Enable Mac content sandbox level 1 in 52

RESOLVED FIXED in Firefox 52

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: haik, Assigned: haik)

Tracking

52 Branch
mozilla53
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox52 fixed, firefox53 fixed)

Details

(Whiteboard: sbmc1)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

a year ago
This bug covers enabling the Mac content sandbox with level 1 (security.sandbox.content.level=1) in 52. Level 1 removes filesystem write access permission to the majority of the filesystem including the user's home directory. At present, Nightly uses the Mac level 2 sandbox which includes these write access limits.
(Assignee)

Updated

a year ago
Depends on: 1310165
Whiteboard: sbmc1
(Assignee)

Updated

a year ago
Assignee: nobody → haftandilian
(Assignee)

Updated

a year ago
Depends on: 1315121
(Assignee)

Updated

a year ago
Depends on: 1317801
Comment hidden (mozreview-request)

Comment 2

a year ago
mozreview-review
Comment on attachment 8811532 [details]
Bug 1314056 - Enable Mac content sandbox level 1 in 52;

https://reviewboard.mozilla.org/r/93610/#review93876
Attachment #8811532 - Flags: review?(gpascutto) → review+
(Assignee)

Comment 3

a year ago
Adding needinfo? to glandium for the old-configure.in change.
Flags: needinfo?(mh+mozilla)

Comment 4

a year ago
mozreview-review
Comment on attachment 8811532 [details]
Bug 1314056 - Enable Mac content sandbox level 1 in 52;

https://reviewboard.mozilla.org/r/93610/#review94144
Attachment #8811532 - Flags: review+
Flags: needinfo?(mh+mozilla)
(Assignee)

Updated

a year ago
Keywords: checkin-needed

Comment 5

a year ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/bce473db20d7
Enable Mac content sandbox level 1 in 52; r=gcp,glandium
Keywords: checkin-needed

Comment 6

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/bce473db20d7
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox53: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
(Assignee)

Comment 7

a year ago
Comment on attachment 8811532 [details]
Bug 1314056 - Enable Mac content sandbox level 1 in 52;

Approval Request Comment
[Feature/regressing bug #]: Mac content sandbox level 1 (improved security)

[User impact if declined]: Users won't have a content sandbox on Mac in build 52. This first iteration of the Mac sandbox blocks web content processes from writing to most filesystem locations.

[Describe test coverage new/current, TreeHerder]: Enabled on central since early October via bug 1306508.

[Risks and why]: Regresses printing or some unforeseen reason the content process is dependent on writing to filesystem locations that are blocked.

[String/UUID change made/needed]: None
Attachment #8811532 - Flags: approval-mozilla-aurora?
Comment on attachment 8811532 [details]
Bug 1314056 - Enable Mac content sandbox level 1 in 52;

mac content sandbox, take in aurora52 (together with bug 1317801)
Attachment #8811532 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Comment 9

a year ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/97862b6aff39
status-firefox52: affected → fixed
You need to log in before you can comment on or make changes to this bug.