuid (uid))
return flatpak_fail (error, _("Can't switch uid"));
@@ -33,10 +33,10 @@ index 4a7c51d..3cd365f 100644
envp_array = g_ptr_array_new_with_free_func (g_free);
for (e = environment; e < environment + environment_len; e = e + strlen (e) + 1)
{
-diff --git a/bubblewrap/bubblewrap.c b/bubblewrap/bubblewrap.c
-index b3d52bc..59b0076 100644
---- a/bubblewrap/bubblewrap.c
-+++ b/bubblewrap/bubblewrap.c
+diff --git a/subprojects/bubblewrap/bubblewrap.c b/subprojects/bubblewrap/bubblewrap.c
+index fc2edbb..704e9e8 100644
+--- a/subprojects/bubblewrap/bubblewrap.c
++++ b/subprojects/bubblewrap/bubblewrap.c
@@ -28,7 +28,6 @@
#include <sys/eventfd.h>
#include <sys/fsuid.h>
@@ -45,7 +45,7 @@ index b3d52bc..59b0076 100644
#include <sys/prctl.h>
#include <linux/sched.h>
#include <linux/seccomp.h>
-@@ -586,70 +585,17 @@ static uint32_t requested_caps[2] = {0, 0};
+@@ -593,70 +592,17 @@ static uint32_t requested_caps[2] = {0, 0};
static void
set_required_caps (void)
{
@@ -117,7 +117,7 @@ index b3d52bc..59b0076 100644
}
/* Most of the code here is used both to add caps to the ambient capabilities
-@@ -659,49 +605,6 @@ has_caps (void)
+@@ -666,49 +612,6 @@ has_caps (void)
static void
prctl_caps (uint32_t *caps, bool do_cap_bounding, bool do_set_ambient)
{
@@ -167,7 +167,7 @@ index b3d52bc..59b0076 100644
}
static void
-@@ -748,10 +651,6 @@ acquire_privs (void)
+@@ -755,10 +658,6 @@ acquire_privs (void)
/* Are we setuid ? */
if (real_uid != euid)
{
@@ -178,7 +178,7 @@ index b3d52bc..59b0076 100644
/* We want to keep running as euid=0 until at the clone()
* operation because doing so will make the user namespace be
* owned by root, which makes it not ptrace:able by the user as
-@@ -763,19 +662,7 @@ acquire_privs (void)
+@@ -770,19 +669,7 @@ acquire_privs (void)
* escalated filesystem access before the clone(), so we set
* fsuid to the uid.
*/
@@ -199,7 +199,7 @@ index b3d52bc..59b0076 100644
}
else if (real_uid != 0 && has_caps ())
{
-@@ -786,18 +673,6 @@ acquire_privs (void)
+@@ -793,18 +680,6 @@ acquire_privs (void)
}
else if (real_uid == 0)
{
@@ -218,7 +218,7 @@ index b3d52bc..59b0076 100644
}
/* Else, we try unprivileged user namespaces */
-@@ -2043,52 +1918,16 @@ parse_args_recurse (int *argcp,
+@@ -2187,53 +2062,17 @@ parse_args_recurse (int *argcp,
}
else if (strcmp (arg, "--cap-add") == 0)
{
@@ -250,8 +250,8 @@ index b3d52bc..59b0076 100644
{
- cap_value_t cap;
if (argc < 2)
-- die ("--cap-drop takes an argument");
--
+ die ("--cap-drop takes an argument");
+
- opt_cap_add_or_drop_used = TRUE;
-
- if (strcasecmp (argv[1], "ALL") == 0)
@@ -268,7 +268,7 @@ index b3d52bc..59b0076 100644
- else
- requested_caps[1] &= ~CAP_TO_MASK_1 (cap - 32);
- }
-+ die ("--cap-add takes an argument");
-
+-
argv += 1;
argc -= 1;
+ }
