Hi shivambalikondwar So the short version of the current status is that several of these tasks are basically complete but we are in the process of ironing out bugs seen in nightly, which is why this task is still open. Sorry for the delay in response here. Part of the reason for the delayed response is that this is a complicated project with a lot of moving parts - only in the last week or 2 has much of this work landed in tree. While, I'm excited to accept additional contributions for this project, I think it may be useful to give a quick description of the work that has occurred and has been completed by multiple folks working on this project. This project to sandbox libraries required upgrading Firefox build and compilers to use c++17 and fixing the resulting upgrade bugs, changing the build system to pull in the wasm libc and compilers and allow mozconfigs that can compile wasm libraries, upgrading and testing RLBox libraries with the range of platforms and compilers supported by Firefox, manage interactions with the existing seccomp sandboxes, as well submitting patches upstream wasm tools. Additionally the try and testing servers configs also had to be upgraded so we can adaquetely test changes. Only at this point could we sandboxed the graphite library and follow up with functional and perf tests. I'm excited to say that all of this has just been merged and it was briefly deployed nightly (but has since removed so that we can time the release to better suite Firefox's release train). As you probably see from the above there are a lot of moving parts here and it's not the easiest thing to jump into one of the existing tasks. However, there are two main areas I see as the next steps for this project, which are perhaps areas that are easier to contribute to 1) Sandbox more libraries. Right now we have sandboxed one library, and in doing so we have fixed a bunch of infrastructure necessary to do this more widely. This should mean it would now be easier to use RLBox sandbox more libraries in Firefox. 2) Contribute to RLBox. RLBox is the sandboxing framework that is being used here and I do have a road map of additional features and additional testing work. So a question for you --- which of these 2 areas would you want to contribute to? If it's the first, Eric Rahm would be the right person to coordinate this. Although, fair warning, it may take a while to get started here, as deciding which library to sandbox would need buy off from various folks and teams at Mozilla. Additionally, some folks are still just getting back from vacation right now. If it's the second, as the maintainer of RLBox, I'm happy to point you to some tasks where you can help improve RLBox.
Bug 1566235 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Hi shivambalikondwar So the short version of the current status is that several of these tasks are basically complete but we are in the process of ironing out bugs seen in nightly, which is why this task is still open. Sorry for the delay in response here. Part of the reason for the delayed response is that this is a complicated project with a lot of moving parts - only in the last week or 2 has much of this work landed in tree (also the reason why we had previously suggested waiting a month before contributing changes here). While, I'm excited to accept additional contributions for this project, I think it may be useful to give a quick description of the work that has occurred and has been completed by multiple folks working on this project. This project to sandbox libraries required upgrading Firefox build and compilers to use c++17 and fixing the resulting upgrade bugs, changing the build system to pull in the wasm libc and compilers and allow mozconfigs that can compile wasm libraries, upgrading and testing RLBox libraries with the range of platforms and compilers supported by Firefox, manage interactions with the existing seccomp sandboxes, as well submitting patches upstream wasm tools. Additionally the try and testing servers configs also had to be upgraded so we can adaquetely test changes. Only at this point could we sandboxed the graphite library and follow up with functional and perf tests. I'm excited to say that all of this has just been merged and it was briefly deployed nightly (but has since removed so that we can time the release to better suite Firefox's release train). As you probably see from the above there are a lot of moving parts here and it's not the easiest thing to jump into one of the existing tasks. However, there are two main areas I see as the next steps for this project, which are perhaps areas that are easier to contribute to 1) Sandbox more libraries. Right now we have sandboxed one library, and in doing so we have fixed a bunch of infrastructure necessary to do this more widely. This should mean it would now be easier to use RLBox sandbox more libraries in Firefox. 2) Contribute to RLBox. RLBox is the sandboxing framework that is being used here and I do have a road map of additional features and additional testing work. So a question for you --- which of these 2 areas would you want to contribute to? If it's the first, Eric Rahm would be the right person to coordinate this. Although, fair warning, it may take a while to get started here, as deciding which library to sandbox would need buy off from various folks and teams at Mozilla. Additionally, some folks are still just getting back from vacation right now. If it's the second, as the maintainer of RLBox, I'm happy to point you to some tasks where you can help improve RLBox.