Open Bug 1505868 Opened 1 year ago Updated 1 month ago
Content .css not applied to webpages when chrome folder is a symlink
Could be related to https://bugzilla.mozilla.org/show_bug.cgi?id=1384483
Component: Untriaged → CSS Parsing and Computation
Product: Firefox → Core
rgant, can you confirm whether it's the sandbox that is preventing this from working? Try temporarily adding this line to your profile's user.js file: user_pref("security.sandbox.content.level", 2); and restarting the browser. Please don't forget to remove that line when you're done testing, since it reduces Firefox's security.
When I added `user_pref("security.sandbox.content.level", 2);` to user.js and switched back to the symlinked chrome folder all the in page custom styles were applied. Things worked as I expected and the problem was resolved.
Thanks for confirming. Moving this to the Sandboxing component to triage.
Component: CSS Parsing and Computation → Security: Process Sandboxing
Thanks for the report. This occurs because the Mac content process sandbox doesn't allow content processes to read from arbitrary paths on the filesystem in order to make it more difficult for a compromised content process to access private information. Even though the sandbox policy allows access to the $PROFILE/chrome dir, following a symlink from an allowed directory to a non-allowed directory is blocked by the sandbox implementation and we haven't added any special-case code to allow this to work for $PROFILE/chrome. In order to support the chrome dir being a symlink or any files within the chrome dir being a symlink, we would have to either 1) check for any symlinks and then resolve them before enabling the sandbox or 2) add support to get access to these files via the parent process. The Linux content sandbox is an entirely different implementation and treats symlinks differently and so the fix for bug 1384483 isn't applicable to Mac. It would be nice to support this use case.
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.