Closed
Bug 1268579
Opened 9 years ago
Closed 9 years ago
inotify_rm_watch violates seccomp sandbox (syscall 255, args 25 3 0 139840874042416 1 37)
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox49 | --- | fixed |
People
(Reporter: gcp, Unassigned)
References
Details
(Whiteboard: sblc1)
Attachments
(1 file)
While watching YouTube videos (though that may be mostly unrelated for the most part).
Sandbox: seccomp sandbox violation: pid 9953, syscall 255, args 25 3 0 139840874042416 1 37. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: inotify_rm_watch[/lib/x86_64-linux-gnu/libc.so.6 +0xe8f77]
Sandbox: frame #02: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x1036a3]
Sandbox: frame #03: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10421b]
Sandbox: frame #04: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10498e]
Sandbox: frame #05: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x104a45]
Sandbox: frame #06: g_file_monitor_cancel[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58821]
Sandbox: frame #07: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58859]
Sandbox: frame #08: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe0d7]
Sandbox: frame #09: g_object_unref[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x15065]
Sandbox: frame #10: g_signal_emit_valist[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2abb4]
Sandbox: frame #11: g_signal_emit[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2b11f]
Sandbox: frame #12: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe6b9]
Sandbox: frame #13: g_main_context_dispatch[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a41d]
Sandbox: frame #14: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a700]
Sandbox: frame #15: g_main_context_iteration[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7ac]
Sandbox: frame #16: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7e9]
Sandbox: frame #17: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x705c5]
Sandbox: frame #18: ???[/lib/x86_64-linux-gnu/libpthread.so.0 +0x80a4]
Sandbox: frame #19: clone[/lib/x86_64-linux-gnu/libc.so.6 +0xe887d]
Sandbox: frame #20: ??? (???:???)
Sandbox: end of stack.
|
Reporter | |
Updated•9 years ago
|
Whiteboard: sblc1
|
||
Comment 1•9 years ago
|
||
This can just be whitelisted to unblock turning on seccomp-bpf, but it would be good to know what files are being monitored and why, and if it's something that will need to be moved out of the content process eventually.
|
|
Reporter | |
Comment 2•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/49501/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/49501/
Attachment #8746631 -
Flags: review?(jld)
|
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8746631 [details]
MozReview Request: Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r?jld
https://reviewboard.mozilla.org/r/49501/#review46369
Attachment #8746631 -
Flags: review?(jld) → review+
|
||
Comment 5•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•