Open Bug 1875230 Opened 2 years ago Updated 5 months ago

Investigate how to allow DNS lookups in the socket process

Categories

(Core :: Security: Process Sandboxing, task)

Product:
Core
Component:
Security: Process Sandboxing
Type:
task

Tracking

()

People

(Reporter: kershaw, Unassigned)

References

(Blocks 1 open bug)

Details

See bug 1872551 #c12.
When we want to enable network.http.network_access_on_socket_process.enabled, we'll need to investigate how to modify sandbox rules and allow to do DNS lookups in the socket process.

I suspect this will involve weakening the current sandbox settings.
Hopefully we now have a way of re-strengthening the sandbox with a Low Privileged Application Container like we do for the Windows Media Foundation CDM process.
This is a separate mechanism, which locks down the access token and we then grant back "capabilities", which are more fine grained than the "access token levels" that we are using at the moment.

You need to log in before you can comment on or make changes to this bug.