Open Bug 1388888 Opened 4 years ago Updated 4 years ago

Fix automated tests so that whitelisting of paths in sandbox rules is not required

Categories

(Core :: Security: Process Sandboxing, defect, P3)

56 Branch
All
Unspecified
defect

Tracking

()

People

(Reporter: haik, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: sb+)

This bug is filed to address how some of our automated tests on try and when run locally depend on content processes being able to read files that they are not permitted to read under normal operation due to filesystem sandboxing.

At present we have workarounds in mach that set prefs with paths for whitelisting. This has allowed tests to pass with content filesystem sandboxing enabled, but in the longer term we'd like to fix the tests so that the whitelisting is not required. It would be better if we didn't have to support whitelisting because there's always some risk it will introduce bugs or be abused in some way.

Note: this is separate from how unpackaged developer builds on Mac need to whitelist paths to the repo and object directories.
Blocks: sb-test
Priority: -- → P3
Whiteboard: sb+
You need to log in before you can comment on or make changes to this bug.