1 files changed, 36 insertions, 0 deletions

diff --git a/gnu/packages/patches/tor-sandbox-i686.patch b/gnu/packages/patches/tor-sandbox-i686.patch
new file mode 100644
index 0000000000..34b0a053b1
--- /dev/null
+++ b/gnu/packages/patches/tor-sandbox-i686.patch
@@ -0,0 +1,36 @@
+This patch fixes sandboxing on i686 by allowing 'statx'.  Without this,
+'src/test/test_include.sh' would fail.
+
+Patch adapted from:
+
+  https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/480
+
+From 001d880d1082f5d124e10554e2718e407c7e88c6 Mon Sep 17 00:00:00 2001
+From: Simon South <simon@simonsouth.net>
+Date: Fri, 5 Nov 2021 10:10:10 -0400
+Subject: [PATCH] sandbox: Allow "statx" syscall on i386 for glibc 2.33
+
+glibc versions 2.33 and newer use the modern "statx" system call in their
+implementations of stat() and opendir() for Linux on i386.  Prevent failures in
+the sandbox unit tests by modifying the sandbox to allow this system call
+without restriction on i386 when it is available, and update the test suite to
+skip the "sandbox/stat_filename" test in this case as it is certain to fail.
+---
+ src/lib/sandbox/sandbox.c | 3 +++
+ src/test/test_sandbox.c   | 7 ++++---
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
+index fb02a345ab..a15f99ad76 100644
+--- a/src/lib/sandbox/sandbox.c
++++ b/src/lib/sandbox/sandbox.c
+@@ -252,6 +252,9 @@ static int filter_nopar_gen[] = {
+     SCMP_SYS(sigreturn),
+ #endif
+     SCMP_SYS(stat),
++#if defined(__i386__) && defined(__NR_statx)
++    SCMP_SYS(statx),
++#endif
+     SCMP_SYS(uname),
+     SCMP_SYS(wait4),
+     SCMP_SYS(write),