Open Bug 1333260 Opened 3 years ago Updated 2 years ago

[Mac] Investigate using for in-browser sandbox violation reporting


(Core :: Security: Process Sandboxing, defect)

53 Branch
Not set




(Reporter: haik, Unassigned)


(Blocks 1 open bug)


(Whiteboard: sb+)

I stumbled onto the code in nsSandboxViolationSink.{mm,h} for logging sandbox violations from Firefox itself. The code there is intended to pick up sandbox violation notifications from a system message log, but I couldn't get it to work on 10.12. (Have not tested older OS X versions.)  It requires setting security.sandbox.mac.track.violations=true and non-debug Nightly or Aurora:

  #if !defined(RELEASE_OR_BETA) || defined(DEBUG)
    if (Preferences::GetBool("security.sandbox.mac.track.violations", false)) {

It could be that the queue name "*" doesn't work with current OS X versions. More debugging needed.

This might allow us to log our own sandbox violations when the logging flag is turned on in a more visible way compared to the OS X console app.

If it doesn't work anymore, we should remove the code.
See Also: → 1306239
Correction: it requires setting security.sandbox.mac.track.violations=true and a debug build or Nightly or Aurora
Whiteboard: sb+
Blocks: sb-log
You need to log in before you can comment on or make changes to this bug.