seccomp: allow the clone3 syscall in seccomp policies
We currently only allow conditionally the clone3 syscall through the
+clone3 USE flag. Gentoo removed this flag starting with glibc version
2.36, since the last app that used the flag (Discord) fixed the issue
(see https://bugs.gentoo.org/827386#c4).
Also, this syscall is implemented in all versions of our kernels (it was
introduced in v5.3), so it is safe to allow it.
Since glibc internally forwards clone() to clone3(), we add clone3 to
the seccomp policies that already have a rule for clone.
BUG=b:428902090
TEST=rebuilt SDK and cros toolchain with clone3 enabled; boot on jacuzzi
and drive for a while.
Change-Id: Idca93812a8702956deefd39b521e406215789099
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/touch_updater/+/6694994
Commit-Queue: Sergio Andres Gomez Del Real <sergio.gdr@collabora.corp-partner.google.com>
Tested-by: Sergio Andres Gomez Del Real <sergio.gdr@collabora.corp-partner.google.com>
Reviewed-by: Kenneth Albanowski <kenalba@google.com>
Reviewed-by: Henry Barnor <hbarnor@chromium.org>
10 files changed
