Closed
Bug 1799470
Opened 3 years ago
Closed 2 years ago
Tighten GPU sandbox's filesystem access
Categories
(Core :: Security: Process Sandboxing, defect, P2)
Tracking
()
RESOLVED
FIXED
111 Branch
| Tracking | Status | |
|---|---|---|
| firefox111 | --- | fixed |
People
(Reporter: cmartin, Assigned: cmartin)
References
Details
Attachments
(7 files, 1 obsolete file)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
In Bug 1797887, we had to allow the sandboxed GPU process full access to the filesystem as a workaround because the sandbox was breaking the shader cache.
Even though the shader cache "Works on My Machine™", on other machines it appears that that the previous sandbox exception was not enough to allow it to work properly.
This is a follow-up bug to investigate why the shader cache was broken on some machines with the GPU sandbox enabled, and to re-tighten the filesystem access for the GPU sandbox.
|
Assignee | |
Updated•3 years ago
|
Severity: -- → S3
Priority: -- → P2
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
|
|
Assignee | |
Comment 2•3 years ago
|
||
Depends on D164595
|
||
Updated•3 years ago
|
Assignee: nobody → cmartin
Status: NEW → ASSIGNED
|
|
||
Updated•3 years ago
|
Attachment #9308107 -
Attachment description: Bug 1799470 - Remove XRE_InitEmbedding2 and XRE_TermEmbedding → Bug 1799470 - Merge old embedding logic into ContentChild
|
|
||
Updated•3 years ago
|
Attachment #9308106 -
Attachment description: Bug 1799470 - Remove dead startup code and reorganize → Bug 1799470 - Remove dead startup code
|
|
Assignee | |
Updated•3 years ago
|
Keywords: leave-open
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cf7505ed9309
Remove dead startup code r=nika
https://hg.mozilla.org/integration/autoland/rev/f357acb2e2cc
Merge old embedding logic into ContentChild r=nika
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 5•3 years ago
|
||
|
|
Assignee | |
Comment 6•3 years ago
|
||
Depends on D165414
|
|
Assignee | |
Comment 7•3 years ago
|
||
Depends on D165415
|
|
Assignee | |
Comment 8•3 years ago
|
||
Depends on D165416
|
|
Assignee | |
Comment 9•3 years ago
|
||
Depends on D165417
|
|
Assignee | |
Comment 10•3 years ago
|
||
Depends on D165418
|
|
||
Updated•3 years ago
|
Attachment #9309611 -
Attachment description: Bug 1799470 - Turn nsXREDirProvider::GetFile into a table lookup → Bug 1799470 - Refactor nsXREDirProvider::GetFile
|
|
||
Updated•3 years ago
|
Attachment #9309613 -
Attachment is obsolete: true
|
||
Comment 11•2 years ago
|
||
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6753eedb7343
Refactor app starter r=nika
https://hg.mozilla.org/integration/autoland/rev/a1555357e973
Eliminate dead code around mAppProvider + cleanup r=nika
https://hg.mozilla.org/integration/autoland/rev/c1b220d515f1
Refactor nsXREDirProvider::GetFile r=nika
https://hg.mozilla.org/integration/autoland/rev/158d3a10a7eb
Do UTF-8 checks in nsXREDirProvider r=nika
|
||
Comment 12•2 years ago
|
||
| bugherder | ||
|
|
||
Comment 13•2 years ago
|
||
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/69a6c2500cb5
Retighten GPU Process File Access r=nika,handyman
|
|
||
Comment 14•2 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 16•2 years ago
|
||
Thanks for the reminder, Ryan :)
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(cmartin)
Keywords: leave-open
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
status-firefox111:
--- → fixed
Target Milestone: --- → 111 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•