Allow RDD and Socket processes to read `/proc/self/{statm,smaps}` on Linux
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | fixed |
People
(Reporter: n.nethercote, Assigned: gerard-majax)
References
Details
Attachments
(1 file)
As per bug 1198552, memory reporting currently relies on reading /proc/self/statm and /proc/self/smaps on Linux. This is allowed in content processes and the GPU process, but isn't allowed in the RDD process or the Socket process.
This means that memory reporting of RDD and Socket processes is missing some important measurements, and this leads to some test failures as seen in bug 1644834.
It would be very helpful if the RDD and Socket processes could be allowed to read these files. I looked at doing this myself, and RDDSandboxPolicy and SandboxBrokerPolicyFactory::GetContentPolicy() seem relevant, but I couldn't quite work out what the changes would look like.
|
||
Updated•4 years ago
|
|
|
||
Comment 1•4 years ago
|
||
You probably only need to copy/paste these two:
https://searchfox.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#543
|
||
Comment 2•4 years ago
|
||
The severity field is not set for this bug.
:gcp, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 3•4 years ago
|
||
Tests in bug 1644834 comment 14 were failing locally for me, with the patch on https://treeherder.mozilla.org/jobs?repo=try&revision=6f78b54c292ade32da9bfd729ef68b45323eb1a9 it is passing all three locally
|
|
Assignee | |
Comment 4•4 years ago
|
||
|
|
Assignee | |
Comment 5•4 years ago
|
||
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
Description
•