Debug build spams terminal with hundreds of lines like: Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/bin/gedit for pid=18682 error="No such file or directory"

RESOLVED FIXED in Firefox 52

Status

()

defect
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: dholbert, Assigned: gcp)

Tracking

Trunk
mozilla52
Points:
---

Firefox Tracking Flags

(firefox52 fixed)

Details

Attachments

(2 attachments)

In an up-to-date mozilla-inbound debug build (compiled locally this morning), I'm getting nearly 800 new lines of terminal-spew shortly after startup. The output looks like this:
{
[Child 18682] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file /scratch/work/builds/mozilla-inbound/mozilla/toolkit/xre/nsXREDirProvider.cpp, line 1703
[Parent 18608] WARNING: GetDefaultCharsetForLocale: need to add multi locale support: file ../../../../mozilla/intl/locale/unix/nsUNIXCharset.cpp, line 98
[Parent 18608] WARNING: Could not get disk status from nsIDiskSpaceWatcher: file /scratch/work/builds/mozilla-inbound/mozilla/uriloader/prefetch/nsOfflineCacheUpdateService.cpp, line 283
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/home/dholbert/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/home/dholbert/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/local/sbin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/local/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/sbin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/sbin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/games/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/local/games/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/snap/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/NX/bin/gedit for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/home/dholbert/bin/libreoffice for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/bin/libreoffice for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/home/dholbert/bin/libreoffice for pid=18682 error="No such file or directory"
[...]
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/usr/bin/emacs24 for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/home/dholbert/bin/vim for pid=18682 error="No such file or directory"
Sandbox: SandboxBroker: denied op=1 rflags=1 perms=3 path=/bin/vim for pid=18682 error="No such file or directory"
[...]
}

It looks like it's checking every directory in my $PATH for the existence of certain editor programs (gedit, libreoffice, emacs, vim), and complaining noisily when it doesn't find them in each $PATH entry.

Or something like that...

I assume this changed due to the "Linux content sandbox tightened" change that was announced by gcp on dev.platform last night.
Here's a sample log from me just doing "./mach run" in my debug build, waiting a few seconds, and then quitting.

This is with a fresh profile (created by mach run after a clobber build this morning; I've loaded a few HTML testcases in it, but haven't added any tweaks/addons/etc).
Flags: needinfo?(gpascutto)
I tried setting the "security.sandbox.content.level" pref to 1, to see if that would make this go away (since the dev.platform thread said that would restore old behavior).  But I didn't get very far -- that triggered a startup crash, for which I filed bug 1308568.
This is expected (and pointed out in the moz.dev.platform announcement).

With debugging enabled, the sandbox will log violations that it blocks. There are some bugs in content where it tries to execute binaries related to MIME handling. This might be related to bug 1292249.

You have quite a bit more spam than expected because it's apparently trying multiple editors.

I guess the reporting might need to be hidden behind an environment variable, but I enabled it by default so any breakage used by the new sandbox would be quickly apparent.
Flags: needinfo?(gpascutto)
Comment on attachment 8799007 [details]
Bug 1308564 - Tie logging to MOZ_SANDBOX_VERBOSE instead of DEBUG.

https://reviewboard.mozilla.org/r/84310/#review83158
Attachment #8799007 - Flags: review?(jld) → review+
Pushed by gpascutto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a74c02610e4d
Tie logging to MOZ_SANDBOX_VERBOSE instead of DEBUG. r=jld
Assignee: nobody → gpascutto
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/a74c02610e4d
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Duplicate of this bug: 1304788
You need to log in before you can comment on or make changes to this bug.