Enable RLBox for local builds
Categories
(Core :: Security: Process Sandboxing, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox95 | --- | fixed |
People
(Reporter: bholley, Assigned: bholley)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
No reason to have it automation-only at this point, and always better for local builds to match.
|
Assignee | |
Comment 1•3 years ago
|
||
|
||
Comment 2•3 years ago
|
||
|
||
Updated•3 years ago
|
Pushed by mh@glandium.org: https://hg.mozilla.org/integration/autoland/rev/81b18e809c04 Enable rlbox for local builds. r=firefox-build-system-reviewers,andi
|
||
Updated•3 years ago
|
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
|
||
Comment 5•3 years ago
|
||
Solaris build now fails with:
ERROR: Cannot find a wasi sysroot. Please give its location with --with-wasi-sysroot. Or build with --without-wasm-sandboxed-libraries.
It seems it can be build with --without-wasm-sandboxed-libraries. I wonder what is the plan for the future. Is --without-wasm-sandboxed-libraries only temporary solution? Or will it be always available?
|
|
Assignee | |
Comment 6•3 years ago
•
|
||
(In reply to Petr Sumbera from comment #5)
Solaris build now fails with:
ERROR: Cannot find a wasi sysroot. Please give its location with --with-wasi-sysroot. Or build with --without-wasm-sandboxed-libraries.It seems it can be build with
--without-wasm-sandboxed-libraries. I wonder what is the plan for the future. Is--without-wasm-sandboxed-librariesonly temporary solution? Or will it be always available?
It's a temporary solution. One of the goals of wasmboxing is to allow us to stop tracking upstream for the third-party libraries that we sandbox. So if there's a zero-day in a library that we've sandboxed, anyone who turned off wasmboxing will be exposed. As such we should figure how to get this resolved. Please file a separate bug (similar to bug 1738822) and include your mozconfig.
|
|
Assignee | |
Updated•3 years ago
|
Description
•