--- qtwebengine/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc	2018-06-15 09:47:20.000000000 +0200
+++ qtwebengine/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc	2018-09-13 19:53:53.453780253 +0200
@@ -129,7 +129,7 @@
 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
 ResultExpr RestrictCloneToThreadsAndEPERMFork() {
   const Arg<unsigned long> flags(0);
-
+#if defined(__GLIBC__)
   // TODO(mdempsky): Extend DSL to support (flags & ~mask1) == mask2.
   const uint64_t kAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
                                      CLONE_SIGHAND | CLONE_THREAD |
@@ -148,6 +148,17 @@
   return If(IsAndroid() ? android_test : glibc_test, Allow())
       .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
       .Else(CrashSIGSYSClone());
+#else
+  const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
+                       CLONE_THREAD | CLONE_SYSVSEM;
+  const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |
+                   CLONE_DETACHED;
+  const BoolExpr thread_clone_ok = (flags&~safe)==required;
+
+  return If(thread_clone_ok, Allow())
+      .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
+      .Else(CrashSIGSYSClone());
+#endif
 }
 
 ResultExpr RestrictPrctl() {
--- qtwebengine/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc	2018-06-15 09:47:20.000000000 +0200
+++ qtwebengine/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc	2018-09-13 19:56:31.779773940 +0200
@@ -375,6 +375,9 @@
 #if defined(__i386__)
     case __NR_waitpid:
 #endif
+#if !defined(__GLIBC__)
+    case __NR_set_tid_address:
+#endif
       return true;
     case __NR_clone:  // Should be parameter-restricted.
     case __NR_setns:  // Privileged.
@@ -387,7 +390,9 @@
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
     case __NR_set_thread_area:
 #endif
+#if defined(__GLIBC__)
     case __NR_set_tid_address:
+#endif
     case __NR_unshare:
 #if !defined(__mips__) && !defined(__aarch64__)
     case __NR_vfork:
@@ -496,6 +501,9 @@
     case __NR_mlock:
     case __NR_munlock:
     case __NR_munmap:
+#if !defined(__GLIBC__)
+    case __NR_mremap:
+#endif
       return true;
     case __NR_madvise:
     case __NR_mincore:
@@ -511,7 +519,9 @@
     case __NR_modify_ldt:
 #endif
     case __NR_mprotect:
+#if defined(__GLIBC__)
     case __NR_mremap:
+#endif
     case __NR_msync:
     case __NR_munlockall:
     case __NR_readahead: