Closed Bug 1664922 Opened 6 months ago Closed 5 months ago

Allow CPU information for nsSystemInfo in the RDD sandbox

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Desktop
Linux
defect

Tracking

()

RESOLVED FIXED
83 Branch
Tracking Status
firefox83 --- fixed

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

The RDD process initializes nsSystemInfo, which on Linux reads files in /proc and /sys that the sandbox policy doesn't allow; sometimes (nsSystemInfo initialization is async as of bug 1553546) this happens after sandbox startup. Currently the failures are silently ignored, but see bug 1662321 comment #0 for more details and why this is a problem for memfd support.

I have a patch to allow the paths in question in the sandbox policy, as a workaround.

Severity: -- → S4
Priority: -- → P1
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/be90d6aec690
Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp

Backed out for Valgrind bustages.

See https://bugzilla.mozilla.org/show_bug.cgi?id=1662564#c4

Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9e2328aa32aa
Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
You need to log in before you can comment on or make changes to this bug.