inotify_rm_watch violates seccomp sandbox (syscall 255, args 25 3 0 139840874042416 1 37)

RESOLVED FIXED in Firefox 49

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
2 years ago
4 months ago

People

(Reporter: gcp, Unassigned)

Tracking

Trunk
mozilla49
Points:
---

Firefox Tracking Flags

(firefox49 fixed)

Details

(Whiteboard: sblc1)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
While watching YouTube videos (though that may be mostly unrelated for the most part).

Sandbox: seccomp sandbox violation: pid 9953, syscall 255, args 25 3 0 139840874042416 1 37.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: inotify_rm_watch[/lib/x86_64-linux-gnu/libc.so.6 +0xe8f77]
Sandbox: frame #02: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x1036a3]
Sandbox: frame #03: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10421b]
Sandbox: frame #04: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x10498e]
Sandbox: frame #05: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x104a45]
Sandbox: frame #06: g_file_monitor_cancel[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58821]
Sandbox: frame #07: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0x58859]
Sandbox: frame #08: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe0d7]
Sandbox: frame #09: g_object_unref[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x15065]
Sandbox: frame #10: g_signal_emit_valist[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2abb4]
Sandbox: frame #11: g_signal_emit[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2b11f]
Sandbox: frame #12: ???[/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 +0xfe6b9]
Sandbox: frame #13: g_main_context_dispatch[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a41d]
Sandbox: frame #14: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a700]
Sandbox: frame #15: g_main_context_iteration[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7ac]
Sandbox: frame #16: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x4a7e9]
Sandbox: frame #17: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x705c5]
Sandbox: frame #18: ???[/lib/x86_64-linux-gnu/libpthread.so.0 +0x80a4]
Sandbox: frame #19: clone[/lib/x86_64-linux-gnu/libc.so.6 +0xe887d]
Sandbox: frame #20: ??? (???:???)
Sandbox: end of stack.
(Reporter)

Updated

2 years ago
Whiteboard: sblc1
This can just be whitelisted to unblock turning on seccomp-bpf, but it would be good to know what files are being monitored and why, and if it's something that will need to be moved out of the content process eventually.
(Reporter)

Comment 2

2 years ago
Created attachment 8746631 [details]
MozReview Request: Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r?jld

Review commit: https://reviewboard.mozilla.org/r/49501/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/49501/
Attachment #8746631 - Flags: review?(jld)
Comment on attachment 8746631 [details]
MozReview Request: Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r?jld

https://reviewboard.mozilla.org/r/49501/#review46369
Attachment #8746631 - Flags: review?(jld) → review+

Comment 5

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/35b1dbb9edf9
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox49: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
See Also: → bug 1412464
You need to log in before you can comment on or make changes to this bug.