779a07eba3
- Add patch to disable the seccomp sandbox (boo#1174448): * 0001-Disable-the-seccomp-sandbox.patch OBS-URL: https://build.opensuse.org/request/show/822683 OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kscreenlocker?expand=0&rev=225
52 lines
1.7 KiB
Diff
52 lines
1.7 KiB
Diff
From cd2d031b191c6b4e6a0eb4bd51ed8b2c72c21f76 Mon Sep 17 00:00:00 2001
|
|
From: Fabian Vogt <fabian@ritter-vogt.de>
|
|
Date: Fri, 24 Jul 2020 13:22:50 +0200
|
|
Subject: [PATCH] Disable the seccomp sandbox
|
|
References: boo#1174448
|
|
|
|
In the referenced bug, it somehow fails to make the created context current,
|
|
so no GL vendor detection is performed and it is assumed to not be Nvidia
|
|
or on Wayland. This breaks rendering.
|
|
While it would be enough to only disable the sandbox in this particular case,
|
|
it's planned to drop sandboxing anyway
|
|
(https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/9) so just do the
|
|
same here, just in a simpler way with less side effects.
|
|
---
|
|
greeter/seccomp_filter.cpp | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/greeter/seccomp_filter.cpp b/greeter/seccomp_filter.cpp
|
|
index bca3001..8e2f156 100644
|
|
--- a/greeter/seccomp_filter.cpp
|
|
+++ b/greeter/seccomp_filter.cpp
|
|
@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#include <QDBusConnection>
|
|
#include <QOpenGLContext>
|
|
#include <QOffscreenSurface>
|
|
+#include <QDebug>
|
|
|
|
#include <seccomp.h>
|
|
#include <sys/socket.h>
|
|
@@ -62,11 +63,18 @@ void init()
|
|
else if (gl->isSoftwareEmulation() && KWindowSystem::isPlatformWayland()) {
|
|
createSupported = writeSupported = false;
|
|
}
|
|
+ } else {
|
|
+ qWarning() << "Making the context current failed";
|
|
+ return;
|
|
}
|
|
+ } else {
|
|
+ qWarning() << "Creating an offscreen context failed";
|
|
+ return;
|
|
}
|
|
|
|
// access DBus to have the socket open
|
|
QDBusConnection::sessionBus();
|
|
+ return;
|
|
|
|
// default action: allow
|
|
// we cannot use a whitelist approach of syscalls
|
|
--
|
|
2.25.1
|
|
|