File 0002-Bug-1995035-Allow-F_DUPFD_QUERY-in-the-Linux-sandbox.patch of Package firefox-xdg

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jed Davis <jld@mozilla.com>
Date: Fri, 31 Oct 2025 05:25:52 +0100
Subject: [PATCH] Bug 1995035 - Allow `F_DUPFD_QUERY` in the Linux sandboxes.
 r?gcp,thinker

Differential Revision: https://phabricator.services.mozilla.com/D270797
---
 security/sandbox/linux/SandboxFilter.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index aabfd088f8be..4a161fe53e90 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -130,6 +130,13 @@ static_assert(MFD_HUGE_MASK == MAP_HUGE_MASK);
 static_assert(MFD_HUGE_SHIFT == MAP_HUGE_SHIFT);
 #endif
 
+// Added in 6.10
+#ifndef F_DUPFD_QUERY
+#  define F_DUPFD_QUERY (F_LINUX_SPECIFIC_BASE + 3)
+#else
+static_assert(F_DUPFD_QUERY == (F_LINUX_SPECIFIC_BASE + 3));
+#endif
+
 // To avoid visual confusion between "ifdef ANDROID" and "ifndef ANDROID":
 #ifndef ANDROID
 #  define DESKTOP
@@ -1112,6 +1119,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
 #endif
             // Not much different from other forms of dup(), and commonly used.
             .Case(F_DUPFD_CLOEXEC, Allow())
+            // Used by Mesa, generally useful, and harmless: tests if
+            // two file descriptors refer to the same file description.
+            .Case(F_DUPFD_QUERY, Allow())
             .Default(SandboxPolicyBase::EvaluateSyscall(sysno));
       }