mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-08 22:45:43 +00:00
core/linux-odroid-c2 to 3.16.58-1
This commit is contained in:
parent
b9b4fdebff
commit
73938aebda
17 changed files with 85 additions and 583 deletions
|
@ -1,7 +1,7 @@
|
|||
From 967dd9cfe3e038b5e38ea402728f985e931d170f Mon Sep 17 00:00:00 2001
|
||||
From 764e8c58a8feb1228d33dd5927f142f4567544ad Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Mihelich <kevin@archlinuxarm.org>
|
||||
Date: Thu, 26 May 2016 06:29:07 -0600
|
||||
Subject: [PATCH 01/16] add extra errata 843419 build flags
|
||||
Subject: [PATCH 01/12] add extra errata 843419 build flags
|
||||
|
||||
---
|
||||
arch/arm64/Makefile | 1 +
|
||||
|
@ -20,5 +20,5 @@ index b92f401c3a86..733aedf927c7 100644
|
|||
|
||||
# Default value
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 32e551d35640bb67e9f7655a499ffa9bf3a5ff69 Mon Sep 17 00:00:00 2001
|
||||
From 479846fbc74c3d14375a648391e4d455838ee395 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Fri, 4 Jul 2014 08:28:30 +0100
|
||||
Subject: [PATCH 02/16] arm64: Add audit support
|
||||
Subject: [PATCH 02/12] arm64: Add audit support
|
||||
|
||||
On AArch64, audit is supported through generic lib/audit.c and
|
||||
compat_audit.c, and so this patch adds arch specific definitions required.
|
||||
|
@ -79,5 +79,5 @@ index 6f94bf3f28a9..c460caf7221d 100644
|
|||
#define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE)
|
||||
#define AUDIT_ARCH_ARMEB (EM_ARM)
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 086a08b553a9c276154772f717cb586c636d6b49 Mon Sep 17 00:00:00 2001
|
||||
From 156befeae94fd3e39a0450448cb9620671733e2f Mon Sep 17 00:00:00 2001
|
||||
From: Theodore Ts'o <tytso@mit.edu>
|
||||
Date: Thu, 17 Jul 2014 04:13:05 -0400
|
||||
Subject: [PATCH 07/16] random: introduce getrandom(2) system call
|
||||
Subject: [PATCH 03/12] random: introduce getrandom(2) system call
|
||||
|
||||
The getrandom(2) system call was requested by the LibreSSL Portable
|
||||
developers. It is analoguous to the getentropy(2) system call in
|
||||
|
@ -150,27 +150,28 @@ Reviewed-by: Zach Brown <zab@zabbo.net>
|
|||
6 files changed, 53 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl
|
||||
index cc4c8b448867..617d15fa1d6d 100644
|
||||
index bfde7bf2a8fb..6ee46886e45f 100644
|
||||
--- a/arch/x86/syscalls/syscall_32.tbl
|
||||
+++ b/arch/x86/syscalls/syscall_32.tbl
|
||||
@@ -361,4 +361,5 @@
|
||||
@@ -360,5 +360,6 @@
|
||||
351 i386 sched_setattr sys_sched_setattr
|
||||
352 i386 sched_getattr sys_sched_getattr
|
||||
353 i386 renameat2 sys_renameat2
|
||||
354 i386 seccomp sys_seccomp
|
||||
+355 i386 getrandom sys_getrandom
|
||||
356 i386 memfd_create sys_memfd_create
|
||||
354 i386 seccomp sys_seccomp
|
||||
diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl
|
||||
index a22cd271b891..ca2b9aa78c81 100644
|
||||
index ef5b7d067b70..b187d43e9963 100644
|
||||
--- a/arch/x86/syscalls/syscall_64.tbl
|
||||
+++ b/arch/x86/syscalls/syscall_64.tbl
|
||||
@@ -324,6 +324,7 @@
|
||||
@@ -323,6 +323,7 @@
|
||||
314 common sched_setattr sys_sched_setattr
|
||||
315 common sched_getattr sys_sched_getattr
|
||||
316 common renameat2 sys_renameat2
|
||||
317 common seccomp sys_seccomp
|
||||
+318 common getrandom sys_getrandom
|
||||
319 common memfd_create sys_memfd_create
|
||||
317 common seccomp sys_seccomp
|
||||
|
||||
#
|
||||
diff --git a/drivers/char/random.c b/drivers/char/random.c
|
||||
index 692482b7c2fb..5d7e2b1cb09b 100644
|
||||
--- a/drivers/char/random.c
|
||||
|
@ -292,19 +293,19 @@ index 1e6977f03277..8597786ea362 100644
|
|||
asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
|
||||
const char __user *uargs);
|
||||
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
|
||||
index 4f1d521e0af3..11d11bc5c78f 100644
|
||||
index 3fbb85170741..40310d399973 100644
|
||||
--- a/include/uapi/asm-generic/unistd.h
|
||||
+++ b/include/uapi/asm-generic/unistd.h
|
||||
@@ -701,7 +701,8 @@ __SYSCALL(__NR_sched_getattr, sys_sched_getattr)
|
||||
@@ -700,7 +700,8 @@ __SYSCALL(__NR_sched_getattr, sys_sched_getattr)
|
||||
#define __NR_renameat2 276
|
||||
__SYSCALL(__NR_renameat2, sys_renameat2)
|
||||
#define __NR_seccomp 277
|
||||
__SYSCALL(__NR_seccomp, sys_seccomp)
|
||||
__SYSCALL(277, sys_ni_syscall)
|
||||
-__SYSCALL(278, sys_ni_syscall)
|
||||
+#define __NR_getrandom 278
|
||||
+__SYSCALL(__NR_getrandom, sys_getrandom)
|
||||
#define __NR_memfd_create 279
|
||||
__SYSCALL(__NR_memfd_create, sys_memfd_create)
|
||||
|
||||
#define __NR_seccomp 280
|
||||
diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
|
||||
index fff3528a078f..3f93d1695e7f 100644
|
||||
--- a/include/uapi/linux/random.h
|
||||
|
@ -324,5 +325,5 @@ index fff3528a078f..3f93d1695e7f 100644
|
|||
+
|
||||
#endif /* _UAPI_LINUX_RANDOM_H */
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
From 73a08be22f457df505b9d2346b1e94b96e1ffae6 Mon Sep 17 00:00:00 2001
|
||||
From: Kees Cook <keescook@chromium.org>
|
||||
Date: Wed, 21 May 2014 15:02:11 -0700
|
||||
Subject: [PATCH 03/16] seccomp: create internal mode-setting function
|
||||
|
||||
In preparation for having other callers of the seccomp mode setting
|
||||
logic, split the prctl entry point away from the core logic that performs
|
||||
seccomp mode setting.
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
||||
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
||||
(cherry picked from commit d78ab02c2c194257a03355fbb79eb721b381d105)
|
||||
---
|
||||
kernel/seccomp.c | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
|
||||
index e2eb71b1e970..ef24e22c3d14 100644
|
||||
--- a/kernel/seccomp.c
|
||||
+++ b/kernel/seccomp.c
|
||||
@@ -473,7 +473,7 @@ long prctl_get_seccomp(void)
|
||||
}
|
||||
|
||||
/**
|
||||
- * prctl_set_seccomp: configures current->seccomp.mode
|
||||
+ * seccomp_set_mode: internal function for setting seccomp mode
|
||||
* @seccomp_mode: requested mode to use
|
||||
* @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
|
||||
*
|
||||
@@ -486,7 +486,7 @@ long prctl_get_seccomp(void)
|
||||
*
|
||||
* Returns 0 on success or -EINVAL on failure.
|
||||
*/
|
||||
-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
|
||||
+static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
||||
{
|
||||
long ret = -EINVAL;
|
||||
|
||||
@@ -517,3 +517,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ * prctl_set_seccomp: configures current->seccomp.mode
|
||||
+ * @seccomp_mode: requested mode to use
|
||||
+ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
|
||||
+ *
|
||||
+ * Returns 0 on success or -EINVAL on failure.
|
||||
+ */
|
||||
+long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
|
||||
+{
|
||||
+ return seccomp_set_mode(seccomp_mode, filter);
|
||||
+}
|
||||
--
|
||||
2.18.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From d24768a36614bd5f547a60b9a1c64be707bd3a24 Mon Sep 17 00:00:00 2001
|
||||
From 2274b1257028d9b5b64c0e53b3b6b937c6309577 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Mihelich <kevin@archlinuxarm.org>
|
||||
Date: Sun, 2 Sep 2018 15:57:10 -0600
|
||||
Subject: [PATCH 08/16] Revert "arm64: compat: wire up memfd_create syscall for
|
||||
Subject: [PATCH 04/12] Revert "arm64: compat: wire up memfd_create syscall for
|
||||
aarch32"
|
||||
|
||||
This reverts commit 92c47b1c5b173365582c61229e50dd6477b3e8a4.
|
||||
|
@ -27,5 +27,5 @@ index 75eacd239848..c8d8fc17bd5a 100644
|
|||
/*
|
||||
* Compat syscall numbers used by the AArch64 kernel.
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
From 3a8c560eb7c461639a6d2310c32be6434b962cf0 Mon Sep 17 00:00:00 2001
|
||||
From: Kees Cook <keescook@chromium.org>
|
||||
Date: Wed, 25 Jun 2014 15:38:02 -0700
|
||||
Subject: [PATCH 04/16] seccomp: extract check/assign mode helpers
|
||||
|
||||
To support splitting mode 1 from mode 2, extract the mode checking and
|
||||
assignment logic into common functions.
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
||||
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
||||
(cherry picked from commit 1f41b450416e689b9b7c8bfb750a98604f687a9b)
|
||||
---
|
||||
kernel/seccomp.c | 22 ++++++++++++++++++----
|
||||
1 file changed, 18 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
|
||||
index ef24e22c3d14..8ddb252835aa 100644
|
||||
--- a/kernel/seccomp.c
|
||||
+++ b/kernel/seccomp.c
|
||||
@@ -194,7 +194,23 @@ static u32 seccomp_run_filters(int syscall)
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
+#endif /* CONFIG_SECCOMP_FILTER */
|
||||
|
||||
+static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
|
||||
+{
|
||||
+ if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)
|
||||
+ return false;
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+static inline void seccomp_assign_mode(unsigned long seccomp_mode)
|
||||
+{
|
||||
+ current->seccomp.mode = seccomp_mode;
|
||||
+ set_tsk_thread_flag(current, TIF_SECCOMP);
|
||||
+}
|
||||
+
|
||||
+#ifdef CONFIG_SECCOMP_FILTER
|
||||
/**
|
||||
* seccomp_attach_filter: Attaches a seccomp filter to current.
|
||||
* @fprog: BPF program to install
|
||||
@@ -490,8 +506,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
||||
{
|
||||
long ret = -EINVAL;
|
||||
|
||||
- if (current->seccomp.mode &&
|
||||
- current->seccomp.mode != seccomp_mode)
|
||||
+ if (!seccomp_may_assign_mode(seccomp_mode))
|
||||
goto out;
|
||||
|
||||
switch (seccomp_mode) {
|
||||
@@ -512,8 +527,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
||||
goto out;
|
||||
}
|
||||
|
||||
- current->seccomp.mode = seccomp_mode;
|
||||
- set_thread_flag(TIF_SECCOMP);
|
||||
+ seccomp_assign_mode(seccomp_mode);
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.18.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From e1309b7f35395eb0db94095e6abbbf25b3a16570 Mon Sep 17 00:00:00 2001
|
||||
From fdd4e330df67076d0eb4c69f7ba94f467d70609f Mon Sep 17 00:00:00 2001
|
||||
From: Catalin Marinas <catalin.marinas@arm.com>
|
||||
Date: Thu, 30 Jan 2014 17:56:56 +0000
|
||||
Subject: [PATCH 09/16] arm64: Add __NR_* definitions for compat syscalls
|
||||
Subject: [PATCH 05/12] arm64: Add __NR_* definitions for compat syscalls
|
||||
|
||||
This patch adds __NR_* definitions to asm/unistd32.h, moves the
|
||||
__NR_compat_* definitions to asm/unistd.h and removes all the explicit
|
||||
|
@ -1276,5 +1276,5 @@ index 78039927c807..dc47e53e9e28 100644
|
|||
static inline void
|
||||
do_compat_cache_op(unsigned long start, unsigned long end, int flags)
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,126 +0,0 @@
|
|||
From a4c3f708e3c96d147ec318eb7f5742fbe7cfb536 Mon Sep 17 00:00:00 2001
|
||||
From: Kees Cook <keescook@chromium.org>
|
||||
Date: Wed, 25 Jun 2014 15:55:25 -0700
|
||||
Subject: [PATCH 05/16] seccomp: split mode setting routines
|
||||
|
||||
Separates the two mode setting paths to make things more readable with
|
||||
fewer #ifdefs within function bodies.
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
||||
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
||||
(cherry picked from commit 3b23dd12846215eff4afb073366b80c0c4d7543e)
|
||||
---
|
||||
kernel/seccomp.c | 71 ++++++++++++++++++++++++++++++++----------------
|
||||
1 file changed, 48 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
|
||||
index 8ddb252835aa..d82359968d57 100644
|
||||
--- a/kernel/seccomp.c
|
||||
+++ b/kernel/seccomp.c
|
||||
@@ -489,48 +489,66 @@ long prctl_get_seccomp(void)
|
||||
}
|
||||
|
||||
/**
|
||||
- * seccomp_set_mode: internal function for setting seccomp mode
|
||||
- * @seccomp_mode: requested mode to use
|
||||
- * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
|
||||
- *
|
||||
- * This function may be called repeatedly with a @seccomp_mode of
|
||||
- * SECCOMP_MODE_FILTER to install additional filters. Every filter
|
||||
- * successfully installed will be evaluated (in reverse order) for each system
|
||||
- * call the task makes.
|
||||
+ * seccomp_set_mode_strict: internal function for setting strict seccomp
|
||||
*
|
||||
* Once current->seccomp.mode is non-zero, it may not be changed.
|
||||
*
|
||||
* Returns 0 on success or -EINVAL on failure.
|
||||
*/
|
||||
-static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
||||
+static long seccomp_set_mode_strict(void)
|
||||
{
|
||||
+ const unsigned long seccomp_mode = SECCOMP_MODE_STRICT;
|
||||
long ret = -EINVAL;
|
||||
|
||||
if (!seccomp_may_assign_mode(seccomp_mode))
|
||||
goto out;
|
||||
|
||||
- switch (seccomp_mode) {
|
||||
- case SECCOMP_MODE_STRICT:
|
||||
- ret = 0;
|
||||
#ifdef TIF_NOTSC
|
||||
- disable_TSC();
|
||||
+ disable_TSC();
|
||||
#endif
|
||||
- break;
|
||||
+ seccomp_assign_mode(seccomp_mode);
|
||||
+ ret = 0;
|
||||
+
|
||||
+out:
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#ifdef CONFIG_SECCOMP_FILTER
|
||||
- case SECCOMP_MODE_FILTER:
|
||||
- ret = seccomp_attach_user_filter(filter);
|
||||
- if (ret)
|
||||
- goto out;
|
||||
- break;
|
||||
-#endif
|
||||
- default:
|
||||
+/**
|
||||
+ * seccomp_set_mode_filter: internal function for setting seccomp filter
|
||||
+ * @filter: struct sock_fprog containing filter
|
||||
+ *
|
||||
+ * This function may be called repeatedly to install additional filters.
|
||||
+ * Every filter successfully installed will be evaluated (in reverse order)
|
||||
+ * for each system call the task makes.
|
||||
+ *
|
||||
+ * Once current->seccomp.mode is non-zero, it may not be changed.
|
||||
+ *
|
||||
+ * Returns 0 on success or -EINVAL on failure.
|
||||
+ */
|
||||
+static long seccomp_set_mode_filter(char __user *filter)
|
||||
+{
|
||||
+ const unsigned long seccomp_mode = SECCOMP_MODE_FILTER;
|
||||
+ long ret = -EINVAL;
|
||||
+
|
||||
+ if (!seccomp_may_assign_mode(seccomp_mode))
|
||||
+ goto out;
|
||||
+
|
||||
+ ret = seccomp_attach_user_filter(filter);
|
||||
+ if (ret)
|
||||
goto out;
|
||||
- }
|
||||
|
||||
seccomp_assign_mode(seccomp_mode);
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
+#else
|
||||
+static inline long seccomp_set_mode_filter(char __user *filter)
|
||||
+{
|
||||
+ return -EINVAL;
|
||||
+}
|
||||
+#endif
|
||||
|
||||
/**
|
||||
* prctl_set_seccomp: configures current->seccomp.mode
|
||||
@@ -541,5 +559,12 @@ out:
|
||||
*/
|
||||
long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
|
||||
{
|
||||
- return seccomp_set_mode(seccomp_mode, filter);
|
||||
+ switch (seccomp_mode) {
|
||||
+ case SECCOMP_MODE_STRICT:
|
||||
+ return seccomp_set_mode_strict();
|
||||
+ case SECCOMP_MODE_FILTER:
|
||||
+ return seccomp_set_mode_filter(filter);
|
||||
+ default:
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
}
|
||||
--
|
||||
2.18.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From 5523645bcf35e6d3142bcbf91679d4523e689df5 Mon Sep 17 00:00:00 2001
|
||||
From 2cf4d2b54d73701c5afc7e3abdfd10a0f779a898 Mon Sep 17 00:00:00 2001
|
||||
From: Will Deacon <will.deacon@arm.com>
|
||||
Date: Mon, 11 Aug 2014 14:23:37 +0100
|
||||
Subject: [PATCH 10/16] arm64: compat: wire up memfd_create and getrandom
|
||||
Subject: [PATCH 06/12] arm64: compat: wire up memfd_create and getrandom
|
||||
syscalls for aarch32
|
||||
|
||||
arch/arm/ just grew support for the new memfd_create and getrandom
|
||||
|
@ -40,5 +40,5 @@ index e242600c4046..da1f06b535e3 100644
|
|||
+#define __NR_memfd_create 385
|
||||
+__SYSCALL(__NR_memfd_create, sys_memfd_create)
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,236 +0,0 @@
|
|||
From 1d7729de997ef9ecb1c9eef1ccf8d191197f984c Mon Sep 17 00:00:00 2001
|
||||
From: Kees Cook <keescook@chromium.org>
|
||||
Date: Wed, 25 Jun 2014 16:08:24 -0700
|
||||
Subject: [PATCH 06/16] seccomp: add "seccomp" syscall
|
||||
|
||||
This adds the new "seccomp" syscall with both an "operation" and "flags"
|
||||
parameter for future expansion. The third argument is a pointer value,
|
||||
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
|
||||
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).
|
||||
|
||||
In addition to the TSYNC flag later in this patch series, there is a
|
||||
non-zero chance that this syscall could be used for configuring a fixed
|
||||
argument area for seccomp-tracer-aware processes to pass syscall arguments
|
||||
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
|
||||
for this syscall. Additionally, this syscall uses operation, flags,
|
||||
and user pointer for arguments because strictly passing arguments via
|
||||
a user pointer would mean seccomp itself would be unable to trivially
|
||||
filter the seccomp syscall itself.
|
||||
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
||||
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
||||
(cherry picked from commit 48dc92b9fc3926844257316e75ba11eb5c742b2c)
|
||||
---
|
||||
arch/Kconfig | 1 +
|
||||
arch/x86/syscalls/syscall_32.tbl | 1 +
|
||||
arch/x86/syscalls/syscall_64.tbl | 1 +
|
||||
include/linux/syscalls.h | 2 ++
|
||||
include/uapi/asm-generic/unistd.h | 3 +-
|
||||
include/uapi/linux/seccomp.h | 4 +++
|
||||
kernel/seccomp.c | 55 ++++++++++++++++++++++++++++---
|
||||
kernel/sys_ni.c | 3 ++
|
||||
8 files changed, 64 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/arch/Kconfig b/arch/Kconfig
|
||||
index 94e811ef45f5..6ba80554149c 100644
|
||||
--- a/arch/Kconfig
|
||||
+++ b/arch/Kconfig
|
||||
@@ -321,6 +321,7 @@ config HAVE_ARCH_SECCOMP_FILTER
|
||||
- secure_computing is called from a ptrace_event()-safe context
|
||||
- secure_computing return value is checked and a return value of -1
|
||||
results in the system call being skipped immediately.
|
||||
+ - seccomp syscall wired up
|
||||
|
||||
config SECCOMP_FILTER
|
||||
def_bool y
|
||||
diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl
|
||||
index 16209a990be7..cc4c8b448867 100644
|
||||
--- a/arch/x86/syscalls/syscall_32.tbl
|
||||
+++ b/arch/x86/syscalls/syscall_32.tbl
|
||||
@@ -360,4 +360,5 @@
|
||||
351 i386 sched_setattr sys_sched_setattr
|
||||
352 i386 sched_getattr sys_sched_getattr
|
||||
353 i386 renameat2 sys_renameat2
|
||||
+354 i386 seccomp sys_seccomp
|
||||
356 i386 memfd_create sys_memfd_create
|
||||
diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl
|
||||
index 9fdc507c0641..a22cd271b891 100644
|
||||
--- a/arch/x86/syscalls/syscall_64.tbl
|
||||
+++ b/arch/x86/syscalls/syscall_64.tbl
|
||||
@@ -323,6 +323,7 @@
|
||||
314 common sched_setattr sys_sched_setattr
|
||||
315 common sched_getattr sys_sched_getattr
|
||||
316 common renameat2 sys_renameat2
|
||||
+317 common seccomp sys_seccomp
|
||||
319 common memfd_create sys_memfd_create
|
||||
|
||||
#
|
||||
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
|
||||
index 9836e157fc5e..1e6977f03277 100644
|
||||
--- a/include/linux/syscalls.h
|
||||
+++ b/include/linux/syscalls.h
|
||||
@@ -867,4 +867,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
|
||||
asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
|
||||
unsigned long idx1, unsigned long idx2);
|
||||
asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags);
|
||||
+asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
|
||||
+ const char __user *uargs);
|
||||
#endif
|
||||
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
|
||||
index b4588752d50f..4f1d521e0af3 100644
|
||||
--- a/include/uapi/asm-generic/unistd.h
|
||||
+++ b/include/uapi/asm-generic/unistd.h
|
||||
@@ -699,7 +699,8 @@ __SYSCALL(__NR_sched_setattr, sys_sched_setattr)
|
||||
__SYSCALL(__NR_sched_getattr, sys_sched_getattr)
|
||||
#define __NR_renameat2 276
|
||||
__SYSCALL(__NR_renameat2, sys_renameat2)
|
||||
-__SYSCALL(277, sys_ni_syscall)
|
||||
+#define __NR_seccomp 277
|
||||
+__SYSCALL(__NR_seccomp, sys_seccomp)
|
||||
__SYSCALL(278, sys_ni_syscall)
|
||||
#define __NR_memfd_create 279
|
||||
__SYSCALL(__NR_memfd_create, sys_memfd_create)
|
||||
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
|
||||
index ac2dc9f72973..b258878ba754 100644
|
||||
--- a/include/uapi/linux/seccomp.h
|
||||
+++ b/include/uapi/linux/seccomp.h
|
||||
@@ -10,6 +10,10 @@
|
||||
#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */
|
||||
#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */
|
||||
|
||||
+/* Valid operations for seccomp syscall. */
|
||||
+#define SECCOMP_SET_MODE_STRICT 0
|
||||
+#define SECCOMP_SET_MODE_FILTER 1
|
||||
+
|
||||
/*
|
||||
* All BPF programs must return a 32-bit value.
|
||||
* The bottom 16-bits are for optional return data.
|
||||
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
|
||||
index d82359968d57..d2596136b0d1 100644
|
||||
--- a/kernel/seccomp.c
|
||||
+++ b/kernel/seccomp.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <linux/compat.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/seccomp.h>
|
||||
+#include <linux/syscalls.h>
|
||||
|
||||
/* #define SECCOMP_DEBUG 1 */
|
||||
|
||||
@@ -314,7 +315,7 @@ free_prog:
|
||||
*
|
||||
* Returns 0 on success and non-zero otherwise.
|
||||
*/
|
||||
-static long seccomp_attach_user_filter(char __user *user_filter)
|
||||
+static long seccomp_attach_user_filter(const char __user *user_filter)
|
||||
{
|
||||
struct sock_fprog fprog;
|
||||
long ret = -EFAULT;
|
||||
@@ -517,6 +518,7 @@ out:
|
||||
#ifdef CONFIG_SECCOMP_FILTER
|
||||
/**
|
||||
* seccomp_set_mode_filter: internal function for setting seccomp filter
|
||||
+ * @flags: flags to change filter behavior
|
||||
* @filter: struct sock_fprog containing filter
|
||||
*
|
||||
* This function may be called repeatedly to install additional filters.
|
||||
@@ -527,11 +529,16 @@ out:
|
||||
*
|
||||
* Returns 0 on success or -EINVAL on failure.
|
||||
*/
|
||||
-static long seccomp_set_mode_filter(char __user *filter)
|
||||
+static long seccomp_set_mode_filter(unsigned int flags,
|
||||
+ const char __user *filter)
|
||||
{
|
||||
const unsigned long seccomp_mode = SECCOMP_MODE_FILTER;
|
||||
long ret = -EINVAL;
|
||||
|
||||
+ /* Validate flags. */
|
||||
+ if (flags != 0)
|
||||
+ goto out;
|
||||
+
|
||||
if (!seccomp_may_assign_mode(seccomp_mode))
|
||||
goto out;
|
||||
|
||||
@@ -544,12 +551,35 @@ out:
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
-static inline long seccomp_set_mode_filter(char __user *filter)
|
||||
+static inline long seccomp_set_mode_filter(unsigned int flags,
|
||||
+ const char __user *filter)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
#endif
|
||||
|
||||
+/* Common entry point for both prctl and syscall. */
|
||||
+static long do_seccomp(unsigned int op, unsigned int flags,
|
||||
+ const char __user *uargs)
|
||||
+{
|
||||
+ switch (op) {
|
||||
+ case SECCOMP_SET_MODE_STRICT:
|
||||
+ if (flags != 0 || uargs != NULL)
|
||||
+ return -EINVAL;
|
||||
+ return seccomp_set_mode_strict();
|
||||
+ case SECCOMP_SET_MODE_FILTER:
|
||||
+ return seccomp_set_mode_filter(flags, uargs);
|
||||
+ default:
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
|
||||
+ const char __user *, uargs)
|
||||
+{
|
||||
+ return do_seccomp(op, flags, uargs);
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* prctl_set_seccomp: configures current->seccomp.mode
|
||||
* @seccomp_mode: requested mode to use
|
||||
@@ -559,12 +589,27 @@ static inline long seccomp_set_mode_filter(char __user *filter)
|
||||
*/
|
||||
long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
|
||||
{
|
||||
+ unsigned int op;
|
||||
+ char __user *uargs;
|
||||
+
|
||||
switch (seccomp_mode) {
|
||||
case SECCOMP_MODE_STRICT:
|
||||
- return seccomp_set_mode_strict();
|
||||
+ op = SECCOMP_SET_MODE_STRICT;
|
||||
+ /*
|
||||
+ * Setting strict mode through prctl always ignored filter,
|
||||
+ * so make sure it is always NULL here to pass the internal
|
||||
+ * check in do_seccomp().
|
||||
+ */
|
||||
+ uargs = NULL;
|
||||
+ break;
|
||||
case SECCOMP_MODE_FILTER:
|
||||
- return seccomp_set_mode_filter(filter);
|
||||
+ op = SECCOMP_SET_MODE_FILTER;
|
||||
+ uargs = filter;
|
||||
+ break;
|
||||
default:
|
||||
return -EINVAL;
|
||||
}
|
||||
+
|
||||
+ /* prctl interface doesn't have flags, so they are always zero. */
|
||||
+ return do_seccomp(op, 0, uargs);
|
||||
}
|
||||
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
|
||||
index 489a4e6498c7..1f79e3714533 100644
|
||||
--- a/kernel/sys_ni.c
|
||||
+++ b/kernel/sys_ni.c
|
||||
@@ -214,3 +214,6 @@ cond_syscall(compat_sys_open_by_handle_at);
|
||||
|
||||
/* compare kernel pointers */
|
||||
cond_syscall(sys_kcmp);
|
||||
+
|
||||
+/* operate on Secure Computing state */
|
||||
+cond_syscall(sys_seccomp);
|
||||
--
|
||||
2.18.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From 596747f36cc455e99f5e6d1b87177e4b208c0c2b Mon Sep 17 00:00:00 2001
|
||||
From 896ccdd6bccc7698324c19c013f8fedd72142484 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:40 +0900
|
||||
Subject: [PATCH 11/16] arm64: ptrace: add PTRACE_SET_SYSCALL
|
||||
Subject: [PATCH 07/12] arm64: ptrace: add PTRACE_SET_SYSCALL
|
||||
|
||||
To allow tracer to be able to change/skip a system call by re-writing
|
||||
a syscall number, there are several approaches:
|
||||
|
@ -60,5 +60,5 @@ index 53bdc598d1c1..6ef1e17d9c5b 100644
|
|||
|
||||
enum ptrace_syscall_dir {
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From 5581ff348660d98cfa0348492a0ee89749829460 Mon Sep 17 00:00:00 2001
|
||||
From 5bc061f95e03ba00911ebd2f9c1175404a5a9107 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:41 +0900
|
||||
Subject: [PATCH 12/16] arm64: ptrace: allow tracer to skip a system call
|
||||
Subject: [PATCH 08/12] arm64: ptrace: allow tracer to skip a system call
|
||||
|
||||
If tracer specifies -1 as a syscall number, this traced system call should
|
||||
be skipped with a value in x0 used as a return value.
|
||||
|
@ -118,5 +118,5 @@ index 6ef1e17d9c5b..b29b82576f82 100644
|
|||
trace_sys_enter(regs, regs->syscallno);
|
||||
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From b8315a43bf6d555219e1e1f3120ce9a43127f6f2 Mon Sep 17 00:00:00 2001
|
||||
From 33d1d7d4357a9e1ee645999aeb81692a72c55ac5 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:42 +0900
|
||||
Subject: [PATCH 13/16] asm-generic: add generic seccomp.h for secure computing
|
||||
Subject: [PATCH 09/12] asm-generic: add generic seccomp.h for secure computing
|
||||
mode 1
|
||||
|
||||
Those values (__NR_seccomp_*) are used solely in secure_computing()
|
||||
|
@ -51,5 +51,5 @@ index 000000000000..5e9702219646
|
|||
+
|
||||
+#endif /* _ASM_GENERIC_SECCOMP_H */
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From 62586df3e9ea30c886028731b1c34f21da367b99 Mon Sep 17 00:00:00 2001
|
||||
From 54dc300a835692fc2550fd93a003ca98426b2a68 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:43 +0900
|
||||
Subject: [PATCH 14/16] arm64: add seccomp syscall for compat task
|
||||
Subject: [PATCH 10/12] arm64: add seccomp syscall for compat task
|
||||
|
||||
This patch allows compat task to issue seccomp() system call.
|
||||
|
||||
|
@ -26,5 +26,5 @@ index da1f06b535e3..812f19212b23 100644
|
|||
__SYSCALL(__NR_getrandom, sys_getrandom)
|
||||
#define __NR_memfd_create 385
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From ccf3528a3dae6bf48bd83b81068d1e2550b00519 Mon Sep 17 00:00:00 2001
|
||||
From 9f2fec8ec46e47f04673276363af290ddfef1b89 Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:44 +0900
|
||||
Subject: [PATCH 15/16] arm64: add SIGSYS siginfo for compat task
|
||||
Subject: [PATCH 11/12] arm64: add SIGSYS siginfo for compat task
|
||||
|
||||
SIGSYS is primarily used in secure computing to notify tracer.
|
||||
This patch allows signal handler on compat task to get correct information
|
||||
|
@ -52,5 +52,5 @@ index 327a68c915e2..2b53747bc87f 100644
|
|||
err |= __put_user(from->si_pid, &to->si_pid);
|
||||
err |= __put_user(from->si_uid, &to->si_uid);
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
From b0654bbead447c3d21f9690ebb1f88cc176510f7 Mon Sep 17 00:00:00 2001
|
||||
From 0dd13dc36db6d265fe75d054748e94c8bac5821e Mon Sep 17 00:00:00 2001
|
||||
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
||||
Date: Thu, 21 Aug 2014 17:56:45 +0900
|
||||
Subject: [PATCH 16/16] arm64: add seccomp support
|
||||
Subject: [PATCH 12/12] arm64: add seccomp support
|
||||
|
||||
secure_computing() is called first in syscall_trace_enter() so that a system
|
||||
call will be aborted quickly without doing succeeding syscall tracing,
|
||||
|
@ -148,5 +148,5 @@ index b29b82576f82..984efa14d2b0 100644
|
|||
tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
|
||||
|
||||
--
|
||||
2.18.0
|
||||
2.19.0
|
||||
|
|
@ -4,12 +4,12 @@
|
|||
buildarch=8
|
||||
|
||||
pkgbase=linux-odroid-c2
|
||||
_commit=a47cdcd05b6439422bf50409f1f09485dcc7b7b6
|
||||
_commit=d173487745bbe78f2a20f954baa5d50c449dde86
|
||||
_srcname=linux-${_commit}
|
||||
_kernelname=${pkgbase#linux}
|
||||
_desc="ODROID-C2"
|
||||
pkgver=3.16.57
|
||||
pkgrel=2
|
||||
pkgver=3.16.58
|
||||
pkgrel=1
|
||||
arch=('aarch64')
|
||||
url="https://github.com/hardkernel/linux/tree/odroidc2-v3.16.y"
|
||||
license=('GPL2')
|
||||
|
@ -19,43 +19,35 @@ source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz"
|
|||
"git+https://github.com/mdrjr/c2_bootini.git"
|
||||
'0001-add-extra-errata-843419-build-flags.patch'
|
||||
'0002-arm64-Add-audit-support.patch'
|
||||
'0003-seccomp-create-internal-mode-setting-function.patch'
|
||||
'0004-seccomp-extract-check-assign-mode-helpers.patch'
|
||||
'0005-seccomp-split-mode-setting-routines.patch'
|
||||
'0006-seccomp-add-seccomp-syscall.patch'
|
||||
'0007-random-introduce-getrandom-2-system-call.patch'
|
||||
'0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch'
|
||||
'0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch'
|
||||
'0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch'
|
||||
'0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch'
|
||||
'0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch'
|
||||
'0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch'
|
||||
'0014-arm64-add-seccomp-syscall-for-compat-task.patch'
|
||||
'0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch'
|
||||
'0016-arm64-add-seccomp-support.patch'
|
||||
'0003-random-introduce-getrandom-2-system-call.patch'
|
||||
'0004-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch'
|
||||
'0005-arm64-Add-__NR_-definitions-for-compat-syscalls.patch'
|
||||
'0006-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch'
|
||||
'0007-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch'
|
||||
'0008-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch'
|
||||
'0009-asm-generic-add-generic-seccomp.h-for-secure-computi.patch'
|
||||
'0010-arm64-add-seccomp-syscall-for-compat-task.patch'
|
||||
'0011-arm64-add-SIGSYS-siginfo-for-compat-task.patch'
|
||||
'0012-arm64-add-seccomp-support.patch'
|
||||
'config'
|
||||
'linux.preset'
|
||||
'amlogic.service'
|
||||
'60-linux.hook'
|
||||
'90-linux.hook')
|
||||
md5sums=('4ffd9e836370aea16f80e6798b969126'
|
||||
md5sums=('1a14b75091f8327be3817129119db3a3'
|
||||
'SKIP'
|
||||
'56a53a0d56aa3a5ce0216a3290330053'
|
||||
'23faa3d2228df60055e6d97e469cda8a'
|
||||
'76493c97d174f7335a06516f0a24963b'
|
||||
'4b822e81df5b1fe73fdb41c9852acfcb'
|
||||
'9c8ae0d353008865492127314f3d08c7'
|
||||
'3917a53be38bc28bd0acb16e6b708cf2'
|
||||
'9b7eaba53b7818755905520ecea48453'
|
||||
'4c304791ebe3a6161607031b641d49cf'
|
||||
'd2df633f89b8e71d7d26333d70402d48'
|
||||
'3baef2320266f060500de675b244948d'
|
||||
'1b2cb9b6b817ca7e4854505248377197'
|
||||
'250a0171b48c8e8b36667b211b3e6658'
|
||||
'18675fe029a96d5c6191c5253a1ec1a5'
|
||||
'b575d1884647589eae89d7736d990744'
|
||||
'00e5ddbaaac55e40a700c51a6756b8de'
|
||||
'cf59798a64257ce44c8b928e1abf4db2'
|
||||
'adbecf48248cd62a5bd322750720b88b'
|
||||
'2e1437a81bdaa1ca68bb1c3f69e0548b'
|
||||
'1fce163f6150b1aef41130c9ecdc5176'
|
||||
'c4ba9805056695882dea242349828471'
|
||||
'196c8c0a09ee71b5c4c82151250d12e0'
|
||||
'49b639f692d74496639983d87119243c'
|
||||
'793201fe1c65ff5e329f07be117d62d8'
|
||||
'4d9652a4606e23d8c3164ef19c20c40a'
|
||||
'541caea2544547106ec78feb10709f7b'
|
||||
'4d9a6300858f2039f1c33fbdb54c8df5'
|
||||
'8c22925423abc152c24c8e120b9a9fb1'
|
||||
'e1449557cf7ff2d17398e8d36708cf61'
|
||||
'ea5d396fa0db628eb305eb15a72b64dc'
|
||||
'86d4a35722b5410e3b29fc92dae15d4b'
|
||||
'b8956789318f49cec5b8bb0b41654a9b'
|
||||
|
@ -75,20 +67,16 @@ prepare() {
|
|||
|
||||
git apply ../0001-add-extra-errata-843419-build-flags.patch
|
||||
git apply ../0002-arm64-Add-audit-support.patch
|
||||
git apply ../0003-seccomp-create-internal-mode-setting-function.patch
|
||||
git apply ../0004-seccomp-extract-check-assign-mode-helpers.patch
|
||||
git apply ../0005-seccomp-split-mode-setting-routines.patch
|
||||
git apply ../0006-seccomp-add-seccomp-syscall.patch
|
||||
git apply ../0007-random-introduce-getrandom-2-system-call.patch
|
||||
git apply ../0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch
|
||||
git apply ../0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch
|
||||
git apply ../0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch
|
||||
git apply ../0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch
|
||||
git apply ../0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch
|
||||
git apply ../0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch
|
||||
git apply ../0014-arm64-add-seccomp-syscall-for-compat-task.patch
|
||||
git apply ../0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch
|
||||
git apply ../0016-arm64-add-seccomp-support.patch
|
||||
git apply ../0003-random-introduce-getrandom-2-system-call.patch
|
||||
git apply ../0004-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch
|
||||
git apply ../0005-arm64-Add-__NR_-definitions-for-compat-syscalls.patch
|
||||
git apply ../0006-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch
|
||||
git apply ../0007-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch
|
||||
git apply ../0008-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch
|
||||
git apply ../0009-asm-generic-add-generic-seccomp.h-for-secure-computi.patch
|
||||
git apply ../0010-arm64-add-seccomp-syscall-for-compat-task.patch
|
||||
git apply ../0011-arm64-add-SIGSYS-siginfo-for-compat-task.patch
|
||||
git apply ../0012-arm64-add-seccomp-support.patch
|
||||
}
|
||||
|
||||
build() {
|
||||
|
|
Loading…
Reference in a new issue