"Operation not permitted" causes fake GMP to crash in sandbox_init under e10s

RESOLVED DUPLICATE of bug 1057908

Status

()

Core
WebRTC: Audio/Video
RESOLVED DUPLICATE of bug 1057908
4 years ago
3 years ago

People

(Reporter: mt, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: dupme)

(Reporter)

Description

4 years ago
100% reliable so far running mochitest-plain with --e10s

449 INFO TEST-PASS | dom/media/tests/mochitest/test_peerConnection_basicH264Video.html | signalingState after local setRemoteDescription is 'stable' 
450 INFO timeupdate fired for media element pcLocal_local1_video
451 INFO time passed for media element pcLocal_local1_video
profile: (version 1)
(deny default)
(allow signal (target self))
(allow sysctl-read)
(allow iokit-open (iokit-user-client-class "IOHIDParamUserClient"))
;(allow file-read-data (literal "/Users/martin/code/obj/bug975144/mac/dist/NightlyDebug.app/Contents/Resources/gmp-fake/1.0"))
(allow mach-lookup
    (global-name "com.apple.cfprefsd.agent")
    (global-name "com.apple.cfprefsd.daemon")
    (global-name "com.apple.system.opendirectoryd.libinfo")
    (global-name "com.apple.system.logger")
    (global-name "com.apple.ls.boxd"))
(allow file-read*
    (regex #"^/etc$")
    (regex #"^/dev/u?random$")
    (regex #"^/(private/)?var($|/)")
    (literal "/usr/share/icu/icudt51l.dat")
    (regex #"^/System/Library/Displays/Overrides/*")
    (regex #"^/System/Library/CoreServices/CoreTypes.bundle/*")
    (literal "/Users/martin/code/obj/bug975144/mac/dom/media/gmp-plugin/libfake.dylib")
    (literal "/Users/martin/code/obj/bug975144/mac/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app")
    (literal "/Users/martin/code/obj/bug975144/mac/dist/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container"))
[GMP 82663] WARNING: sandbox_init() failed with error "Operation not permitted": file /Users/martin/code/gecko-dev/dom/media/gmp/GMPChild.cpp, line 241
Hit MOZ_CRASH(sandbox_init() failed) at /Users/martin/code/gecko-dev/dom/media/gmp/GMPChild.cpp:242
#01: mozilla::gmp::GMPChild::RecvStartPlugin() (GMPChild.cpp:421, in XUL)
#02: mozilla::gmp::PGMPChild::OnMessageReceived(IPC::Message const&) (.PGMPChild.cpp:907, in XUL)
#03: mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) (MessageChannel.h:498, in XUL)
#04: mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message const&) (Maybe.h:155, in XUL)
#05: mozilla::ipc::MessageChannel::OnMaybeDequeueOne() (MessageChannel.cpp:232, in XUL)
#06: MessageLoop::RunTask(Task*) (message_loop.cc:362, in XUL)
#07: MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) (message_loop.cc:369, in XUL)
#08: MessageLoop::DoWork() (message_loop.cc:447, in XUL)
#09: base::MessagePumpDefault::Run(base::MessagePump::Delegate*) (message_pump_default.cc:34, in XUL)
#10: MessageLoop::Run() (message_loop.cc:508, in XUL)
#11: XRE_InitChildProcess (nsAutoPtr.h:166, in XUL)
#12: content_process_main(int, char**) (plugin-container.cpp:211, in plugin-container)
452 INFO canplaythrough fired for media element pcLocal_local1_video
453 INFO timeupdate fired for media element pcRemote_local1_video
454 INFO time passed for media element pcRemote_local1_video
455 INFO canplaythrough fired for media element pcRemote_local1_video
456 INFO timeupdate fired for media element pcRemote_remote2_video
457 INFO time passed for media element pcRemote_remote2_video
Known issue with e10s/sandboxing (GMP/OpenH264); don't have the bug # off the top of my head on a Friday night
Whiteboard: dupme
Not sure what the exact cause is - I see this on an inbound build I made today on Mac (but not on Linux; of course sandboxing is very different between platforms.

./mach mochitest-plain --e10s dom/media/tests/mochitest/test_peerConnection_basicH264Video.html
Flags: needinfo?(smichaud)

Comment 3

4 years ago
Can we please get a test for this into automation so that when it's fixed it doesn't recur?
Here's what I suspect is happening:

We're attempting to initialize the GMP sandbox when the content process is already in place.  Neither this kind of operation nor the reverse will ever work (be allowed).  The only solution is to proxy the loading of OOP plugins through the main (chrome) process.  This will not be easy, and I expect it will be several months (at least) before the work is finished.

I seem to remember that people are already thinking about this.  I'll try to find a bug number.

In the meantime, GMP sandboxing simply isn't going to work in e10s mode.
Flags: needinfo?(smichaud)
> We're attempting to initialize the GMP sandbox when the content process is already in place.

When the content process sandbox is already in place.
Bug 1057908 is about proxying the creation of GMP plugins through the main process.
See bug 1076385 for content process sandboxing on the Mac.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1057908
You need to log in before you can comment on or make changes to this bug.