Closed Bug 1206803 Opened 9 years ago Closed 8 years ago

Consider requiring SECCOMP_FILTER_FLAG_TSYNC on B2G Lollipop

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox44 --- affected

People

(Reporter: jld, Unassigned)

References

Details

(Whiteboard: sb-)

(Suggested by mwu in bug 1194841 comment #2.) Android Lollipop kernels should all have SECCOMP_FILTER_FLAG_TSYNC, if I understand correctly — it's required by Chrome for seccomp-bpf support on Android, and it's in the AOSP/Google device kernels. In principle, we could require it the same way we require seccomp-bpf support if ≥ KitKat. In practice, it's not a security improvement by itself, and we're not doing anything that depends on it on B2G (e.g., pid namespace unshare) yet, so it's not a high priority. Also, I don't yet know if it's a hard requirement on the Android side, or if we'd need to worry about breaking existing devices.
Whiteboard: sb-
B2G-specific sandboxing bugs are WONTFIX. (I'm reasonably sure these bugs don't have implications for other platforms, but comment if I missed something.)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.