Created attachment 8734180 [details] Seccomp error log + symbol information When enabling content sandboxing on Linux desktop (using ac_add_options --enable-content-sandbox), the content process crashes early on due to a seccomp violation when calling sys_fchown. The code seems to be related to pulseaudio, so this might no longer be an issue once Bug 1104619 is fixed.
:jld, any objections to add sys_fchown() to the whitelist for now, so that we can get seccomp enabled on nightly? I think we can experiment to remove it once Bug 1104619 has landed, or later on when we try to tighten the sandbox.
(In reply to Julian Hector [:tedd] [:jhector] from comment #2) > :jld, any objections to add sys_fchown() to the whitelist for now, so that > we can get seccomp enabled on nightly? I think we can experiment to remove > it once Bug 1104619 has landed, or later on when we try to tighten the > sandbox. No objections. fchown can't do much as an unprivileged user (running Firefox as root isn't supported, and see also bug 1199481), and in any case this isn't a meaningful sandbox yet.
Ok, thanks I will get a patch ready.
Assignee: nobody → julian.r.hector
Created attachment 8740917 [details] [diff] [review] Add sys_fchown to seccomp whitelist r=jld Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=09edc84cff30
Attachment #8740917 - Flags: review?(jld)
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox48: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in before you can comment on or make changes to this bug.