Closed
Bug 1268579
Opened 8 years ago
Closed 8 years ago
inotify_rm_watch violates seccomp sandbox (syscall 255, args 25 3 0 139840874042416 1 37)
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: gcp, Unassigned)
References
Details
(Whiteboard: sblc1)
Attachments
(1 file)
While watching YouTube videos (though that may be mostly unrelated for the most part). Sandbox: seccomp sandbox violation: pid 9953, syscall 255, args 25 3 0 139840874042416 1 37. Killing process. Sandbox: crash reporter is disabled (or failed); trying stack trace: Sandbox: frame #01: inotify_rm_watch[/lib/x86_64-linux-gnu/libc.so.6 +0xe8f77] Sandbox: frame #02: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x1036a3] Sandbox: frame #03: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10421b] Sandbox: frame #04: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10498e] Sandbox: frame #05: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x104a45] Sandbox: frame #06: g_file_monitor_cancel[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58821] Sandbox: frame #07: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58859] Sandbox: frame #08: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe0d7] Sandbox: frame #09: g_object_unref[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x15065] Sandbox: frame #10: g_signal_emit_valist[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2abb4] Sandbox: frame #11: g_signal_emit[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2b11f] Sandbox: frame #12: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe6b9] Sandbox: frame #13: g_main_context_dispatch[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a41d] Sandbox: frame #14: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a700] Sandbox: frame #15: g_main_context_iteration[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7ac] Sandbox: frame #16: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7e9] Sandbox: frame #17: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x705c5] Sandbox: frame #18: ???[/lib/x86_64-linux-gnu/libpthread.so.0 +0x80a4] Sandbox: frame #19: clone[/lib/x86_64-linux-gnu/libc.so.6 +0xe887d] Sandbox: frame #20: ??? (???:???) Sandbox: end of stack.
Reporter | ||
Updated•8 years ago
|
Whiteboard: sblc1
Comment 1•8 years ago
|
||
This can just be whitelisted to unblock turning on seccomp-bpf, but it would be good to know what files are being monitored and why, and if it's something that will need to be moved out of the content process eventually.
Reporter | ||
Comment 2•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/49501/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/49501/
Attachment #8746631 -
Flags: review?(jld)
Comment 3•8 years ago
|
||
Comment on attachment 8746631 [details] MozReview Request: Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r?jld https://reviewboard.mozilla.org/r/49501/#review46369
Attachment #8746631 -
Flags: review?(jld) → review+
Comment 5•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/35b1dbb9edf9
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•