Closed
Bug 1380132
Opened 7 years ago
Closed 7 years ago
SSL info in url bar broken when launching from symlinked path or when objdir outside of repo
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla56
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | unaffected |
| firefox56 | + | fixed |
People
(Reporter: bzbarsky, Assigned: haik)
References
Details
(Keywords: regression, Whiteboard: sbmc2)
Attachments
(5 files)
Screen Shot 2017-07-11 at 4.24.12 PM.png
STEPS TO REPRODUCE: 1) Load https://www.mozilla.org/en-US/ 2) Observe and click the icon in the url bar next to the URL. ACTUAL RESULTS: Icon is little "i" in a circle, clicking it says "Connection is not secure". EXPECTED RESULTS: Icon is a little "i" in a circle followed by a green lock followed by green "Mozilla Corporation (US)" text. Clicking it says "Mozilla Corporation" and "Secure Connection". Running with MOZ_DISABLE_CONTENT_SANDBOX=t gives the expected results.
|
Reporter | |
Updated•7 years ago
|
Severity: normal → critical
|
||
Updated•7 years ago
|
status-firefox54:
--- → unaffected
status-firefox55:
--- → unaffected
status-firefox56:
--- → affected
status-firefox-esr52:
--- → unaffected
tracking-firefox56:
--- → ?
Flags: needinfo?(agaynor)
Keywords: regression
Version: 53 Branch → Trunk
|
|
Reporter | |
Comment 1•7 years ago
|
||
As in bug 1380127 I expect this is because NSS_NoDB_Init() fails in the content process.
|
||
Comment 2•7 years ago
|
||
Can you say a little bit more about how you reproduced this? Running on nightly channel on macOS (sandbox level 3) I'm seeing the extended-validation attributes in the URL bar as expected. Am I looking at the right wrong? (Uploading a screenshot momentarily)
|
|
||
Comment 3•7 years ago
|
||
Flags: needinfo?(agaynor)
|
|
Reporter | |
Comment 4•7 years ago
|
||
I'm starting the browser like so: /tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile $PROFILEPATH where /tmp/firefox-nightly/ is where I used hdiutil+rsync to put the nightly and $PROFILEPATH is a clean dir the script creates.
|
|
Reporter | |
Comment 5•7 years ago
|
||
And I get the same results if I use "/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/firefox" instead of firefox-bin.
|
|
||
Comment 6•7 years ago
|
||
Can you open up Console.app, and in the searchbar (top right) type "sandboxviolation: plugin", and then run the reproduction steps and paste any log messages you see?
|
|
Reporter | |
Comment 7•7 years ago
|
||
But if I "open" the dmg and drag the FirefoxNightly in there to /Applications and then run "/Applications/FirefoxNightly.app/Contents/MacOS/firefox -profile /tmp/something" then the SSL indicator works correctly...
|
|
Reporter | |
Comment 8•7 years ago
|
||
I think the relevant log message is: error 16:33:44.563358 -0400 sandboxd SandboxViolation: plugin-container(82003) deny file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
|
|
||
Comment 9•7 years ago
|
||
Seems like a good bet. That should have been resolved by e2114d7578be though...
|
|
Reporter | |
Comment 10•7 years ago
|
||
But a full list of the messages from the original STR is: default 16:39:39.597222 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi default 16:39:39.597745 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi default 16:39:39.606379 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.643178 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.axserver default 16:39:39.645371 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) mach-lookup com.apple.touchbar.agent default 16:39:39.657332 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.tsm.portname default 16:39:39.658351 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.CFPasteboardClient default 16:39:39.661773 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.661832 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.661884 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.662009 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.662225 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:39.969385 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi default 16:39:39.970395 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi default 16:39:39.984403 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.039082 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.axserver default 16:39:40.043677 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) mach-lookup com.apple.touchbar.agent default 16:39:40.058175 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.tsm.portname default 16:39:40.058999 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.CFPasteboardClient default 16:39:40.062673 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.062717 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.062750 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.062822 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.062988 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.080233 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi default 16:39:40.080810 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi default 16:39:40.096666 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.131155 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.axserver default 16:39:40.133463 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) mach-lookup com.apple.touchbar.agent default 16:39:40.144197 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.tsm.portname default 16:39:40.145048 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.CFPasteboardClient default 16:39:40.148502 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.148573 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.148640 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.148771 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.149082 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.190698 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.190750 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.190803 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.190829 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.190848 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:40.190873 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.190908 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.190932 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:40.191122 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191139 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191146 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191152 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191156 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt default 16:39:40.191164 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191167 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt default 16:39:40.191174 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt default 16:39:40.191184 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt default 16:39:40.191189 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.191220 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.191257 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private default 16:39:40.191271 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191282 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191288 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private default 16:39:40.191292 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191304 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191305 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt default 16:39:40.191315 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191318 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt default 16:39:40.191326 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191335 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /Users default 16:39:40.191338 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt default 16:39:40.191347 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191351 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt default 16:39:40.191359 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr default 16:39:40.191370 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /Users default 16:39:40.191381 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191383 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.191392 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr default 16:39:40.191413 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.191435 -0400 kernel SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.191463 -0400 kernel SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.245657 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.245743 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.245760 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.245803 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.245924 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.245934 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.245943 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.245952 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt default 16:39:40.245958 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt default 16:39:40.245970 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib default 16:39:40.245999 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private default 16:39:40.246004 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.246009 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.246014 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.246019 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt default 16:39:40.246023 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt default 16:39:40.246032 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /Users default 16:39:40.246037 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.246041 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr default 16:39:40.246052 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.246074 -0400 kernel SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache default 16:39:40.609668 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.axserver default 16:39:40.612115 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) mach-lookup com.apple.touchbar.agent default 16:39:40.621059 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.tsm.portname default 16:39:40.622273 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.CFPasteboardClient default 16:39:40.626146 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private default 16:39:40.626187 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private default 16:39:40.626220 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private default 16:39:40.626304 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private default 16:39:40.626463 -0400 kernel SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
|
|
Reporter | |
Comment 11•7 years ago
|
||
One more interesting piece of information. If I do the "open dmg, drag to Applications" thing and then: mv /Applications/FirefoxNightly.app /tmp /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/something-unique that fails. But if I then do: mv /tmp/FirefoxNightly.app /Applications /Applications/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/something-unique that works. It also works if I place FirefoxNightly.app in /Users/bzbarsky.... So maybe there's something special about /tmp ?
|
|
Reporter | |
Comment 12•7 years ago
|
||
> So maybe there's something special about /tmp ?
Of course my self-builds don't run from /tmp, and have the same problem, even with mach run.
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → haftandilian
|
||
Comment 13•7 years ago
|
||
/tmp is a symlink to /private/tmp. Are we not canonicalizing all of the paths (like APP_DIR) that get substituted into the policy?
|
|
||
Comment 14•7 years ago
|
||
Also, the IsSymlink calls in http://searchfox.org/mozilla-central/rev/31311070d9860b24fe4a7a36976c14b328c16208/dom/ipc/ContentChild.cpp#1417 seem not quite right; I'd think we'd want nsIFile::Normalize there, to match what (I think?) the kernel does before checking the sandbox policy?
|
|
Assignee | |
Comment 15•7 years ago
|
||
(In reply to Jed Davis [:jld] (⏰UTC-6) from comment #14) > Also, the IsSymlink calls in > http://searchfox.org/mozilla-central/rev/ > 31311070d9860b24fe4a7a36976c14b328c16208/dom/ipc/ContentChild.cpp#1417 seem > not quite right; I'd think we'd want nsIFile::Normalize there, to match what > (I think?) the kernel does before checking the sandbox policy? That's right. Every path used in the policy should be normalized. :bz, can you try invoking firefox as /private/tmp/... with no symlinks in the path? The profile is already being normalized and shouldn't matter. I'll have a fix for this later today.
Flags: needinfo?(bzbarsky)
|
|
Reporter | |
Comment 16•7 years ago
|
||
> can you try invoking firefox as /private/tmp/... with no symlinks in the path?
Doesn't help.
Also, that wouldn't explain why my own builds don't work: I'm not running _those_ from /tmp or symlinks anyway.|
|
Reporter | |
Updated•7 years ago
|
Flags: needinfo?(bzbarsky)
|
|
Reporter | |
Comment 17•7 years ago
|
||
> Also, that wouldn't explain why my own builds don't work
Because all the stuff in $objdir/dist/Nightly.app/Contents/MacOS is symlinks. If I replace libsoftokn3.dylib and libfreebl3.dylib there with copies instead, my own build starts to work.|
|
Assignee | |
Comment 18•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] from comment #11) > One more interesting piece of information. If I do the "open dmg, drag to > Applications" thing and then: > > mv /Applications/FirefoxNightly.app /tmp > /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile > /tmp/something-unique > > that fails. For me, the posted patch allows this to work. Specifically, $ mach build package $ open obj-opt.noindex/dist/firefox-56.0a1.en-US.mac.dmg $ open /tmp <drag Nightly to /tmp> $ /tmp/Nightly.app/Contents/MacOS/firefox -profile /tmp/profile/ Testing with no code changes, copying my Nightly channel install from /Applications results in failure when run as $ /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/profile/ # this fails But running from /private/ works $ /private/tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/profile/ # this works I'm probably misunderstanding how you're running it. > Of course my self-builds don't run from /tmp, and have the same problem, > even with mach run. Could you clarify how you run your self-builds?
|
|
Assignee | |
Updated•7 years ago
|
Flags: needinfo?(bzbarsky)
| Comment hidden (mozreview-request) |
|
|
Reporter | |
Comment 20•7 years ago
|
||
Sorry for the slight confusion. There are two things that were not working for me: running self-builds and running nightlies, and it looks like it was for slightly different reasons. I expect that the patch in bug 1380127 fixes the nightlies, which I run by unpacking the dmg in /tmp. It does not help with self-builds which never get packaged at all. > Could you clarify how you run your self-builds? In my case I run them via a script that executes $objdir/dist/Nightly.app/Contents/MacOS/firefox. But I also checked with the patch from bug 1380127 applied and using "mach run" to run the build, and that also doesn't work.
Flags: needinfo?(bzbarsky)
|
|
||
Comment 21•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8885569 [details] Bug 1380132 - Part 1 - Normalize() .app paths used in sandbox profiles. https://reviewboard.mozilla.org/r/156422/#review161608
Attachment #8885569 -
Flags: review+
|
||
Comment 22•7 years ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #18) > For me, the posted patch allows this to work. Specifically, > > $ mach build package > $ open obj-opt.noindex/dist/firefox-56.0a1.en-US.mac.dmg <snip> > Could you clarify how you run your self-builds? (In reply to Boris Zbarsky [:bz] from comment #20) > In my case I run them via a script that executes > $objdir/dist/Nightly.app/Contents/MacOS/firefox. But I also checked with > the patch from bug 1380127 applied and using "mach run" to run the build, > and that also doesn't work. Just to be a bit explicit about this - builds use symlinks for lots of things, including libraries as well as frontend files. The steps Haik describes in comment #18 also include package, which will create a "shippable" dmg and .app file which no longer has symlinks. Given the other info in this bug, I expect at least some of the differences you're seeing will be related to that.
|
|
Assignee | |
Comment 23•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] from comment #20) > > Could you clarify how you run your self-builds? > > In my case I run them via a script that executes > $objdir/dist/Nightly.app/Contents/MacOS/firefox. But I also checked with > the patch from bug 1380127 applied and using "mach run" to run the build, > and that also doesn't work. Would you mind changing Sandbox.mm:#define MAC_SANDBOX_PRINT_POLICY 0 to be 1 instead (requires recompile) and then re-running your test? With that set, whenever a content process is started, a lot of data will be printed on the console, but the part I'm interested in is below. If you could post the results, I think that would help determine what's different about your config. Sandbox params: SHOULD_LOG = TRUE SANDBOX_LEVEL_1 = FALSE SANDBOX_LEVEL_2 = FALSE SANDBOX_LEVEL_3 = TRUE MAC_OS_MINOR_9 = FALSE MAC_OS_MINOR_MIN_13 = FALSE APP_PATH = /tmp/Nightly.app/Contents/MacOS/plugin-container.app APP_BINARY_PATH = /tmp/Nightly.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container APP_DIR = /tmp/Nightly.app/Contents APP_TEMP_DIR = /private/var/folders/46/3u2flajdflakjdflakdjflkadjf/T/Temp-{fc46bb94-3ad1-5e4b-a9ab-f349e8530708} PROFILE_DIR = /private/tmp/profile HOME_PATH = /Users/haftandilian HAS_SANDBOXED_PROFILE = TRUE HAS_FILE_PRIVILEGES = FALSE
|
|
Reporter | |
Comment 24•7 years ago
|
||
|
|
Assignee | |
Comment 25•7 years ago
|
||
Thanks. The difference was that in your config, the object dir is outside of the repo. I can reproduce the problem after making that change and the problem won't be addressed by the current patch (but we still need those changes for the packaged build case.)
For unpackaged builds where the object is outside of the repo, the problem is that we have links from inside the generated Nightly.app/ that point to a file in the object dir (not the source tree). We grant read access to Nightly.app/ and our mach changes grant read access to the repo, but when the object dir is outside of the repo, we'll need to grant read access to that too.
libsoftokn3.dylib is one example of a link in Nightly.app that links to the object dir.
$OBJDIR/dist/Nightly.app/Contents/MacOS/libsoftokn3.dylib ->
$OBJDIR/security/nss/lib/softoken/softoken_softokn3/libsoftokn3.dylib| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Reporter | |
Comment 30•7 years ago
|
||
We should really have some sort of _very_ loud complaining warning for a developer build if those env vars are not set properly and NSS fails to init...
|
|
Assignee | |
Comment 31•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] from comment #30) > We should really have some sort of _very_ loud complaining warning for a > developer build if those env vars are not set properly and NSS fails to > init... Agree. I'll file a bug.
|
|
||
Updated•7 years ago
|
Whiteboard: sbmc2
|
|
Assignee | |
Comment 32•7 years ago
|
||
There are two problems being addressed here: 1) On packaged builds that are run from a path with a symlink, many resource files within the Nightly.app/ bundle will not be loadable by content. For example, copying /Applications/FirefoxNightly.app to /tmp and then running /tmp/FirefoxNightly.app/.../firefox will cause this problem. Running this as /private/tmp/FirefoxNightly.app/.../firefox instead should work. 2) For unpackaged builds when the object dir is outside of the repo, the MOZ_DEVELOPER_REPO_DIR var we set in mach is insufficient because the .app/ bundle includes links to the object dir as well as the repo. We need an additional environment variable to point us to the repo dir (since it could be located anywhere.) And when running firefox directly from the object dir without mach, MOZ_DEVELOPER_REPO_DIR has to be manually set in the environment. The fixes here add MOZ_DEVELOPER_OBJ_DIR which will also need to be set. We're looking into ways to avoid having to set these vars entirely: bug 1380416, bug 1380690.
|
|
Assignee | |
Updated•7 years ago
|
Summary: SSL info in url bar totally broken on mac nightlies due to sandboxing changes → SSL info in url bar broken when launching from symlinked path or when objdir outside of repo
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
||
Comment 36•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8885970 [details] Bug 1380132 - Part 3 - Use env variable MOZ_DEVELOPER_OBJ_DIR to whitelist object dir in content sandbox. https://reviewboard.mozilla.org/r/156754/#review162514
Attachment #8885970 -
Flags: review?(agaynor) → review+
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8885969 -
Flags: review?(mh+mozilla)
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8885969 -
Flags: review?(gps)
|
||
Comment 37•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8885969 [details] Bug 1380132 - Part 2 - Set MOZ_DEVELOPER_OBJ_DIR before launching Firefox. https://reviewboard.mozilla.org/r/156752/#review162648 FWIW, mozconfigs and parts of the build system already use MOZ_OBJDIR to define the objdir. However, MOZ_DEVELOPER_OBJ_DIR is consistent with existing MOZ_DEVELOPER_REPO_DIR. Plus, the objdir variables referenced by this patch are likely normalized. MOZ_OBJDIR may be more "raw." So I don't see any major concern with not reusing MOZ_OBJDIR.
Attachment #8885969 -
Flags: review?(gps) → review+
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 43•7 years ago
|
||
gps's comments reminded me that we should normalize these paths in the browser. I've added code to do that in patch 3.
|
||
Comment 44•7 years ago
|
||
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cda4181cf10d Part 1 - Normalize() .app paths used in sandbox profiles. r=Alex_Gaynor https://hg.mozilla.org/integration/autoland/rev/1ecae83bb265 Part 2 - Set MOZ_DEVELOPER_OBJ_DIR before launching Firefox. r=gps https://hg.mozilla.org/integration/autoland/rev/d916e836803f Part 3 - Use env variable MOZ_DEVELOPER_OBJ_DIR to whitelist object dir in content sandbox. r=Alex_Gaynor
|
|
||
Comment 45•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/cda4181cf10d https://hg.mozilla.org/mozilla-central/rev/1ecae83bb265 https://hg.mozilla.org/mozilla-central/rev/d916e836803f
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•