Closed Bug 1799470 Opened 1 year ago Closed 1 year ago

Tighten GPU sandbox's filesystem access

Categories

(Core :: Security: Process Sandboxing, defect, P2)

All
Windows
defect

Tracking

()

RESOLVED FIXED
111 Branch
Tracking Status
firefox111 --- fixed

People

(Reporter: cmartin, Assigned: cmartin)

References

Details

Attachments

(7 files, 1 obsolete file)

In Bug 1797887, we had to allow the sandboxed GPU process full access to the filesystem as a workaround because the sandbox was breaking the shader cache.

Even though the shader cache "Works on My Machine™", on other machines it appears that that the previous sandbox exception was not enough to allow it to work properly.

This is a follow-up bug to investigate why the shader cache was broken on some machines with the GPU sandbox enabled, and to re-tighten the filesystem access for the GPU sandbox.

Severity: -- → S3
Priority: -- → P2
Blocks: 1347710
No longer depends on: 1797887
See Also: → 1797887
Blocks: 1803135
Assignee: nobody → cmartin
Status: NEW → ASSIGNED
Attachment #9308107 - Attachment description: Bug 1799470 - Remove XRE_InitEmbedding2 and XRE_TermEmbedding → Bug 1799470 - Merge old embedding logic into ContentChild
Attachment #9308106 - Attachment description: Bug 1799470 - Remove dead startup code and reorganize → Bug 1799470 - Remove dead startup code
Keywords: leave-open
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cf7505ed9309
Remove dead startup code r=nika
https://hg.mozilla.org/integration/autoland/rev/f357acb2e2cc
Merge old embedding logic into ContentChild r=nika

Depends on D165415

Depends on D165416

Attached file Bug 1799470 - Add Profile Finalizer (obsolete) —

Depends on D165417

Depends on D165418

Attachment #9309611 - Attachment description: Bug 1799470 - Turn nsXREDirProvider::GetFile into a table lookup → Bug 1799470 - Refactor nsXREDirProvider::GetFile
Attachment #9309613 - Attachment is obsolete: true
Blocks: 1809519
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6753eedb7343
Refactor app starter r=nika
https://hg.mozilla.org/integration/autoland/rev/a1555357e973
Eliminate dead code around mAppProvider + cleanup r=nika
https://hg.mozilla.org/integration/autoland/rev/c1b220d515f1
Refactor nsXREDirProvider::GetFile r=nika
https://hg.mozilla.org/integration/autoland/rev/158d3a10a7eb
Do UTF-8 checks in nsXREDirProvider r=nika
Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/69a6c2500cb5
Retighten GPU Process File Access r=nika,handyman
Regressions: 1811991
Regressions: 1812680

Can this bug be closed now?

Flags: needinfo?(cmartin)

Thanks for the reminder, Ryan :)

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(cmartin)
Keywords: leave-open
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
Regressions: 1838542
You need to log in before you can comment on or make changes to this bug.