Closed
Bug 1308568
Opened 8 years ago
Closed 8 years ago
content-process startup crash, with "Sandbox: seccomp sandbox violation", after setting pref "security.sandbox.content.level" set to 1
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla52
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | fixed |
People
(Reporter: dholbert, Assigned: gcp)
Details
Attachments
(2 files)
I tried setting pref security.sandbox.content.level to 1 (to try to restore previous behavior, to test something), and it gave me a startup crash the next time I started Firefox.
Pruned backtrace:
{
Sandbox: seccomp sandbox violation: pid 21065, syscall 89, args 140587834591128 140587871491664 79 140587871490144 0 0. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: __restore_rt (sigaction.c:?)
Sandbox: frame #02: __GI___readlink (/build/glibc-DfDqKW/glibc-2.24/io/../sysdeps/unix/syscall-template.S:84)
Sandbox: frame #03: nsLocalFile::GetNativeTarget(nsACString_internal&) (/scratch/work/builds/mozilla-inbound/obj/xpcom/io/../../../mozilla/xpcom/io/nsLocalFileUnix.cpp:1760)
Sandbox: frame #04: nsFileChannel (/scratch/work/builds/mozilla-inbound/mozilla/netwerk/protocol/file/nsFileChannel.cpp:268 (discriminator 2))
Sandbox: frame #05: nsFileProtocolHandler::NewChannel2(nsIURI*, nsILoadInfo*, nsIChannel**) (/scratch/work/builds/mozilla-inbound/mozilla/netwerk/protocol/file/nsFileProtocolHandler.cpp:191)
Sandbox: frame #06: mozilla::net::nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI*, nsIURI*, unsigned int, nsILoadInfo*, nsIChannel**) (/scratch/work/builds/mozilla-inbound/mozilla/netwerk/base/nsIOService.cpp:790 (discriminator 3))
[...]
Sandbox: frame #74: main (/scratch/work/builds/mozilla-inbound/obj/ipc/app/../../../mozilla/ipc/app/MozillaRuntimeMain.cpp:18)
Sandbox: frame #75: __libc_start_main (/build/glibc-DfDqKW/glibc-2.24/csu/../csu/libc-start.c:325)
Sandbox: frame #76: _start (/scratch/work/builds/mozilla-inbound/obj/dist/bin/plugin-container)
Sandbox: frame #77: ??? (???:???)
Sandbox: end of stack.
Sandbox: JS frame 0: (anonymous) file:///scratch/work/builds/mozilla-inbound/obj/dist/bin/components/AppsService.js line 16
}
Full backtrace attached as text file.
I'm using a build from https://hg.mozilla.org/integration/mozilla-inbound/rev/a937bbfad93b , with a minimal mozconfig:
{
ac_add_options --enable-debug --disable-optimize
ac_add_options --with-ccache
ac_add_options --enable-warnings-as-errors
}
|
Reporter | |
Comment 1•8 years ago
|
||
If it matters: I'm running the 64-bit Ubuntu 16.10 prerelease verison (which is currently at release-candidate stage, and is getting officially released in a couple weeks).
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → gpascutto
|
|
Reporter | |
Comment 2•8 years ago
|
||
This happens in official Nightly builds, as well, with the STR from comment 1 (just setting the pref to 1 & restarting Firefox). Sample crash report: bp-8e036867-5112-4487-8886-1ba2a2161007 (I think the backtrace in that crash report is bogus; the text version attached here seems much more meaningful.)
| Comment hidden (mozreview-request) |
|
||
Comment 4•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8798989 [details] Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. https://reviewboard.mozilla.org/r/84306/#review82920
Attachment #8798989 -
Flags: review?(haftandilian) → review+
Pushed by gpascutto@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9887bfe1f8fa Add missing filesystem calls to Allow in case broker is disabled. r=haik
|
||
Comment 6•8 years ago
|
||
Backed out as requested by gcp: https://hg.mozilla.org/integration/autoland/rev/d3f56ee6993a1ec8e4529a583a93342b2cdf9c47
|
|
Assignee | |
Comment 7•8 years ago
|
||
CASES_FOR_chmod:
should've been simply
case __NR_chmod:
This miraculously compiled because:
warning: label ‘CASES_FOR_chmod’ defined but not used [-Wunused-label]
MozReview doesn't allow me to resubmit the fixed patch after the backout, so I'll carry forward the r+ and push to inbound directly.|
|
Assignee | |
Comment 8•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/099e8386665bce6331b79a9e0568075037f00b86 Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
|
|
Reporter | |
Comment 9•8 years ago
|
||
(In reply to Gian-Carlo Pascutto [:gcp] from comment #7) > MozReview doesn't allow me to resubmit the fixed patch after the backout That sounds bad!! Please file a mozreview bug with more details.
|
|
Reporter | |
Comment 10•8 years ago
|
||
(And thanks for the quick action here!)
|
|
Assignee | |
Comment 11•8 years ago
|
||
>That sounds bad!! Please file a mozreview bug with more details. It's already filed as bug 1240725.
|
||
Comment 12•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/099e8386665b
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•