Closed Bug 1275781 Opened 8 years ago Closed 8 years ago

Seccomp sandbox violation: sys_accept called in content process of Firefox desktop

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: tedd, Assigned: tedd)

References

Details

(Whiteboard: sblc1)

Attachments

(2 files)

Running tests on try with seccomp enabled [1] hit a seccomp violation by using sys_accept() [1] https://treeherder.mozilla.org/#/jobs?repo=try&revision=b74081e971fd&selectedJob=21341876
For now, in order to get seccomp enabled on nightly, I think we should whitelist this and try to figure out later how we can reduce the system calls for the socket API.
Attachment #8757321 - Flags: review?(jld) → review+
It looks like this was caused by a test that runs httpd.js in a content process, but only because it needs a custom httpd to run *somewhere*, and it wasn't written with sandboxed e10s in mind. (It also can't ever have worked on B2G.) There should be a followup bug for that.
Keywords: checkin-needed
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: