1625621 - Socket process crashes on startup if Linux sandbox disabled via pref

Status: RESOLVED FIXED

(Core :: Networking, defect, P1)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

The socket process sandbox is enabled at launch time if the pref security.sandbox.socket.process.level is 1 and the env var MOZ_DISABLE_SOCKET_PROCESS_SANDBOX isn't set.

However, the child process itself is sent InitLinuxSandbox unconditionally; the sandboxing code checks the env var only, because it's copying code that goes back to the B2G content sandbox and desktop GMP sandbox, neither of which was ever controlled by prefs. (Also, that file can't call into prefs code because it's in the wrong linkage unit.)

As a result, if the socket process sandbox is disabled by changing the pref (or never having set it, as in bug 1621601), the process crashes on startup when it tries to start sandboxing and fails an assertion.

I have a patch to fix this.

Comment 1

[Kershaw Chang [:kershaw]]

I saw this crash on try.
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295656490&repo=try&lineNumber=7118

It'd be great to have this fixed. Thanks.

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Bug 1625621 - Avoid socket process crash on startup when its sandbox is disabled by pref on Linux.

Comment 3

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

I have a Try run where tests fail (without my patch) and one where they succeed (with the patch).

(Edited for clarity.)

Comment 4

[Rachel Tublitz [:rachel]]

Hey Michael, are you still available to review this patch?

Comment 5

[Michael Froman [:mjf]]

I apologize for the delay! I completely lost track of that request.

Comment 6

[Pulsebot]

Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4f69ccd82391
Avoid socket process crash on startup when its sandbox is disabled by pref on Linux. r=mjf,necko-reviewers

Comment 7

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/4f69ccd82391