From d422a66f8759b2edd8d85df219e8a183058268e8 Mon Sep 17 00:00:00 2001
From: pmu-ipf <peter.mueller@ipfire.org>
Date: Sat, 30 Apr 2022 11:10:04 +0000
Subject: sandbox: Permit rseq syscall as well
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This was found to be necessary in conjunction with glibc 2.35 on Linux.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/lib/sandbox/sandbox.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index e6e556eb59..7a57554ace 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -227,6 +227,9 @@ static int filter_nopar_gen[] = {
 #endif
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
+#ifdef __NR_rseq
+    SCMP_SYS(rseq),
+#endif
     SCMP_SYS(sched_getaffinity),
 #ifdef __NR_sched_yield
     SCMP_SYS(sched_yield),
-- 
cgit v1.2.3-54-g00ecf


From c213c1b0d1616dc074779a26c8fc7b777697fe34 Mon Sep 17 00:00:00 2001
From: Alexander Færøy <ahf@torproject.org>
Date: Mon, 9 May 2022 14:35:42 +0000
Subject: Add changes entry to tor!575.

See: tpo/core/tor#40601.
---
 changes/ticket40601 | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 changes/ticket40601

diff --git a/changes/ticket40601 b/changes/ticket40601
new file mode 100644
index 0000000000..529e3badfe
--- /dev/null
+++ b/changes/ticket40601
@@ -0,0 +1,4 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash issue with
+      glibc 2.35 on Linux.  Patch from pmu-ipf. Fixes bug 40601; bugfix on
+      0.3.5.11. 
-- 
cgit v1.2.3-54-g00ecf