(In reply to Landry Breuil (:gaston) from comment #5) > Created attachment 9224602 [details] [diff] [review] > patch-dom_media_ipc_RDDProcessImpl_cpp > > start sandboxing at the same spot as windows.. i see that windows has `LoadLibraryW` to early load a library before sandboxing, if nspr/gecko has something similar for unix/linux that might allow tightening even more the rdd process sandboxing i think i should be able to just use ``` PR_LoadLibrary("libmozavcodec.so"); PR_LoadLibrary("libmozavutil.so"); ``` before enabling sandboxing, and this works i could remove the need to unveil `/usr/local/lib/firefox`. Will try that in my next 90.0b2 build before submitting the patchset to phabricator for comments.
Bug 1713745 Comment 8 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Landry Breuil (:gaston) from comment #5) > Created attachment 9224602 [details] [diff] [review] > patch-dom_media_ipc_RDDProcessImpl_cpp > > start sandboxing at the same spot as windows.. i see that windows has `LoadLibraryW` to early load a library before sandboxing, if nspr/gecko has something similar for unix/linux that might allow tightening even more the rdd process sandboxing i think i should be able to just use ``` PR_LoadLibrary("libmozavcodec.so"); PR_LoadLibrary("libmozavutil.so"); ``` before enabling sandboxing, and if this works i could remove the need to unveil `/usr/local/lib/firefox`. Will try that in my next 90.0b2 build before submitting the patchset to phabricator for comments.