Closed Bug 1304788 Opened 7 years ago Closed 6 years ago

Logging for sandboxing policy violations

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1308564
Project Flags:
a11y-review fixed
Webcompat Priority fixed
Performance Impact fixed
Tracking Flags:
Tracking Status
relnote-firefox --- fixed
thunderbird_esr91 fixed fixed
thunderbird_esr102 fixed fixed
firefox52 --- affected
firefox-esr102 fixed fixed
firefox111 fixed fixed
firefox112 fixed fixed
firefox113 fixed fixed

People

(Reporter: gcp, Unassigned)

References

Details

(Whiteboard: sblc2) 

Once filesystem policies for seccomp-bpf filtering roll out, violations of the policy will trigger silent failures in the calling code. This can cause breakage that may be hard to trace back to sandboxing.

The current patches log violations in DEBUG mode by default, but we probably want at least an environmental flag to enable the logging in release mode as well.
Blocks: 1289718
Whiteboard: sblc2
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.