Fix CVE-2021-41133

2021-10-20 17:17:20 +08:00 · 2021-10-20 17:17:20 +08:00 · 8f72478963
commit 8f72478963
parent 592c9f8795
11 changed files with 750 additions and 1 deletions
--- a/backport-0001-CVE-2021-41133.patch
+++ b/backport-0001-CVE-2021-41133.patch
@ -0,0 +1,154 @@
+From e26ac7586c392b5eb35ff4609fe232c52523b2cf Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 11:53:23 +0100
+Subject: [PATCH] run: Add an errno value to seccomp filters
+
+At the moment, if we block a syscall we always make it fail with EPERM,
+but this is risky: user-space libraries can start to use new replacements
+for old syscalls at any time, and will often treat EPERM as a fatal error.
+For new syscalls, we should make the syscall fail with ENOSYS, which is
+indistinguishable from running on an older kernel and will cause fallback
+to an older implementation, for example clone3() to clone().
+
+In future we should probably move from EPERM to ENOSYS for some of the
+syscalls we already block, but for now keep the status quo.
+
+This is a prerequisite for fixing the vulnerability tracked as
+GHSA-67h7-w3jq-vh4q.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA   
+Reference:https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf
+
+---
+ common/flatpak-run.c | 62 +++++++++++++++++++++++++-------------------
+ 1 file changed, 36 insertions(+), 26 deletions(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index f48f402..3931820 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2784,61 +2784,63 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+   struct
+   {
+     int                  scall;
+    int                  errnum;
+     struct scmp_arg_cmp *arg;
+   } syscall_blocklist[] = {
+     /* Block dmesg */
+-    {SCMP_SYS (syslog)},
+    {SCMP_SYS (syslog), EPERM},
+     /* Useless old syscall */
+-    {SCMP_SYS (uselib)},
+    {SCMP_SYS (uselib), EPERM},
+     /* Don't allow disabling accounting */
+-    {SCMP_SYS (acct)},
+    {SCMP_SYS (acct), EPERM},
+     /* 16-bit code is unnecessary in the sandbox, and modify_ldt is a
+        historic source of interesting information leaks. */
+-    {SCMP_SYS (modify_ldt)},
+    {SCMP_SYS (modify_ldt), EPERM},
+     /* Don't allow reading current quota use */
+-    {SCMP_SYS (quotactl)},
+    {SCMP_SYS (quotactl), EPERM},
+ 
+     /* Don't allow access to the kernel keyring */
+-    {SCMP_SYS (add_key)},
+-    {SCMP_SYS (keyctl)},
+-    {SCMP_SYS (request_key)},
+    {SCMP_SYS (add_key), EPERM},
+    {SCMP_SYS (keyctl), EPERM},
+    {SCMP_SYS (request_key), EPERM},
+ 
+     /* Scary VM/NUMA ops */
+-    {SCMP_SYS (move_pages)},
+-    {SCMP_SYS (mbind)},
+-    {SCMP_SYS (get_mempolicy)},
+-    {SCMP_SYS (set_mempolicy)},
+-    {SCMP_SYS (migrate_pages)},
+    {SCMP_SYS (move_pages), EPERM},
+    {SCMP_SYS (mbind), EPERM},
+    {SCMP_SYS (get_mempolicy), EPERM},
+    {SCMP_SYS (set_mempolicy), EPERM},
+    {SCMP_SYS (migrate_pages), EPERM},
+ 
+     /* Don't allow subnamespace setups: */
+-    {SCMP_SYS (unshare)},
+-    {SCMP_SYS (mount)},
+-    {SCMP_SYS (pivot_root)},
+    {SCMP_SYS (unshare), EPERM},
+    {SCMP_SYS (mount), EPERM},
+    {SCMP_SYS (pivot_root), EPERM},
+ #if defined(__s390__) || defined(__s390x__) || defined(__CRIS__)
+     /* Architectures with CONFIG_CLONE_BACKWARDS2: the child stack
+      * and flags arguments are reversed so the flags come second */
+-    {SCMP_SYS (clone), &SCMP_A1 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+    {SCMP_SYS (clone), EPERM, &SCMP_A1 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ #else
+     /* Normally the flags come first */
+-    {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+    {SCMP_SYS (clone), EPERM, &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ #endif
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+    {SCMP_SYS (ioctl), EPERM, &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+   };
+ 
+   struct
+   {
+     int                  scall;
+    int                  errnum;
+     struct scmp_arg_cmp *arg;
+   } syscall_nondevel_blocklist[] = {
+     /* Profiling operations; we expect these to be done by tools from outside
+      * the sandbox.  In particular perf has been the source of many CVEs.
+      */
+-    {SCMP_SYS (perf_event_open)},
+    {SCMP_SYS (perf_event_open), EPERM},
+     /* Don't allow you to switch to bsd emulation or whatnot */
+-    {SCMP_SYS (personality), &SCMP_A0 (SCMP_CMP_NE, allowed_personality)},
+-    {SCMP_SYS (ptrace)}
+    {SCMP_SYS (personality), EPERM, &SCMP_A0 (SCMP_CMP_NE, allowed_personality)},
+    {SCMP_SYS (ptrace), EPERM}
+   };
+   /* Blocklist all but unix, inet, inet6 and netlink */
+   struct
+@@ -2922,10 +2924,14 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+   for (i = 0; i < G_N_ELEMENTS (syscall_blocklist); i++)
+     {
+       int scall = syscall_blocklist[i].scall;
+      int errnum = syscall_blocklist[i].errnum;
+
+      g_return_val_if_fail (errnum == EPERM || errnum == ENOSYS, FALSE);
+
+       if (syscall_blocklist[i].arg)
+-        r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 1, *syscall_blocklist[i].arg);
+        r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_blocklist[i].arg);
+       else
+-        r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 0);
+        r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
+       if (r < 0 && r == -EFAULT /* unknown syscall */)
+         return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
+     }
+@@ -2935,10 +2941,14 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+       for (i = 0; i < G_N_ELEMENTS (syscall_nondevel_blocklist); i++)
+         {
+           int scall = syscall_nondevel_blocklist[i].scall;
+          int errnum = syscall_nondevel_blocklist[i].errnum;
+
+          g_return_val_if_fail (errnum == EPERM || errnum == ENOSYS, FALSE);
+
+           if (syscall_nondevel_blocklist[i].arg)
+-            r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 1, *syscall_nondevel_blocklist[i].arg);
+            r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_nondevel_blocklist[i].arg);
+           else
+-            r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 0);
+            r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
+ 
+           if (r < 0 && r == -EFAULT /* unknown syscall */)
+             return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
+-- 
+2.27.0
+
--- a/backport-0002-CVE-2021-41133.patch
+++ b/backport-0002-CVE-2021-41133.patch
@ -0,0 +1,33 @@
+From 89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 12:44:04 +0100
+Subject: [PATCH] run: Add cross-references for some other seccomp syscall
+ filters
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48
+
+---
+ common/flatpak-run.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 3931820..38ba16f 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2779,6 +2779,10 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+    *  https://git.gnome.org/browse/linux-user-chroot
+    *    in src/setup-seccomp.c
+    *
+   * Other useful resources:
+   * https://github.com/systemd/systemd/blob/HEAD/src/shared/seccomp-util.c
+   * https://github.com/moby/moby/blob/HEAD/profiles/seccomp/default.json
+   *
+    **** END NOTE ON CODE SHARING
+    */
+   struct
+-- 
+2.27.0
+
--- a/backport-0003-CVE-2021-41133.patch
+++ b/backport-0003-CVE-2021-41133.patch
@ -0,0 +1,252 @@
+From 26b12484eb8a6219b9e7aa287b298a894b2f34ca Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 14:17:04 +0100
+Subject: [PATCH] common: Add a list of recently-added Linux syscalls
+
+Historically, syscalls could take arbitrarily-different values on
+different architectures, but new syscalls are added with syscall numbers
+that align on each architecture.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca
+
+---
+ common/Makefile.am.inc            |   1 +
+ common/flatpak-run.c              |   2 +
+ common/flatpak-syscalls-private.h | 197 ++++++++++++++++++++++++++++++
+ 3 files changed, 200 insertions(+)
+ create mode 100644 common/flatpak-syscalls-private.h
+
+diff --git a/common/Makefile.am.inc b/common/Makefile.am.inc
+index b681294..919b015 100644
+--- a/common/Makefile.am.inc
+++ b/common/Makefile.am.inc
+@@ -160,6 +160,7 @@ libflatpak_common_la_SOURCES = \
+ 	common/flatpak-remote.c \
+ 	common/flatpak-run-private.h \
+ 	common/flatpak-run.c \
+	common/flatpak-syscalls-private.h \
+ 	common/flatpak-transaction-private.h \
+ 	common/flatpak-transaction.c \
+ 	common/flatpak-transaction.h \
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 38ba16f..5cf6d2e 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -41,6 +41,8 @@
+ #include <libmalcontent/malcontent.h>
+ #endif
+ 
+#include "flatpak-syscalls-private.h"
+
+ #ifdef ENABLE_SECCOMP
+ #include <seccomp.h>
+ #endif
+diff --git a/common/flatpak-syscalls-private.h b/common/flatpak-syscalls-private.h
+new file mode 100644
+index 0000000..04eb38c
+--- /dev/null
+++ b/common/flatpak-syscalls-private.h
+@@ -0,0 +1,197 @@
+/*
+ * Copyright 2021 Collabora Ltd.
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <sys/syscall.h>
+
+#if defined(_MIPS_SIM)
+# if _MIPS_SIM == _MIPS_SIM_ABI32
+#   define FLATPAK_MISSING_SYSCALL_BASE 4000
+# elif _MIPS_SIM == _MIPS_SIM_ABI64
+#   define FLATPAK_MISSING_SYSCALL_BASE 5000
+# elif _MIPS_SIM == _MIPS_SIM_NABI32
+#   define FLATPAK_MISSING_SYSCALL_BASE 6000
+# else
+#   error "Unknown MIPS ABI"
+# endif
+#endif
+
+#if defined(__ia64__)
+# define FLATPAK_MISSING_SYSCALL_BASE 1024
+#endif
+
+#if defined(__alpha__)
+# define FLATPAK_MISSING_SYSCALL_BASE 110
+#endif
+
+#if defined(__x86_64__) && defined(__ILP32__)
+# define FLATPAK_MISSING_SYSCALL_BASE 0x40000000
+#endif
+
+/*
+ * FLATPAK_MISSING_SYSCALL_BASE:
+ *
+ * Number to add to the syscall numbers of recently-added syscalls
+ * to get the appropriate syscall for the current ABI.
+ */
+#ifndef FLATPAK_MISSING_SYSCALL_BASE
+# define FLATPAK_MISSING_SYSCALL_BASE 0
+#endif
+
+#ifndef __NR_open_tree
+# define __NR_open_tree (FLATPAK_MISSING_SYSCALL_BASE + 428)
+#endif
+#ifndef __SNR_open_tree
+# define __SNR_open_tree __NR_open_tree
+#endif
+
+#ifndef __NR_move_mount
+# define __NR_move_mount (FLATPAK_MISSING_SYSCALL_BASE + 429)
+#endif
+#ifndef __SNR_move_mount
+# define __SNR_move_mount __NR_move_mount
+#endif
+
+#ifndef __NR_fsopen
+# define __NR_fsopen (FLATPAK_MISSING_SYSCALL_BASE + 430)
+#endif
+#ifndef __SNR_fsopen
+# define __SNR_fsopen __NR_fsopen
+#endif
+
+#ifndef __NR_fsconfig
+# define __NR_fsconfig (FLATPAK_MISSING_SYSCALL_BASE + 431)
+#endif
+#ifndef __SNR_fsconfig
+# define __SNR_fsconfig __NR_fsconfig
+#endif
+
+#ifndef __NR_fsmount
+# define __NR_fsmount (FLATPAK_MISSING_SYSCALL_BASE + 432)
+#endif
+#ifndef __SNR_fsmount
+# define __SNR_fsmount __NR_fsmount
+#endif
+
+#ifndef __NR_fspick
+# define __NR_fspick (FLATPAK_MISSING_SYSCALL_BASE + 433)
+#endif
+#ifndef __SNR_fspick
+# define __SNR_fspick __NR_fspick
+#endif
+
+#ifndef __NR_pidfd_open
+# define __NR_pidfd_open (FLATPAK_MISSING_SYSCALL_BASE + 434)
+#endif
+#ifndef __SNR_pidfd_open
+# define __SNR_pidfd_open __NR_pidfd_open
+#endif
+
+#ifndef __NR_clone3
+# define __NR_clone3 (FLATPAK_MISSING_SYSCALL_BASE + 435)
+#endif
+#ifndef __SNR_clone3
+# define __SNR_clone3 __NR_clone3
+#endif
+
+#ifndef __NR_close_range
+# define __NR_close_range (FLATPAK_MISSING_SYSCALL_BASE + 436)
+#endif
+#ifndef __SNR_close_range
+# define __SNR_close_range __NR_close_range
+#endif
+
+#ifndef __NR_openat2
+# define __NR_openat2 (FLATPAK_MISSING_SYSCALL_BASE + 437)
+#endif
+#ifndef __SNR_openat2
+# define __SNR_openat2 __NR_openat2
+#endif
+
+#ifndef __NR_pidfd_getfd
+# define __NR_pidfd_getfd (FLATPAK_MISSING_SYSCALL_BASE + 438)
+#endif
+#ifndef __SNR_pidfd_getfd
+# define __SNR_pidfd_getfd __NR_pidfd_getfd
+#endif
+
+#ifndef __NR_faccessat2
+# define __NR_faccessat2 (FLATPAK_MISSING_SYSCALL_BASE + 439)
+#endif
+#ifndef __SNR_faccessat2
+# define __SNR_faccessat2 __NR_faccessat2
+#endif
+
+#ifndef __NR_process_madvise
+# define __NR_process_madvise (FLATPAK_MISSING_SYSCALL_BASE + 440)
+#endif
+#ifndef __SNR_process_madvise
+# define __SNR_process_madvise __NR_process_madvise
+#endif
+
+#ifndef __NR_epoll_pwait2
+# define __NR_epoll_pwait2 (FLATPAK_MISSING_SYSCALL_BASE + 441)
+#endif
+#ifndef __SNR_epoll_pwait2
+# define __SNR_epoll_pwait2 __NR_epoll_pwait2
+#endif
+
+#ifndef __NR_mount_setattr
+# define __NR_mount_setattr (FLATPAK_MISSING_SYSCALL_BASE + 442)
+#endif
+#ifndef __SNR_mount_setattr
+# define __SNR_mount_setattr __NR_mount_setattr
+#endif
+
+#ifndef __NR_quotactl_fd
+# define __NR_quotactl_fd (FLATPAK_MISSING_SYSCALL_BASE + 443)
+#endif
+#ifndef __SNR_quotactl_fd
+# define __SNR_quotactl_fd __NR_quotactl_fd
+#endif
+
+#ifndef __NR_landlock_create_ruleset
+# define __NR_landlock_create_ruleset (FLATPAK_MISSING_SYSCALL_BASE + 444)
+#endif
+#ifndef __SNR_landlock_create_ruleset
+# define __SNR_landlock_create_ruleset __NR_landlock_create_ruleset
+#endif
+
+#ifndef __NR_landlock_add_rule
+# define __NR_landlock_add_rule (FLATPAK_MISSING_SYSCALL_BASE + 445)
+#endif
+#ifndef __SNR_landlock_add_rule
+# define __SNR_landlock_add_rule __NR_landlock_add_rule
+#endif
+
+#ifndef __NR_landlock_restrict_self
+# define __NR_landlock_restrict_self (FLATPAK_MISSING_SYSCALL_BASE + 446)
+#endif
+#ifndef __SNR_landlock_restrict_self
+# define __SNR_landlock_restrict_self __NR_landlock_restrict_self
+#endif
+
+#ifndef __NR_memfd_secret
+# define __NR_memfd_secret (FLATPAK_MISSING_SYSCALL_BASE + 447)
+#endif
+#ifndef __SNR_memfd_secret
+# define __SNR_memfd_secret __NR_memfd_secret
+#endif
+
+/* Last updated: Linux 5.14, syscall numbers < 448 */
+-- 
+2.27.0
+
--- a/backport-0004-CVE-2021-41133.patch
+++ b/backport-0004-CVE-2021-41133.patch
@ -0,0 +1,43 @@
+From a10f52a7565c549612c92b8e736a6698a53db330 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 11:59:00 +0100
+Subject: [PATCH] run: Block clone3() in sandbox
+
+clone3() can be used to implement clone() with CLONE_NEWUSER, allowing
+a sandboxed process to get CAP_SYS_ADMIN in a new namespace and
+manipulate its root directory. We need to block this so that AF_UNIX-based
+socket servers (X11, Wayland, etc.) can rely on
+/proc/PID/root/.flatpak-info existing for all Flatpak-sandboxed apps.
+
+Partially fixes GHSA-67h7-w3jq-vh4q.
+
+Thanks: an anonymous reporter
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330
+
+---
+ common/flatpak-run.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 5cf6d2e..dad0cfe 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2832,6 +2832,12 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+     {SCMP_SYS (ioctl), EPERM, &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+
+    /* seccomp can't look into clone3()'s struct clone_args to check whether
+     * the flags are OK, so we have no choice but to block clone3().
+     * Return ENOSYS so user-space will fall back to clone().
+     * (GHSA-67h7-w3jq-vh4q; see also https://github.com/moby/moby/commit/9f6b562d) */
+    {SCMP_SYS (clone3), ENOSYS},
+   };
+ 
+   struct
+-- 
+2.27.0
+
--- a/backport-0005-CVE-2021-41133.patch
+++ b/backport-0005-CVE-2021-41133.patch
@ -0,0 +1,45 @@
+From 9766ee05b1425db397d2cf23afd24c7f6146a69f Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 12:45:54 +0100
+Subject: [PATCH] run: Disallow recently-added mount-manipulation syscalls
+
+If we don't allow mount() then we shouldn't allow these either.
+
+Partially fixes GHSA-67h7-w3jq-vh4q.
+
+Thanks: an anonymous reporter
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f
+
+---
+ common/flatpak-run.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index dad0cfe..2781694 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2838,6 +2838,18 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+      * Return ENOSYS so user-space will fall back to clone().
+      * (GHSA-67h7-w3jq-vh4q; see also https://github.com/moby/moby/commit/9f6b562d) */
+     {SCMP_SYS (clone3), ENOSYS},
+
+    /* New mount manipulation APIs can also change our VFS. There's no
+     * legitimate reason to do these in the sandbox, so block all of them
+     * rather than thinking about which ones might be dangerous.
+     * (GHSA-67h7-w3jq-vh4q) */
+    {SCMP_SYS (open_tree), ENOSYS},
+    {SCMP_SYS (move_mount), ENOSYS},
+    {SCMP_SYS (fsopen), ENOSYS},
+    {SCMP_SYS (fsconfig), ENOSYS},
+    {SCMP_SYS (fsmount), ENOSYS},
+    {SCMP_SYS (fspick), ENOSYS},
+    {SCMP_SYS (mount_setattr), ENOSYS},
+   };
+ 
+   struct
+-- 
+2.27.0
+
--- a/backport-0006-CVE-2021-41133.patch
+++ b/backport-0006-CVE-2021-41133.patch
@ -0,0 +1,34 @@
+From 4c34815784e9ffda5733225c7d95824f96375e36 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 14:19:31 +0100
+Subject: [PATCH] run: Block setns()
+
+If we don't allow unshare() or clone() with CLONE_NEWUSER, we also
+shouldn't allow joining an existing (but different) namespace.
+
+Partially fixes GHSA-67h7-w3jq-vh4q.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36
+
+---
+ common/flatpak-run.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 2781694..c266dbe 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2819,6 +2819,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+ 
+     /* Don't allow subnamespace setups: */
+     {SCMP_SYS (unshare), EPERM},
+    {SCMP_SYS (setns), EPERM},
+     {SCMP_SYS (mount), EPERM},
+     {SCMP_SYS (pivot_root), EPERM},
+ #if defined(__s390__) || defined(__s390x__) || defined(__CRIS__)
+-- 
+2.27.0
+
--- a/backport-0007-CVE-2021-41133.patch
+++ b/backport-0007-CVE-2021-41133.patch
@ -0,0 +1,35 @@
+From 1330662f33a55e88bfe18e76de28b7922d91a999 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 14:20:29 +0100
+Subject: [PATCH] run: Don't allow unmounting filesystems
+
+If we don't allow mounting filesystems, we shouldn't allow unmounting
+either.
+
+Partially fixes GHSA-67h7-w3jq-vh4q.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999
+
+---
+ common/flatpak-run.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index c266dbe..b1a8db5 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2821,6 +2821,8 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+     {SCMP_SYS (unshare), EPERM},
+     {SCMP_SYS (setns), EPERM},
+     {SCMP_SYS (mount), EPERM},
+    {SCMP_SYS (umount), EPERM},
+    {SCMP_SYS (umount2), EPERM},
+     {SCMP_SYS (pivot_root), EPERM},
+ #if defined(__s390__) || defined(__s390x__) || defined(__CRIS__)
+     /* Architectures with CONFIG_CLONE_BACKWARDS2: the child stack
+-- 
+2.27.0
+
--- a/backport-0008-CVE-2021-41133.patch
+++ b/backport-0008-CVE-2021-41133.patch
@ -0,0 +1,34 @@
+From 462fca2c666e0cd2b60d6d2593a7216a83047aaf Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 1 Sep 2021 14:21:04 +0100
+Subject: [PATCH] run: Don't allow chroot()
+
+If we don't allow pivot_root() then there seems no reason why we should
+allow chroot().
+
+Partially fixes GHSA-67h7-w3jq-vh4q.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf
+
+---
+ common/flatpak-run.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index b1a8db5..da96465 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2824,6 +2824,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+     {SCMP_SYS (umount), EPERM},
+     {SCMP_SYS (umount2), EPERM},
+     {SCMP_SYS (pivot_root), EPERM},
+    {SCMP_SYS (chroot), EPERM},
+ #if defined(__s390__) || defined(__s390x__) || defined(__CRIS__)
+     /* Architectures with CONFIG_CLONE_BACKWARDS2: the child stack
+      * and flags arguments are reversed so the flags come second */
+-- 
+2.27.0
+
--- a/backport-Fix-handling-of-syscalls-only-allowed-by-de.patch
+++ b/backport-Fix-handling-of-syscalls-only-allowed-by-de.patch
@ -0,0 +1,33 @@
+From 3fc8c672676ae016f8e7cc90481b2feecbad9861 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Fri, 8 Oct 2021 19:00:13 +0100
+Subject: [PATCH] Fix handling of syscalls only allowed by --devel
+
+This was incorrectly looking at errno instead of -r.
+
+Fixes: 0b38b0f0 "run: Handle unknown syscalls as intended"
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
+
+---
+ common/flatpak-run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index a416f1b..69eabc0 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2988,7 +2988,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+             r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
+ 
+           /* See above for the meaning of EFAULT. */
+-          if (errno == EFAULT)
+          if (r == -EFAULT)
+             flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+                             scall);
+           else if (r < 0)
+-- 
+2.27.0
+
--- a/backport-run-Handle-unknown-syscalls-as-intended.patch
+++ b/backport-run-Handle-unknown-syscalls-as-intended.patch
@ -0,0 +1,73 @@
+From d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Fri, 8 Oct 2021 17:05:07 +0100
+Subject: [PATCH] run: Handle unknown syscalls as intended
+
+The error-handling here was
+
+    if (r < 0 && r == -EFAULT)
+
+but Alex says it was almost certainly intended to be
+
+    if (r < 0 && r != -EFAULT)
+
+so that syscalls not known to libseccomp are not a fatal error.
+
+Instead of literally making that change, emit a debug message on -EFAULT
+so we can see what is going on.
+
+This temporarily weakens our defence against CVE-2021-41133
+(GHSA-67h7-w3jq-vh4q) in order to avoid regressions: if the installed
+version of libseccomp does not know about the recently-added syscalls,
+but the kernel does, then we will not prevent non-native executables
+from using those syscalls.
+
+Resolves: https://github.com/flatpak/flatpak/issues/4458
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8
+
+
+---
+ common/flatpak-run.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index da96465..a416f1b 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2960,7 +2960,16 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+         r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_blocklist[i].arg);
+       else
+         r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
+-      if (r < 0 && r == -EFAULT /* unknown syscall */)
+
+      /* EFAULT means "internal libseccomp error", but in practice we get
+       * this for syscall numbers added via flatpak-syscalls-private.h
+       * when trying to filter them on a non-native architecture, because
+       * libseccomp cannot map the syscall number to a name and back to a
+       * number for the non-native architecture. */
+      if (r == -EFAULT)
+        flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+                        scall);
+      else if (r < 0)
+         return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
+     }
+ 
+@@ -2978,7 +2987,11 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+           else
+             r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
+ 
+-          if (r < 0 && r == -EFAULT /* unknown syscall */)
+          /* See above for the meaning of EFAULT. */
+          if (errno == EFAULT)
+            flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+                            scall);
+          else if (r < 0)
+             return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
+         }
+     }
+-- 
+2.27.0
+
--- a/flatpak.spec
+++ b/flatpak.spec
@ -1,6 +1,6 @@
 Name:           flatpak
 Version:        1.10.2
-Release:        1
+Release:        2
 Summary:        Application deployment framework for desktop apps
 License:        LGPLv2+
 URL:            http://flatpak.org/
@ -9,6 +9,16 @@ Patch0000:      modify-automake-version.patch
 Patch0002:      CVE-2021-21261-2.patch
 Patch0004:      CVE-2021-21261-4.patch
 Patch0005:	0001-OCI-Switch-to-pax-format-for-tar-archives.patch
+Patch6000:      backport-0001-CVE-2021-41133.patch
+Patch6001:      backport-0002-CVE-2021-41133.patch
+Patch6002:      backport-0003-CVE-2021-41133.patch
+Patch6003:      backport-0004-CVE-2021-41133.patch
+Patch6004:      backport-0005-CVE-2021-41133.patch
+Patch6005:      backport-0006-CVE-2021-41133.patch
+Patch6006:      backport-0007-CVE-2021-41133.patch
+Patch6007:      backport-0008-CVE-2021-41133.patch
+Patch6008:      backport-run-Handle-unknown-syscalls-as-intended.patch
+Patch6009:      backport-Fix-handling-of-syscalls-only-allowed-by-de.patch

 BuildRequires:  pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2020.8 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau)
@ -114,6 +124,9 @@ flatpak remote-list --system &> /dev/null || :
 %{_mandir}/man5/flatpak-remote.5*

 %changelog
+* Thu Oct 21 2021 xingxing <xingxing9@huawei.com> - 1.10.2-2
+- Fix CVE-2021-41133
+
 * Tue Jun 29 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 1.10.2-1
 - Upgrade to 1.10.2
 - Delete patches that existed in this version 1.10.2, delete sed option