Clarify documentation on namespaces and the sandbox
Categories
(Websites :: wiki.mozilla.org, enhancement)
Tracking
(Not tracked)
People
(Reporter: bananagold, Unassigned, NeedInfo)
References
()
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0
Steps to reproduce:
Run Firefox on a Linux kernel without unprivileged user namespaces
Currently the case for:
- Arch with linux-hardened
- Android
- Custom kernels
- Firefox running inside bubblewrap/flatpak
Actual results:
There are multiple mentions of the effect of Linux user namespaces on the process isolation in firefox, including references to namespaces fixing sandbox escape paths https://bugzilla.mozilla.org/show_bug.cgi?id=1066750
The wiki also mentions that namespace sandboxing is used to isolate media plugins
https://wiki.mozilla.org/Security/Sandbox/Specifics
I have not gone through all the issues to provide a comprehensive list of potential security issues that are addressed by Linux namespaces, however the above examples do indicate that parts of firefox process isolation like used by fission may rely on it, yet no cohesive documentation describes the detailed effects of Linux namespaces to the different parts of the process isolation feature.
Expected results:
The related bug reports indicate a lot of guess work about the actual effects of running without unprivileged user namespaces on Linux.
The documentation should describe clearly what security features actually rely on the existence of Linux namespaces and what are the consequences when they are disabled.
Jed, please check this request to improve the wiki article(s) about sandboxing.
Description
•