Closed Bug 969088 Opened 11 years ago Closed 11 years ago

Indicate per-process/thread seccomp state in b2g-ps output

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file)

Link to Github pull-request: https://github.com/mozilla-b2g/gonk-misc/pull/150
49 bytes, text/x-github-pull-request
dhylands
: review+
Details | Review
It seems useful, at least for people working on sandboxing, for b2g-ps to note which processes/threads have seccomp sandboxing enabled. I have a proof-of-concept, seen here demonstrating bug 969040: $ adb -s emulator-5554 shell b2g-ps -t 182 APPLICATION SEC USER PID PPID VSIZE RSS WCHAN PC NAME Built-in Keyboa 2 app_182 182 127 71616 24292 ffffffff 4005b3c0 S /system/b2g/plugin-container Chrome_ChildThr 0 app_182 183 182 71616 24292 c00bb45c 4005b3c0 S Chrome_ChildThr JS GC Helper 0 app_182 184 182 71616 24292 c005deb8 4005b5cc S JS GC Helper Socket Thread 0 app_182 185 182 71616 24292 c009e6d4 4005b438 S Socket Thread BgHangManager 0 app_182 186 182 71616 24292 c005dfbc 4005b5cc S BgHangManager (Nuwa) 0 app_182 187 182 71616 24292 c005deb8 4005b5cc S (Nuwa) ImageBridgeChil 0 app_182 188 182 71616 24292 c005deb8 4005b5cc S ImageBridgeChil Binder Thread # 0 app_182 189 182 71616 24292 c01ad2ac 4005a690 S Binder Thread # Binder Thread # 0 app_182 190 182 71616 24292 c01ad2ac 4005a690 S Binder Thread # Timer 0 app_182 193 182 71616 24292 c005dfbc 4005b5cc S Timer Network Seer 2 app_182 207 182 71616 24292 c005deb8 4005b5cc S Network Seer HTML5 Parser 2 app_182 209 182 71616 24292 c005deb8 4005b5cc S HTML5 Parser Analysis Helper 2 app_182 210 182 71616 24292 c005deb8 4005b5cc S Analysis Helper Analysis Helper 2 app_182 211 182 71616 24292 c005deb8 4005b5cc S Analysis Helper Built-in Keyboa 2 app_182 212 182 71616 24292 c005deb8 4005b5cc S Built-in Keyboa Media State 2 app_182 218 182 71616 24292 c005deb8 4005b5cc S Media State
I considered making it conditional on whether the running kernel supports seccomp (tested by reading /proc/self/status), but if I'm going to break scripts that parse b2g-ps output (are there any?) then I think I should break them everywhere, not have that be an extra "surprise" for seccomp-enabled devices.
Comment on attachment 8372007 [details] [review] Link to Github pull-request: https://github.com/mozilla-b2g/gonk-misc/pull/150 I only had one comment, but on further reflection, I think that its a moot point.
Attachment #8372007 - Flags: review?(dhylands) → review+
https://github.com/mozilla-b2g/gonk-misc/commit/02147230f5878943bc51373afb852b248e814140
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: