Closed
Bug 1386019
Opened 7 years ago
Closed 6 years ago
Remove PulseAudio-related content sandbox rules
Categories
(Core :: Security: Process Sandboxing, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla60
Tracking | Status | |
---|---|---|
firefox60 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
(Blocks 2 open bugs)
Details
(Whiteboard: sb+)
Attachments
(3 files)
There are a number of things in our content process sandbox policy that are allowed only because PulseAudio needs them. Once bug 1362220 lands, we should go through and rip them all out. Removing network/sockets access and chroot()ing content processes have their own bugs; this bug will cover everything else: system calls like fchown and umask, files like $XAUTHORITY (see bug 1384986 comment #5), and so on.
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: sb+
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → jld
Priority: P3 → P2
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment 4•6 years ago
|
||
mozreview-review |
Comment on attachment 8944633 [details] Bug 1386019 - At sandbox level 4, remove syscalls used only by PulseAudio. https://reviewboard.mozilla.org/r/214784/#review220566
Attachment #8944633 -
Flags: review?(gpascutto) → review+
Comment 5•6 years ago
|
||
mozreview-review |
Comment on attachment 8944634 [details] Bug 1386019 - Remove PulseAudio-specific sandbox broker rules when remoting audio. https://reviewboard.mozilla.org/r/214786/#review220568
Attachment #8944634 -
Flags: review?(gpascutto) → review+
Comment 6•6 years ago
|
||
mozreview-review |
Comment on attachment 8944635 [details] Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. https://reviewboard.mozilla.org/r/214788/#review220570
Attachment #8944635 -
Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ff1469e83494 At sandbox level 4, remove syscalls used only by PulseAudio. r=gcp https://hg.mozilla.org/integration/mozilla-inbound/rev/c2836d5bc6bc Remove PulseAudio-specific sandbox broker rules when remoting audio. r=gcp https://hg.mozilla.org/integration/mozilla-inbound/rev/af41b725ff91 Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp
Comment 8•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ff1469e83494 https://hg.mozilla.org/mozilla-central/rev/c2836d5bc6bc https://hg.mozilla.org/mozilla-central/rev/af41b725ff91
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in
before you can comment on or make changes to this bug.
Description
•