Closed
Bug 1918538
Opened 2 months ago
Closed 11 days ago
We probably don't need the MOZ_SANDBOXED env var
Categories
(Core :: Security: Process Sandboxing, task)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
133 Branch
| Tracking | Status | |
|---|---|---|
| firefox133 | --- | fixed |
People
(Reporter: jld, Assigned: gerard-majax)
References
(Regressed 1 open bug)
Details
Attachments
(1 file)
Right now, the MOZ_SANDBOXED env var is used in two places:
- In
SandboxReporterClient, as a safety check around the fixed file descriptor number used to pass the socket to child processes - In shared memory, to see if a process should expect to be blocked from accessing
/proc/ shouldn't expect to create freezeable shared memory
Bug 1440207, as pointed out by Nika in D221375, should fix the issue with SandboxReporter, and for shared memory we could just use XRE_IsParentProcess to mean “can freeze shared memory” instead of checking for sandboxedness. (And if there's ever a non-sandboxed child process type that needs to freeze shared memory we can always add it in. If we need to freeze shared memory in a sandboxed process on Linux… there are ways to deal with that but that's outside the scope of this bug.)
|
Assignee | |
Comment 1•13 days ago
|
||
This is now blocking landing because of GPU process getting enabled by default on linux/x11
Assignee: nobody → lissyx+mozillians
Blocks: 1874689
|
|
Assignee | |
Comment 2•13 days ago
|
||
Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9b74bcc1a5a1
Remove usage of MOZ_SANDBOXED r=nika,jld
|
||
Comment 4•11 days ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 11 days ago
status-firefox133:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•