Closed Bug 1038490 Opened 10 years ago Closed 10 years ago

Fix misuse of MOZ_WIDGET_GONK in Linux content process sandbox policy

Categories

(Core :: Security, defect)

All
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla33

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file)

The seccomp-bpf sandbox policy for content processes has some "B2G specific" parts that actually aren't, and currently this is very broken.

Additionally, the large "desktop" block currently also applies to Fennec builds with --enable-content-sandbox, which is wrong.
Trying: https://tbpl.mozilla.org/?tree=Try&rev=341cb53aef96

Confirmed with local testing that sandboxing still works as expected on B2G.

Depends on patch from bug 1038486.
Attachment #8455855 - Flags: review?(gdestuynder)
Attachment #8455855 - Flags: review?(gdestuynder) → review+
https://hg.mozilla.org/mozilla-central/rev/39ee921a5b2f
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: