(In reply to Martin Stránský [:stransky] (ni? me) from comment #10) > Jed, this patch unifies how headless GL context is created on Wayland/X11, i.e. where display connection is missing we don't create one but we use headless GL display based on dmabuf. > > I tested that wit patches from Bug 1769182 and I'm getting this one (for both X11 / Wayland): > > Sandbox: seccomp sandbox violation: pid 26657, tid 26706, syscall 27, args 140104273555456 4096 140104683351920 0 1 1073741824. Killing process. I also ran into this while trying it out this morning. That's `mincore`, [which we already allowed for content processes][already], because it's part of a hack that Mesa EGL uses to let the “native display” be either a DRI fd or several types of display pointer, determined at runtime. I've confirmed that it works under X if `mincore` is allowed. And I've confirmed it doesn't need to connect to the X server now, so a lot of bug 1769182 can be turned off (which is good, even though the RDD sandbox is less critical than the content sandbox). I'll make some patches. [already]: https://searchfox.org/mozilla-central/rev/9f95c41a962c9228f569f8a6b2c30edbb50b65ae/security/sandbox/linux/SandboxFilter.cpp#1460-1466
Bug 1769499 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Martin Stránský [:stransky] (ni? me) from comment #10) > Jed, this patch unifies how headless GL context is created on Wayland/X11, i.e. where display connection is missing we don't create one but we use headless GL display based on dmabuf. > > I tested that wit patches from Bug 1769182 and I'm getting this one (for both X11 / Wayland): > > Sandbox: seccomp sandbox violation: pid 26657, tid 26706, syscall 27, args 140104273555456 4096 140104683351920 0 1 1073741824. Killing process. I also ran into this while trying it out this morning. That's `mincore`, [which we already allowed for content processes][already], because it's part of a hack that Mesa EGL uses to let the “native display” be one of several types of display pointer (or, previously, an fbdev fd cast from `int` to `void*`), determined at runtime. I've confirmed that it works under X if `mincore` is allowed. And I've confirmed it doesn't need to connect to the X server now, so a lot of bug 1769182 can be turned off (which is good, even though the RDD sandbox is less critical than the content sandbox). I'll make some patches. (Edited to correct the comment about EGL native display types.) [already]: https://searchfox.org/mozilla-central/rev/9f95c41a962c9228f569f8a6b2c30edbb50b65ae/security/sandbox/linux/SandboxFilter.cpp#1460-1466