Closed Bug 1461546 Opened 2 years ago Closed 2 years ago

Extend SANDBOX_HAS_USER_NAMESPACES telemetry past 60


(Core :: Security: Process Sandboxing, defect, P1)

60 Branch



Tracking Status
firefox61 --- fixed
firefox62 --- fixed


(Reporter: jld, Assigned: jld)




(2 files)

SANDBOX_HAS_USER_NAMESPACES was set to expire in 61, but we still need it (alongside the telemetry covered by 1373034) on release to get an idea of the importance of supporting an alternative to unprivileged user namespaces.

In theory the data is still being gathered for release 60, but thanks to bug 1376456 there's no way to see it, or even the historical data from earlier releases (other than maybe doing a query on the entire set of raw Telemetry data).
…also that probe was opt-in, which according to now means it's always turned off on release (vs. beta/dev/nightly), so the second half of comment #0 is wrong, and I'll need to seek approval for opt-out/release/FHR status.

Current values from the public t.m.o Measurement Dashboard:
Nightly 60: 53.31%
Nightly 59: 51.27%
DevEd 60: 58.23%
DevEd 59: 58.92%
Beta 60: 86.99%
Beta 59: 89.44%

There's also an interesting result with the SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED probe: it's around 98% for all three prerelease channels.  (To interpret this, it helps to know that Arch enabled CONFIG_USER_NS after taking the Debian/Ubuntu patch to pref it off for non-root: )

So, SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED probably isn't useful anymore and can be allowed to expire.
Patch to follow shortly.
Attachment #8979419 - Flags: review?(chutten)
I should also add that this is collected only on desktop Linux, not Android; see also bug 1373034 comment #3.  (It's not inherently irrelevant on Android like the probe in bug 1373034 is, but if we did collect it on Android I predict that the result would be ~0%, because my late-model Google-branded phone doesn't support user namespaces at all.)
Comment on attachment 8979421 [details]
Bug 1461546 - Extend SANDBOX_HAS_USER_NAMESPACES telemetry and make it opt-out.
Attachment #8979421 - Flags: review?(chutten) → review+
Comment on attachment 8979419 [details]
Data review request form


    Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Standard Telemetry mechanisms apply.

    Is there a control mechanism that allows the user to turn the data collection on and off?

Standard Telemetry mechanisms apply.

    If the request is for permanent data collection, is there someone who will monitor the data over time?

Not permanent.

    Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Type 1.

    Is the data collection request for default-on or default-off?


    Does the instrumentation include the addition of any new identifiers (whether anonymous or otherwise; e.g., username, random IDs, etc. See the appendix for more details)?


    Is the data collection covered by the existing Firefox privacy notice?


    Does there need to be a check-in in the future to determine whether to renew the data?

Yes. :jld, please file a follow-up bug to evaluate this probe's continued utility near its expiry.

Result: datareview+
Attachment #8979419 - Flags: review?(chutten) → review+
Pushed by
Extend SANDBOX_HAS_USER_NAMESPACES telemetry and make it opt-out. r=chutten
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Comment on attachment 8979421 [details]
Bug 1461546 - Extend SANDBOX_HAS_USER_NAMESPACES telemetry and make it opt-out.

Approval Request Comment
[Feature/Bug causing the regression]: Telemetry expiration
[User impact if declined]: We'll have a gap in this telemetry metric on release between 60 and 62
[Is this code covered by automated tests?]: It's part of telemetry.
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: It's a simple update to Histograms.json
[String changes made/needed]: None
Attachment #8979421 - Flags: approval-mozilla-beta?
Comment on attachment 8979421 [details]
Bug 1461546 - Extend SANDBOX_HAS_USER_NAMESPACES telemetry and make it opt-out.

Extends the life of a Telemetry probe to avoid a gap in data in Fx61. Approved for 61.0b10.
Attachment #8979421 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.