Closed Bug 1380132 Opened 4 years ago Closed 4 years ago

SSL info in url bar broken when launching from symlinked path or when objdir outside of repo

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox-esr52 --- unaffected
firefox54 --- unaffected
firefox55 --- unaffected
firefox56 + fixed

People

(Reporter: bzbarsky, Assigned: haik)

References

Details

(Keywords: regression, Whiteboard: sbmc2)

Attachments

(5 files)

STEPS TO REPRODUCE:

1) Load https://www.mozilla.org/en-US/
2) Observe and click the icon in the url bar next to the URL.

ACTUAL RESULTS: Icon is little "i" in a circle, clicking it says "Connection is not secure".

EXPECTED RESULTS: Icon is a little "i" in a circle followed by a green lock followed by green "Mozilla Corporation (US)" text.  Clicking it says "Mozilla Corporation" and "Secure Connection".

Running with MOZ_DISABLE_CONTENT_SANDBOX=t gives the expected results.
Severity: normal → critical
Flags: needinfo?(agaynor)
Keywords: regression
Version: 53 Branch → Trunk
See Also: → 1380127
As in bug 1380127 I expect this is because NSS_NoDB_Init() fails in the content process.
Can you say a little bit more about how you reproduced this? Running on nightly channel on macOS (sandbox level 3) I'm seeing the extended-validation attributes in the URL bar as expected. Am I looking at the right wrong? (Uploading a screenshot momentarily)
Flags: needinfo?(agaynor)
I'm starting the browser like so:

  /tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile $PROFILEPATH

where /tmp/firefox-nightly/ is where I used hdiutil+rsync to put the nightly and $PROFILEPATH is a clean dir the script creates.
And I get the same results if I use "/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/firefox" instead of firefox-bin.
Can you open up Console.app, and in the searchbar (top right) type "sandboxviolation: plugin", and then run the reproduction steps and paste any log messages you see?
But if I "open" the dmg and drag the FirefoxNightly in there to /Applications and then run "/Applications/FirefoxNightly.app/Contents/MacOS/firefox -profile /tmp/something" then the SSL indicator works correctly...
I think the relevant log message is:

error	16:33:44.563358 -0400	sandboxd	SandboxViolation: plugin-container(82003) deny file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
Seems like a good bet. That should have been resolved by e2114d7578be though...
But a full list of the messages from the original STR is:

default	16:39:39.597222 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi
default	16:39:39.597745 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi
default	16:39:39.606379 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.643178 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.axserver
default	16:39:39.645371 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) mach-lookup com.apple.touchbar.agent
default	16:39:39.657332 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.tsm.portname
default	16:39:39.658351 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) mach-register com.apple.CFPasteboardClient
default	16:39:39.661773 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.661832 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.661884 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.662009 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.662225 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:39.969385 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi
default	16:39:39.970395 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi
default	16:39:39.984403 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.039082 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.axserver
default	16:39:40.043677 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) mach-lookup com.apple.touchbar.agent
default	16:39:40.058175 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.tsm.portname
default	16:39:40.058999 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) mach-register com.apple.CFPasteboardClient
default	16:39:40.062673 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.062717 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.062750 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.062822 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.062988 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.080233 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/followonsearch@mozilla.com.xpi
default	16:39:40.080810 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/Resources/browser/features/onboarding@mozilla.org.xpi
default	16:39:40.096666 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.131155 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.axserver
default	16:39:40.133463 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) mach-lookup com.apple.touchbar.agent
default	16:39:40.144197 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.tsm.portname
default	16:39:40.145048 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) mach-register com.apple.CFPasteboardClient
default	16:39:40.148502 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.148573 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.148640 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.148771 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.149082 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.190698 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.190750 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.190803 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.190829 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.190848 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:40.190873 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.190908 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.190932 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:40.191122 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191139 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191146 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191152 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191156 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt
default	16:39:40.191164 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191167 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt
default	16:39:40.191174 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt
default	16:39:40.191184 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt
default	16:39:40.191189 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.191220 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.191257 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private
default	16:39:40.191271 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191282 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191288 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private
default	16:39:40.191292 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191304 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191305 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt
default	16:39:40.191315 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191318 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /opt
default	16:39:40.191326 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191335 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /Users
default	16:39:40.191338 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt
default	16:39:40.191347 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191351 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /opt
default	16:39:40.191359 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /usr
default	16:39:40.191370 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /Users
default	16:39:40.191381 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191383 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.191392 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /usr
default	16:39:40.191413 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.191435 -0400	kernel	SandboxViolation: plugin-container(82041) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.191463 -0400	kernel	SandboxViolation: plugin-container(82043) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.245657 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.245743 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.245760 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.245803 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.245924 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.245934 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.245943 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.245952 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt
default	16:39:40.245958 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt
default	16:39:40.245970 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/firefox-nightly/FirefoxNightly.app/Contents/MacOS/libsoftokn3.dylib
default	16:39:40.245999 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private
default	16:39:40.246004 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.246009 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.246014 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.246019 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt
default	16:39:40.246023 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /opt
default	16:39:40.246032 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /Users
default	16:39:40.246037 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.246041 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /usr
default	16:39:40.246052 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-data /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.246074 -0400	kernel	SandboxViolation: plugin-container(82042) deny(1) file-read-metadata /private/tmp/fixed/storage/default/https+++perf-html.io/cache
default	16:39:40.609668 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.axserver
default	16:39:40.612115 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) mach-lookup com.apple.touchbar.agent
default	16:39:40.621059 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.tsm.portname
default	16:39:40.622273 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) mach-register com.apple.CFPasteboardClient
default	16:39:40.626146 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
default	16:39:40.626187 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
default	16:39:40.626220 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
default	16:39:40.626304 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
default	16:39:40.626463 -0400	kernel	SandboxViolation: plugin-container(82044) deny(1) file-read-metadata /private
One more interesting piece of information.  If I do the "open dmg, drag to Applications" thing and then:

  mv /Applications/FirefoxNightly.app /tmp
  /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/something-unique

that fails.  But if I then do:

  mv /tmp/FirefoxNightly.app /Applications
  /Applications/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/something-unique

that works.

It also works if I place FirefoxNightly.app in /Users/bzbarsky....  So maybe there's something special about /tmp ?
> So maybe there's something special about /tmp ?

Of course my self-builds don't run from /tmp, and have the same problem, even with mach run.
Assignee: nobody → haftandilian
/tmp is a symlink to /private/tmp.  Are we not canonicalizing all of the paths (like APP_DIR) that get substituted into the policy?
Also, the IsSymlink calls in http://searchfox.org/mozilla-central/rev/31311070d9860b24fe4a7a36976c14b328c16208/dom/ipc/ContentChild.cpp#1417 seem not quite right; I'd think we'd want nsIFile::Normalize there, to match what (I think?) the kernel does before checking the sandbox policy?
(In reply to Jed Davis [:jld] (⏰UTC-6) from comment #14)
> Also, the IsSymlink calls in
> http://searchfox.org/mozilla-central/rev/
> 31311070d9860b24fe4a7a36976c14b328c16208/dom/ipc/ContentChild.cpp#1417 seem
> not quite right; I'd think we'd want nsIFile::Normalize there, to match what
> (I think?) the kernel does before checking the sandbox policy?

That's right. Every path used in the policy should be normalized.

:bz, can you try invoking firefox as /private/tmp/... with no symlinks in the path? The profile is already being normalized and shouldn't matter.

I'll have a fix for this later today.
Flags: needinfo?(bzbarsky)
> can you try invoking firefox as /private/tmp/... with no symlinks in the path?

Doesn't help.

Also, that wouldn't explain why my own builds don't work: I'm not running _those_ from /tmp or symlinks anyway.
Flags: needinfo?(bzbarsky)
> Also, that wouldn't explain why my own builds don't work

Because all the stuff in $objdir/dist/Nightly.app/Contents/MacOS is symlinks.  If I replace libsoftokn3.dylib and libfreebl3.dylib there with copies instead, my own build starts to work.
(In reply to Boris Zbarsky [:bz] from comment #11)
> One more interesting piece of information.  If I do the "open dmg, drag to
> Applications" thing and then:
> 
>   mv /Applications/FirefoxNightly.app /tmp
>   /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile
> /tmp/something-unique
> 
> that fails.

For me, the posted patch allows this to work. Specifically,

  $ mach build package
  $ open obj-opt.noindex/dist/firefox-56.0a1.en-US.mac.dmg
  $ open /tmp
  <drag Nightly to /tmp>
  $ /tmp/Nightly.app/Contents/MacOS/firefox -profile /tmp/profile/

Testing with no code changes, copying my Nightly channel install from /Applications results in failure when run as

  $ /tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/profile/ # this fails

But running from /private/ works

  $ /private/tmp/FirefoxNightly.app/Contents/MacOS/firefox-bin -profile /tmp/profile/ # this works

I'm probably misunderstanding how you're running it.

> Of course my self-builds don't run from /tmp, and have the same problem,
> even with mach run.

Could you clarify how you run your self-builds?
Flags: needinfo?(bzbarsky)
Sorry for the slight confusion.  There are two things that were not working for me: running self-builds and running nightlies, and it looks like it was for slightly different reasons.  I expect that the patch in bug 1380127 fixes the nightlies, which I run by unpacking the dmg in /tmp.  It does not help with self-builds which never get packaged at all.

> Could you clarify how you run your self-builds?

In my case I run them via a script that executes $objdir/dist/Nightly.app/Contents/MacOS/firefox.  But I also checked with the patch from bug 1380127 applied and using "mach run" to run the build, and that also doesn't work.
Flags: needinfo?(bzbarsky)
Comment on attachment 8885569 [details]
Bug 1380132 - Part 1 - Normalize() .app paths used in sandbox profiles.

https://reviewboard.mozilla.org/r/156422/#review161608
Attachment #8885569 - Flags: review+
(In reply to Haik Aftandilian [:haik] from comment #18)
> For me, the posted patch allows this to work. Specifically,
> 
>   $ mach build package
>   $ open obj-opt.noindex/dist/firefox-56.0a1.en-US.mac.dmg

<snip>

> Could you clarify how you run your self-builds?

(In reply to Boris Zbarsky [:bz] from comment #20)
> In my case I run them via a script that executes
> $objdir/dist/Nightly.app/Contents/MacOS/firefox.  But I also checked with
> the patch from bug 1380127 applied and using "mach run" to run the build,
> and that also doesn't work.

Just to be a bit explicit about this - builds use symlinks for lots of things, including libraries as well as frontend files.

The steps Haik describes in comment #18 also include package, which will create a "shippable" dmg and .app file which no longer has symlinks. Given the other info in this bug, I expect at least some of the differences you're seeing will be related to that.
(In reply to Boris Zbarsky [:bz] from comment #20)
> > Could you clarify how you run your self-builds?
> 
> In my case I run them via a script that executes
> $objdir/dist/Nightly.app/Contents/MacOS/firefox.  But I also checked with
> the patch from bug 1380127 applied and using "mach run" to run the build,
> and that also doesn't work.

Would you mind changing Sandbox.mm:#define MAC_SANDBOX_PRINT_POLICY 0 to be 1 instead (requires recompile) and then re-running your test? With that set, whenever a content process is started, a lot of data will be printed on the console, but the part I'm interested in is below. If you could post the results, I think that would help determine what's different about your config.

  Sandbox params:
    SHOULD_LOG = TRUE
    SANDBOX_LEVEL_1 = FALSE
    SANDBOX_LEVEL_2 = FALSE
    SANDBOX_LEVEL_3 = TRUE
    MAC_OS_MINOR_9 = FALSE
    MAC_OS_MINOR_MIN_13 = FALSE
    APP_PATH = /tmp/Nightly.app/Contents/MacOS/plugin-container.app
    APP_BINARY_PATH = /tmp/Nightly.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container
    APP_DIR = /tmp/Nightly.app/Contents
    APP_TEMP_DIR = /private/var/folders/46/3u2flajdflakjdflakdjflkadjf/T/Temp-{fc46bb94-3ad1-5e4b-a9ab-f349e8530708}
    PROFILE_DIR = /private/tmp/profile
    HOME_PATH = /Users/haftandilian
    HAS_SANDBOXED_PROFILE = TRUE
    HAS_FILE_PRIVILEGES = FALSE
Attached file Resulting log
Thanks. The difference was that in your config, the object dir is outside of the repo. I can reproduce the problem after making that change and the problem won't be addressed by the current patch (but we still need those changes for the packaged build case.)

For unpackaged builds where the object is outside of the repo, the problem is that we have links from inside the generated Nightly.app/ that point to a file in the object dir (not the source tree). We grant read access to Nightly.app/ and our mach changes grant read access to the repo, but when the object dir is outside of the repo, we'll need to grant read access to that too.

libsoftokn3.dylib is one example of a link in Nightly.app that links to the object dir.

  $OBJDIR/dist/Nightly.app/Contents/MacOS/libsoftokn3.dylib ->
    $OBJDIR/security/nss/lib/softoken/softoken_softokn3/libsoftokn3.dylib
Duplicate of this bug: 1380127
We should really have some sort of _very_ loud complaining warning for a developer build if those env vars are not set properly and NSS fails to init...
(In reply to Boris Zbarsky [:bz] from comment #30)
> We should really have some sort of _very_ loud complaining warning for a
> developer build if those env vars are not set properly and NSS fails to
> init...

Agree. I'll file a bug.
Whiteboard: sbmc2
See Also: → 1380560
There are two problems being addressed here:

1) On packaged builds that are run from a path with a symlink, many resource files within the Nightly.app/ bundle will not be loadable by content. For example, copying /Applications/FirefoxNightly.app to /tmp and then running /tmp/FirefoxNightly.app/.../firefox will cause this problem. Running this as /private/tmp/FirefoxNightly.app/.../firefox instead should work.

2) For unpackaged builds when the object dir is outside of the repo, the MOZ_DEVELOPER_REPO_DIR var we set in mach is insufficient because the .app/ bundle includes links to the object dir as well as the repo. We need an additional environment variable to point us to the repo dir (since it could be located anywhere.) And when running firefox directly from the object dir without mach, MOZ_DEVELOPER_REPO_DIR has to be manually set in the environment. The fixes here add MOZ_DEVELOPER_OBJ_DIR which will also need to be set.

We're looking into ways to avoid having to set these vars entirely: bug 1380416, bug 1380690.
Summary: SSL info in url bar totally broken on mac nightlies due to sandboxing changes → SSL info in url bar broken when launching from symlinked path or when objdir outside of repo
Comment on attachment 8885970 [details]
Bug 1380132 - Part 3 - Use env variable MOZ_DEVELOPER_OBJ_DIR to whitelist object dir in content sandbox.

https://reviewboard.mozilla.org/r/156754/#review162514
Attachment #8885970 - Flags: review?(agaynor) → review+
Attachment #8885969 - Flags: review?(mh+mozilla)
Attachment #8885969 - Flags: review?(gps)
Comment on attachment 8885969 [details]
Bug 1380132 - Part 2 - Set MOZ_DEVELOPER_OBJ_DIR before launching Firefox.

https://reviewboard.mozilla.org/r/156752/#review162648

FWIW, mozconfigs and parts of the build system already use MOZ_OBJDIR to define the objdir. However, MOZ_DEVELOPER_OBJ_DIR is consistent with existing MOZ_DEVELOPER_REPO_DIR. Plus, the objdir variables referenced by this patch are likely normalized. MOZ_OBJDIR may be more "raw." So I don't see any major concern with not reusing MOZ_OBJDIR.
Attachment #8885969 - Flags: review?(gps) → review+
gps's comments reminded me that we should normalize these paths in the browser. I've added code to do that in patch 3.
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cda4181cf10d
Part 1 - Normalize() .app paths used in sandbox profiles. r=Alex_Gaynor
https://hg.mozilla.org/integration/autoland/rev/1ecae83bb265
Part 2 - Set MOZ_DEVELOPER_OBJ_DIR before launching Firefox. r=gps
https://hg.mozilla.org/integration/autoland/rev/d916e836803f
Part 3 - Use env variable MOZ_DEVELOPER_OBJ_DIR to whitelist object dir in content sandbox. r=Alex_Gaynor
See Also: → 1383089
You need to log in before you can comment on or make changes to this bug.