Closed
Bug 1275781
Opened 8 years ago
Closed 8 years ago
Seccomp sandbox violation: sys_accept called in content process of Firefox desktop
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: tedd, Assigned: tedd)
References
Details
(Whiteboard: sblc1)
Attachments
(2 files)
103.19 KB,
text/x-log
|
Details | |
923 bytes,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
Running tests on try with seccomp enabled [1] hit a seccomp violation by using sys_accept()
[1] https://treeherder.mozilla.org/#/jobs?repo=try&revision=b74081e971fd&selectedJob=21341876
Assignee | ||
Comment 1•8 years ago
|
||
Attachment #8757321 -
Flags: review?(jld)
Assignee | ||
Comment 2•8 years ago
|
||
For now, in order to get seccomp enabled on nightly, I think we should whitelist this and try to figure out later how we can reduce the system calls for the socket API.
Assignee | ||
Comment 3•8 years ago
|
||
Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=779186042f6f
Updated•8 years ago
|
Attachment #8757321 -
Flags: review?(jld) → review+
Comment 4•8 years ago
|
||
It looks like this was caused by a test that runs httpd.js in a content process, but only because it needs a custom httpd to run *somewhere*, and it wasn't written with sandboxed e10s in mind. (It also can't ever have worked on B2G.) There should be a followup bug for that.
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/25abbc9e6237
Add sys_accept to seccomp whitelist. r=jld
Keywords: checkin-needed
Comment 6•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•