Closed
Bug 1445003
Opened 7 years ago
Closed 7 years ago
RenderDoc's networking conflicts with sandboxing
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla61
People
(Reporter: jld, Assigned: jld)
References
Details
Crash Data
Attachments
(1 file)
RenderDoc (https://renderdoc.org/) seems to work by having the process that's using GL accept socket connections from the tools; this uses the Internet domain on desktop Linux. (On Android it uses Unix-domain abstract addresses, which I assume is because an app without Internet permissions on Android can't create Internet-domain sockets, but that would have the same problems.)
The socket is created/bound early in startup, before the seccomp-bpf policy is applied, but (1) the policy doesn't allow accept/accept4, and (2) on distributions that allow it, the process is already in a separate network namespace at that point, which means nothing could connect to the socket anyway.
It should be enough to detect it via env vars and lower the sandbox level.
Assignee | ||
Comment 1•7 years ago
|
||
Better idea: allow accept() — which needs to be handled specially anyway because it's not allowed at levels 1-3 in the aftermath of bug 1358647 and bug 1362537 — and don't unshare the network namespace (like for remote X11), but otherwise leave the network/socket restrictions intact (no outbound connections, no new listening sockets, etc.).
This seems to work: RenderDoc can connect to child processes and determine whether they're using GL. However, it can't capture, apparently because we're rendering to an offscreen surface so it doesn't know what the start/end of a frame is; this is not affected by sandboxing, but if capturing WebGL would fail on 60 anyway, then there's not much point in uplifting this.
Comment hidden (mozreview-request) |
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8958659 [details]
Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work.
https://reviewboard.mozilla.org/r/227576/#review233416
::: security/sandbox/common/SandboxSettings.cpp:13
(Diff revision 1)
>
> #include "mozilla/ModuleUtils.h"
> #include "mozilla/Preferences.h"
>
> #include "prenv.h"
> +#include <stdio.h>
Debugging leftover?
Attachment #8958659 -
Flags: review?(gpascutto) → review+
Comment hidden (mozreview-request) |
Assignee | ||
Comment 5•7 years ago
|
||
mozreview-review |
Comment on attachment 8958659 [details]
Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work.
https://reviewboard.mozilla.org/r/227576/#review233516
::: security/sandbox/common/SandboxSettings.cpp:13
(Diff revision 1)
>
> #include "mozilla/ModuleUtils.h"
> #include "mozilla/Preferences.h"
>
> #include "prenv.h"
> +#include <stdio.h>
Yes; thanks for spotting that.
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0b8d58958178
Detect RenderDoc and adjust the sandbox policy so it can work. r=gcp
Comment 7•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•