Created attachment 8767946 [details] mkdir sandbox violation backtrace Similar to Bug 1270018, nsPluginHost::GetPluginTempDir should return a directory that is created by the parent and writable by a sandboxed content process. This would allow us to remove sys_mkdir from the seccomp whitelist. Removing sys_mkdir leads to the attached crashes.
Haik, is this related to bug 1270018?
It is related, but linux specific which isn't in use yet on linux. It's also tracked under our linux milestone.
When we fix this we need to enable the code in bug 1270018 on linux, and open up access to that specific directory.
Summary: nsPluginHost::GetPluginTempDir should return a sandbox writeable temp → nsPluginHost::GetPluginTempDir should return a sandbox writeable temp (Linux)
We allow write access to /tmp, and /tmp has the X11 sockets. So we do want to take a look at this, and probably at least block out the X11 dir.
|GetPluginTempDir| no longer exists so this is no longer a problem.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.