alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/pkgs/applications/networking/browsers
History
aszlig 536feffc68
chromium: Fix userns patch for kernel 3.18.2. 
Writing the gid_map is already non-fatal, but the actual sandbox process
still tries to setresgid() to nogroup (usually 65534). This however
fails, because if user namespace sandboxing is present, the namespace
doesn't have CAP_SETGID at this point.

Fortunately, the effective GID is already 65534, so we just need to
check whether the target gid matches and only(!) setresgid() if it
doesn't.

So if someone would run a SUID version of the sandbox, it would still
work nonetheless without a negative impact on security.

Fixes #5730, thanks to @wizeman for reporting and initial debugging.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-13 06:18:10 +01:00
..
arora Arora: version bump 2010-10-15 23:43:21 +00:00
chromium chromium: Fix userns patch for kernel 3.18.2. 2015-01-13 06:18:10 +01:00
conkeror conkeror: upgrade to 141017 and use firefox for xulrunner 2014-10-22 18:08:46 +02:00
dillo Small style fixups 2014-09-10 21:34:50 -03:00
dwb dwb: switch to a maintained fork 2014-12-15 15:57:33 +01:00
elinks Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
firefox Change occurrences of gcc to the more general cc 2014-12-26 11:06:21 -06:00
firefox-bin Change occurrences of gcc to the more general cc 2014-12-26 11:06:21 -06:00
kwebkitpart kde: fix CVE-2014-8600 by upstream patches 2014-12-10 19:38:50 +01:00
links change md5sum to sha256sum for a few packages 2014-10-12 16:13:21 +02:00
links2 links2: update from 2.5 to 2.8 2014-02-24 22:04:40 +01:00
lynx lynx: update from 2.8.7 to 2.8.8 2014-05-22 12:57:17 +02:00
midori Midori now depends on sqlite 2015-01-06 22:36:17 +03:00
mozilla * Got rid of a lot of "postInstall=postInstall" and similar lines in 2009-04-23 13:31:10 +00:00
mozilla-plugins Change occurrences of gcc to the more general cc 2014-12-26 11:06:21 -06:00
netsurf *: fix builds by disregarding warning from new glibc 2014-11-28 18:42:03 +01:00
opera Change occurrences of gcc to the more general cc 2014-12-26 11:06:21 -06:00
rekonq rekonq: update to rekonq-2.4.2 and add wrapper 2014-11-26 22:11:50 +01:00
uzbl uzbl: Add gsettings_desktop_schemas as build input. Closes #2332 2014-05-12 10:32:46 +02:00
vimb vimb: Update from 2.7 to 2.8 2014-10-13 13:20:15 +02:00
vimprobable2 Merge pull request #2075 from iyzsong/webkit 2014-04-18 10:10:29 -07:00
w3m transformed meta.maintainers of some packages into lists 2014-09-13 13:52:02 +02:00