3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/applications/networking
aszlig 536feffc68
chromium: Fix userns patch for kernel 3.18.2.
Writing the gid_map is already non-fatal, but the actual sandbox process
still tries to setresgid() to nogroup (usually 65534). This however
fails, because if user namespace sandboxing is present, the namespace
doesn't have CAP_SETGID at this point.

Fortunately, the effective GID is already 65534, so we just need to
check whether the target gid matches and only(!) setresgid() if it
doesn't.

So if someone would run a SUID version of the sandbox, it would still
work nonetheless without a negative impact on security.

Fixes #5730, thanks to @wizeman for reporting and initial debugging.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-13 06:18:10 +01:00
..
bittorrentsync nixpkgs: btsync 1.4.103 -> 1.4.106 2015-01-08 02:51:34 -06:00
browsers chromium: Fix userns patch for kernel 3.18.2. 2015-01-13 06:18:10 +01:00
cluster Change occurrences of gcc to the more general cc 2014-12-26 11:06:21 -06:00
copy-com Copy.com: update package to 1.47.0410 (upstream update) 2014-10-02 06:44:12 +01:00
davmail davmail: updated to 4.5.1 2014-09-15 18:01:17 +02:00
dropbox dropbox: update to 2.10.52 2014-11-23 13:31:36 -06:00
dropbox-cli Another attempt to eradicate ensureDir 2014-06-30 14:56:10 +02:00
esniper esniper: update to version 2.31.0 2014-06-11 12:05:06 +02:00
feedreaders setting namePrefix = "" in rawdog 2014-12-24 13:13:39 -06:00
ftp/filezilla FileZilla: update from 3.8.1 to 3.9.0.6 2014-11-08 17:27:18 +00:00
ids Bump snort to 2.9.7.0 and daq to 2.0.4 2014-11-27 09:57:59 +02:00
ike move ike to applications/networking folder 2014-09-03 22:31:26 +02:00
instant-messengers Merge pull request #5582 from devhell/profanity. 2015-01-05 08:33:11 +01:00
iptraf change md5sum to sha256sum for a few packages 2014-10-12 16:13:21 +02:00
irc weechatDevel: removing it 2014-12-10 14:59:41 +01:00
jmeter jmeter: fix download URL 2014-11-18 15:43:09 +01:00
linssid boost: Remove boost.lib 2014-11-02 17:22:27 -08:00
mailreaders sylpheed: actually enable gpg support 2015-01-07 11:08:58 +00:00
msmtp Update msmtp to 1.6.1 2015-01-09 18:13:45 +01:00
mumble mumble: add pulseaudio support 2015-01-10 23:36:42 +03:00
netperf netperf: update to version 2.6.0 2012-08-10 11:56:22 +02:00
newsreaders slrn: update 1.0.1 to 1.0.2 2014-10-27 12:47:22 -04:00
notbit notbit: Bump to git-faf0930 2014-05-13 16:38:12 -05:00
offrss offrss: fixing crossbuilding, disabling podofo in that case 2013-04-10 18:26:42 +02:00
owncloud-client owncloud-client: added meta.platforms = stdenv.lib.platforms.unix; 2014-12-17 17:59:18 +01:00
p2p transmission-remote-gtk: meta fixup (close #5420) 2014-12-21 10:35:24 +01:00
pjsip Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
pond go: Update to 1.4 2015-01-06 13:31:02 -06:00
remote java: Normalize to the default jre / jdk 2015-01-07 14:55:41 -08:00
seafile-client seafile: update client, ccnet, libsearpc and shared 2015-01-09 13:37:44 +01:00
siproxd Updating siproxd to 0.8.1, and libosip. 2013-06-29 15:14:02 +02:00
sniffers wireshark: update 1.12.2 -> 1.12.3 (security update) 2015-01-08 19:43:50 +01:00
spideroak Add SpiderOak secure backup service. 2014-07-18 16:21:48 -04:00
sync Removed akunambol 2014-10-09 12:00:12 +02:00
syncthing syncthing: Update to version 0.10.19. 2015-01-12 13:23:18 -06:00
umurmur Fix license attribute of many bsd-like licensed packages 2014-12-21 00:00:35 +01:00
vnstat Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
yafc Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
znc update znc 1.2 -> 1.4 2014-05-27 15:27:17 -05:00