Closed Bug 1191915 Opened 10 years ago Closed 8 years ago

Port seccomp procfs reporting to mako/hammerhead (N4/5) lollipop kernels

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox42 --- affected

People

(Reporter: jld, Unassigned)

References

Details

(Whiteboard: sb-)

The Nexus 4/5 ("mako" and "hammerhead", respectively) Lollipop kernels have seccomp support but not the patch to report tasks' seccomp status in procfs. This means that b2g-ps will incorrectly report that nothing is using seccomp, which is a confusing and somewhat distressing thing to see when working on the seccomp-bpf support code. The patch is tiny (adds 8 lines of code and 2 of documentation) and we've already forked both of those kernels, so there's no reason not to backport it.
Whiteboard: sb-
OS: Unspecified → Gonk (Firefox OS)
Hardware: Unspecified → ARM
B2G-specific sandboxing bugs are WONTFIX. (I'm reasonably sure these bugs don't have implications for other platforms, but comment if I missed something.)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.