Accepting request 822683 from home:Vogtinator:boo1174448
- Add patch to disable the seccomp sandbox (boo#1174448): * 0001-Disable-the-seccomp-sandbox.patch OBS-URL: https://build.opensuse.org/request/show/822683 OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kscreenlocker?expand=0&rev=225
This commit is contained in:
parent
fe42db7f5e
commit
779a07eba3
51
0001-Disable-the-seccomp-sandbox.patch
Normal file
51
0001-Disable-the-seccomp-sandbox.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From cd2d031b191c6b4e6a0eb4bd51ed8b2c72c21f76 Mon Sep 17 00:00:00 2001
|
||||
From: Fabian Vogt <fabian@ritter-vogt.de>
|
||||
Date: Fri, 24 Jul 2020 13:22:50 +0200
|
||||
Subject: [PATCH] Disable the seccomp sandbox
|
||||
References: boo#1174448
|
||||
|
||||
In the referenced bug, it somehow fails to make the created context current,
|
||||
so no GL vendor detection is performed and it is assumed to not be Nvidia
|
||||
or on Wayland. This breaks rendering.
|
||||
While it would be enough to only disable the sandbox in this particular case,
|
||||
it's planned to drop sandboxing anyway
|
||||
(https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/9) so just do the
|
||||
same here, just in a simpler way with less side effects.
|
||||
---
|
||||
greeter/seccomp_filter.cpp | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/greeter/seccomp_filter.cpp b/greeter/seccomp_filter.cpp
|
||||
index bca3001..8e2f156 100644
|
||||
--- a/greeter/seccomp_filter.cpp
|
||||
+++ b/greeter/seccomp_filter.cpp
|
||||
@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#include <QDBusConnection>
|
||||
#include <QOpenGLContext>
|
||||
#include <QOffscreenSurface>
|
||||
+#include <QDebug>
|
||||
|
||||
#include <seccomp.h>
|
||||
#include <sys/socket.h>
|
||||
@@ -62,11 +63,18 @@ void init()
|
||||
else if (gl->isSoftwareEmulation() && KWindowSystem::isPlatformWayland()) {
|
||||
createSupported = writeSupported = false;
|
||||
}
|
||||
+ } else {
|
||||
+ qWarning() << "Making the context current failed";
|
||||
+ return;
|
||||
}
|
||||
+ } else {
|
||||
+ qWarning() << "Creating an offscreen context failed";
|
||||
+ return;
|
||||
}
|
||||
|
||||
// access DBus to have the socket open
|
||||
QDBusConnection::sessionBus();
|
||||
+ return;
|
||||
|
||||
// default action: allow
|
||||
// we cannot use a whitelist approach of syscalls
|
||||
--
|
||||
2.25.1
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 24 11:24:06 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
|
||||
|
||||
- Add patch to disable the seccomp sandbox (boo#1174448):
|
||||
* 0001-Disable-the-seccomp-sandbox.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 7 12:38:54 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
|
||||
|
||||
|
@ -32,6 +32,8 @@ Source1: https://download.kde.org/stable/plasma/%{version}/kscreenlocker-
|
||||
Source2: plasma.keyring
|
||||
%endif
|
||||
Source3: kde
|
||||
# PATCH-FIX-UPSTREAM (kind of, https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/9)
|
||||
Patch1: 0001-Disable-the-seccomp-sandbox.patch
|
||||
BuildRequires: cmake >= 2.8.12
|
||||
BuildRequires: extra-cmake-modules >= 1.8.0
|
||||
BuildRequires: kf5-filesystem
|
||||
@ -86,8 +88,9 @@ Requires: cmake(Qt5X11Extras) >= 5.5.0
|
||||
Development files for Library and components for secure lock screen architecture.
|
||||
|
||||
%lang_package
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
|
||||
%build
|
||||
%cmake_kf5 -d build -- -DKDE4_COMMON_PAM_SERVICE=kde -DCMAKE_INSTALL_LOCALEDIR=%{_kf5_localedir}
|
||||
|
Loading…
Reference in New Issue
Block a user