1885218 - Add more logging for fatal errors in sandboxed process launch on Linux

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, enhancement, P1)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Inspired by bug 1884347, and its possible duplicate in bug 1884593: there are places in the sandbox's process launching where we can MOZ_CRASH at a point where we know the crash reporter doesn't work. Because MOZ_CRASH doesn't log anything to stderr on release builds, this results in difficult-to-interpret bug reports. However, we already have the SANDBOX_LOG macros for doing logging to stderr in a way that's safe here (i.e., async signal safe), and that's already done in some places in SandboxLaunch.cpp. So, I thought I'd add a few more.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Bug 1885218 - Add more logging for fatal errors during Linux sandbox process launch.

In this code there are conditions where we can't proceed, but simply
MOZ_CRASHing isn't ideal, because the crash reporter doesn't work
here, and on non-debug builds the crash string isn't printed to the
terminal, so we get bug reports where we know that something crashed
somewhere but not much else.

Because we already have the SANDBOX_LOG macros (which are intended to
be async signal safe), this patch uses them to add some more logging.

This patch also makes sure that WriteStringToFile always sets errno to
something when returning failure, because that matters for some of this
new logging.

Comment 2

[Pulsebot]

Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/073706ebc100
Add more logging for fatal errors during Linux sandbox process launch. r=gcp

Comment 3

[Natalia Csoregi [:nataliaCs]]

https://hg.mozilla.org/mozilla-central/rev/073706ebc100