Closed Bug 1521167 Opened 5 years ago Closed 5 years ago

[Mac] Sandbox violation logging is always enabled with early startup

Categories

(Core :: Security: Process Sandboxing, defect)

66 Branch
Desktop
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
firefox64 --- unaffected
firefox65 --- fixed
firefox66 --- fixed

People

(Reporter: haik, Assigned: haik)

References

Details

Attachments

(1 file)

With early sandbox startup on Mac (current default on 65), sandbox violation is enabled by default. It should be disabled by default and only enabled when security.sandbox.logging.enabled=true in about:config or the environment variable MOZ_SANDBOX_LOGGING is set.

Assignee: nobody → haftandilian

For sandbox early startup, ensure violation logging is only enabled when the parent passes the -sbLogging flag.

OS: Other → macOS

We will want to uplift this fix to 65 because enabling the violation logging can cause performance issues.

Blocks: 1520764
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f71ebb7632fb
[Mac] Sandbox violation logging is always enabled with early startup r=Alex_Gaynor
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

(In reply to Haik Aftandilian [:haik] from comment #2)

We will want to uplift this fix to 65 because enabling the violation logging
can cause performance issues.

This needs a release approval request ASAP if this is targeting 65. We're already in the RC phase.

Flags: needinfo?(haftandilian)

Comment on attachment 9037653 [details]
Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r?Alex_Gaynor

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1431441

User impact if declined: Mac-specific. Extra sandbox violation warnings will be logged in the system Console.app. The extra violation logging might cause some perf issues.

Is this code covered by automated tests?: No

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce:

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): The change is very small and only affects sandbox violation logging on Mac.

String changes made/needed: None

Flags: needinfo?(haftandilian)
Attachment #9037653 - Flags: approval-mozilla-beta?
https://hg.mozilla.org/projects/cedar/rev/f71ebb7632fb7e9e8f8514f377c12e9a52430da1
Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r=Alex_Gaynor

Comment on attachment 9037653 [details]
Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r?Alex_Gaynor

[Triage Comment]
Turns off extra logging which can be a perf issue on macOS. Approved for 65.0 RC2.

Attachment #9037653 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9037653 - Flags: approval-mozilla-beta+ → approval-mozilla-release+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: