1450531 - >Firefox 60.0_beta8 does not compile on arm because of unrecognized architecture in security/sandbox/linux/reporter/SandboxReporter.cpp

Status: RESOLVED INVALID

(Core :: Security: Process Sandboxing, defect)

Description

[tt_1]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20180327133451

Steps to reproduce:

Downloaded a copy of the source code, used armv7a-unknown-linux-gnueabihf toolchain to build it nativly, no cross compile. 


Actual results:

there is a compile error related to sandbox: 

119:52.09 libsecurity_sandbox_common.a.desc
121:17.62 libjs_src.a.desc
121:22.77 /var/tmp/portage/www-client/firefox-60.0_beta8/work/firefox-60.0b8/security/sandbox/linux/reporter/SandboxReporter.cpp:30:2: error: #error "unrecognized architecture"
121:22.77  #error "unrecognized architecture"
121:22.77   ^~~~~
121:27.70 libsecurity_sandbox_linux_broker.a.desc
121:30.20 /var/tmp/portage/www-client/firefox-60.0_beta8/work/firefox-60.0b8/security/sandbox/linux/reporter/SandboxReporter.cpp: In function 'void mozilla::SubmitToTelemetry(const mozilla::SandboxReport&)':
121:30.20 /var/tmp/portage/www-client/firefox-60.0_beta8/work/firefox-60.0b8/security/sandbox/linux/reporter/SandboxReporter.cpp:220:16: error: 'SANDBOX_ARCH_NAME' was not declared in this scope
121:30.21      key.Append(SANDBOX_ARCH_NAME "/");
121:30.21                 ^~~~~~~~~~~~~~~~~
121:30.28 /var/tmp/portage/www-client/firefox-60.0_beta8/work/firefox-60.0b8/security/sandbox/linux/reporter/SandboxReporter.cpp:220:16: note: suggested alternative: 'SANDBOX_LOG_LEN'
121:30.28      key.Append(SANDBOX_ARCH_NAME "/");
121:30.29                 ^~~~~~~~~~~~~~~~~
121:30.29                 SANDBOX_LOG_LEN
121:31.42 gmake[4]: *** [/var/tmp/portage/www-client/firefox-60.0_beta8/work/firefox-60.0b8/config/rules.mk:1049: SandboxReporter.o] Error 1


Expected results:

It should actually compile.

Comment 1

[tt_1]

scrolling through the source code in SandboxReporter.cpp 


// Distinguish architectures for the telemetry key.
#if defined(__i386__)
#define SANDBOX_ARCH_NAME "x86"
#elif defined(__x86_64__)
#define SANDBOX_ARCH_NAME "amd64"
#else
#error "unrecognized architecture"
#endif


makes me think that this was no accident. 

If you don't want to have sandboxing for anything else but for i386 and x86_64, please do some check during configure to enable sandboxing for i386/x86_64 only, and to disable for the rest. 

For now, it might be possible to work around this with --disable-sandbox

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

This… shouldn't happen.  The configure script checks architecture at [1] and [2], disabling content and GMP sandboxing by default on non-x86, and then at [3] MOZ_SANDBOX is also turned off as a result, which should[4] prevent building security/sandbox. 

Is it possible that the build script is using --enable-content-sandbox unconditionally?  We've had problems before with distros doing that.


[1] https://searchfox.org/mozilla-central/rev/f5fb323246bf22a3a3b4185882a1c5d8a2c02996/old-configure.in#3251
[2] https://searchfox.org/mozilla-central/rev/f5fb323246bf22a3a3b4185882a1c5d8a2c02996/old-configure.in#3283
[3] https://searchfox.org/mozilla-central/rev/f5fb323246bf22a3a3b4185882a1c5d8a2c02996/old-configure.in#3299
[4] https://searchfox.org/mozilla-central/rev/f5fb323246bf22a3a3b4185882a1c5d8a2c02996/toolkit/toolkit.mozbuild#40-41

Comment 3

[tt_1]

Ah, I see, the build script I'm using was written with i686 and x86_64 in mind. It sets --enable-content-sandbox per default, will turn that off and close this bug if it passes. I was used to the --enable-sandbox switch, which doesn't exist anymore, it seems?

Comment 4

[tt_1]

Removed --enable-content-sandbox , problem solved. Confirmed as well that your configure scripts work as intended.