1 files changed, 31 insertions, 0 deletions

diff --git a/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch b/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
new file mode 100644
index 0000000..dd5a535
--- /dev/null
+++ b/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Julien Cristau <jcristau@mozilla.com>
+Date: Sun, 6 Sep 2020 20:20:39 +0000
+Subject: [PATCH] Bug 1660901 - ignore AT_NO_AUTOMOUNT in fstatat system call.
+ r=jld
+
+Per the manpage "Both stat() and lstat() act as though AT_NO_AUTOMOUNT
+was set.", so don't bail if it's set in a call to fstatat.
+
+Differential Revision: https://phabricator.services.mozilla.com/D89121
+---
+ security/sandbox/linux/SandboxFilter.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 4087bdc07e01..c4f6c318ad1c 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -254,9 +254,10 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
+                         fd, path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+-    if ((flags & ~AT_SYMLINK_NOFOLLOW) != 0) {
++    if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)) != 0) {
+       SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)",
+-                        (flags & ~AT_SYMLINK_NOFOLLOW), fd, path, buf, flags);
++                        (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)), fd,
++                        path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+     return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf)