Closed
Bug 1954085
Opened 1 month ago
Closed 1 month ago
Improve error reporting for SandboxInfo user namespace
Categories
(Core :: Security: Process Sandboxing, enhancement, P2)
Tracking
()
RESOLVED
FIXED
138 Branch
| Tracking | Status | |
|---|---|---|
| firefox138 | --- | fixed |
People
(Reporter: gerard-majax, Assigned: gerard-majax)
References
Details
Attachments
(1 file)
There are cases where it was a bit complicated to get precise understanding of where https://searchfox.org/mozilla-central/rev/27583d5afd9beea3a7551f35470cf188de1d368c/security/sandbox/linux/SandboxInfo.cpp#114-175 would fail (e.g. docker setup). Having logging would help
|
Assignee | |
Comment 1•1 month ago
|
||
|
|
Assignee | |
Comment 2•1 month ago
|
||
This is the generated log on a Ubuntu 24.10 where I used an objdir that is not allowed to userns per AppArmor:
$ grep UserNamespace sandbox_usernamespace.log
[3124452] Sandbox: CanCreateUserNamespace() unshare(CLONE_NEWPID): -1
[3124450] Sandbox: CanCreateUserNamespace() waitpid(3124452) child process failure 00000100
[3124484] Sandbox: CanCreateUserNamespace() cached: false
[3124590] Sandbox: CanCreateUserNamespace() cached: false
|
||
Updated•1 month ago
|
Severity: -- → S4
Priority: -- → P2
|
|
||
Updated•1 month ago
|
OS: Unspecified → Linux
Hardware: Unspecified → Desktop
Version: unspecified → Trunk
Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/256020e9e610
Report user namespace checks and failure via sandbox logging r=jld
|
||
Comment 4•1 month ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 1 month ago
status-firefox138:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 138 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•