Open Bug 1553888 Opened 6 years ago Updated 3 years ago

Lazily construct SandboxInfo singleton

Tracking

()

Status:

NEW

People

(Reporter: jld, Unassigned)

References

(Depends on 1 open bug)

Details

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Reporter

Description

•

6 years ago

Currently the SandboxInfo singleton is constructed, and various OS feature detection tests are performed, at static initializer time. This means that reading the feature bits is guaranteed to just test a bit in a global variable, which was important in the past for reasons that no longer apply. In general it's not the best idea to do things in static initializers if we can avoid it, so this should be changed to lazily initialize.

One thing to watch out for: the clone call for testing unprivileged user namespaces, which may become more expensive due to copy-on-write of the address space.

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Lazily construct SandboxInfo singleton

Categories

(Core :: Security: Process Sandboxing, enhancement, P3)

Tracking

()

People

(Reporter: jld, Unassigned)

References

(Depends on 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated