Use untrusted integrity as the delayed integrity for the content process sandbox on Nightly
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox126 | --- | fixed |
People
(Reporter: bobowen, Assigned: bobowen)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
Assignee | ||
Comment 1•1 month ago
|
||
This allows us to maintain the same access to our process when the integrity
level on our access token is dropped.
Assignee | ||
Comment 2•1 month ago
|
||
This is a relanding of the changes reverted in bug 1881670.
Assignee | ||
Comment 3•1 month ago
|
||
Assignee | ||
Comment 4•1 month ago
|
||
Assignee | ||
Comment 5•1 month ago
•
|
||
Hopefully this fixes most of the failures in the last try push.
It looks like the changes in p1 mean we don't need the changes in p2 any more, but I'll check that once I've reduced the noise.
https://treeherder.mozilla.org/jobs?repo=try&revision=0e08c3d40d120c953219557e4109031fbf72d42d
Assignee | ||
Comment 6•1 month ago
|
||
(In reply to Bob Owen (:bobowen) from comment #5)
Hopefully this fixes most of the failures in the last try push.
It looks like the changes in p1 mean we don't need the changes in p2 any more, but I'll check that once I've reduced the noise.
https://treeherder.mozilla.org/jobs?repo=try&revision=0e08c3d40d120c953219557e4109031fbf72d42d
Seems that we need at least some of the changes in p2:
https://treeherder.mozilla.org/jobs?repo=try&duplicate_jobs=visible&revision=7932c31da92063e582c7489186b9674e8b73ea4c
If I just remove the PRECONDITION_FAILED
part it works, my guess is the two fixes to my forgetting to back out the tests changes landed close together:
https://treeherder.mozilla.org/jobs?repo=try&duplicate_jobs=visible&revision=2f7f2e36594c66ee6ce0ee92e3fa37c464ff016b
Updated•1 month ago
|
Updated•1 month ago
|
Updated•1 month ago
|
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/d466146035c3 p1: Set process ACL to the delayed integrity level in SetProcessIntegrityLevel. r=yjuglaret https://hg.mozilla.org/integration/autoland/rev/bb44305a37a6 p2: Flag webcodecs tests that now pass due to fall back. r=padenot https://hg.mozilla.org/integration/autoland/rev/b74cbea79fd3 p3: Enable untrusted integrity for content process sandbox on Nightly. r=handyman
Comment 8•1 month ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d466146035c3
https://hg.mozilla.org/mozilla-central/rev/bb44305a37a6
https://hg.mozilla.org/mozilla-central/rev/b74cbea79fd3
Description
•