Assigned to



Security: Process Sandboxing
10 months ago
9 months ago


(Reporter: haik, Assigned: haik)


56 Branch

Firefox Tracking Flags

(Not tracked)


(Whiteboard: sb+)



10 months ago
Our Mac and Linux content sandboxing implementations no longer depend on the MOZ_DEVELOPER_REPO_DIR and MOZ_DEVELOPER_OBJ_DIR environment variables for unpackaged dev builds. On Mac, the build puts the paths to these directories in the .plist files in the app bundle. On Linux, symlinks to the repo/object dir are handled by the implementation and don't need to be special-cased. Windows doesn't need the vars because the Windows build doesn't use symlinks.

There is one instance where knowing the repo dir is still required on Linux. On an unpackaged (dev) build, when loading an unpacked extension, the extension remoting code in the parent checks that web-accessible-resource files loaded by the child don't resolve to files outside of the extension directory. For this check, we use the repo path to allow unpacked extensions on dev builds to use symlinks to resources in the repo dir.

A user running ./<object-dir>/dist/bin/firefox withouth setting MOZ_DEVELOPER_REPO_DIR on Linux will encounter errors on dev builds for system extensions because they symlink back to the repo dir. There are also some ./mach commands that don't set MOZ_DEVELOPER_REPO_DIR.

I think it would be OK to skip the directory check on Linux for unpacked extension loads on dev builds. We have work going on in Bug 1382697 - "Detect filesystem and link support in configure" and Bug 1380416 - "Investigate using hardlinks instead of symlinks in the dev build on mac/linux" to change the build to not depend on symlinks which would avoid this issue.

Comment 1

10 months ago
(In reply to Haik Aftandilian [:haik] from comment #0)
> I think it would be OK to skip the directory check on Linux for unpacked
> extension loads on dev builds.

A better approach would be to check if the extension directory is within the "appdir" as that is an indication the extension is a system extension.

Comment 2

10 months ago
I'm going to address the ExtensionProtocolHandler Linux issue in bug 1386832. And plan to remove the ExtensionProtocolHandler MOZ_DEVELOPER_REPO_DIR dependency in that fix too.
Depends on: 1386832


9 months ago
Assignee: nobody → haftandilian
Priority: -- → P2
Whiteboard: sb+
You need to log in before you can comment on or make changes to this bug.