bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libalpm: Failure to enable Landlock or seccomp is a download error

Browse source
This commit is contained in:
Remi Gacogne 2025-05-17 20:47:50 +02:00
parent 6816aeae17
commit fa249f9c3b
No known key found for this signature in database
GPG key ID: 40825C6BDD1A4146
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/libalpm/sandbox.c
View file

@ -43,14 +43,14 @@ int SYMEXPORT alpm_sandbox_setup_child(alpm_handle_t *handle, const char* sandbo
ASSERT(getuid() == 0, return -1); ASSERT(getuid() == 0, return -1);
ASSERT((pw = getpwnam(sandboxuser)), return -1); ASSERT((pw = getpwnam(sandboxuser)), return -1);
if(sandbox_path != NULL && !handle->disable_sandbox) { if(sandbox_path != NULL && !handle->disable_sandbox) {
_alpm_sandbox_fs_restrict_writes_to(handle, sandbox_path); ASSERT(_alpm_sandbox_fs_restrict_writes_to(handle, sandbox_path), return -1);
} }
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_NO_NEW_PRIVS) #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_NO_NEW_PRIVS)
/* make sure that we cannot gain more privileges later, failure is fine */ /* make sure that we cannot gain more privileges later, failure is fine */
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
#endif /* HAVE_SYS_PRCTL && PR_SET_NO_NEW_PRIVS */ #endif /* HAVE_SYS_PRCTL && PR_SET_NO_NEW_PRIVS */
if(restrict_syscalls && !handle->disable_sandbox) { if(restrict_syscalls && !handle->disable_sandbox) {
_alpm_sandbox_syscalls_filter(handle); ASSERT(_alpm_sandbox_syscalls_filter(handle), return -1);
} }
ASSERT(setgid(pw->pw_gid) == 0, return -1); ASSERT(setgid(pw->pw_gid) == 0, return -1);
ASSERT(setgroups(0, NULL) == 0, return -1); ASSERT(setgroups(0, NULL) == 0, return -1);