Currently we use gonk-misc/default-gecko-config to add --enable-content-sandbox-reporter on b2g eng builds, but I feel that we'd want the crash reporter integration on production builds as well, so that if any sandboxing oversights make it past testing we'll be aware of that instead of not. Consensus seems to be that not immediately killing the process isn't a significant change in security — in particular, the seccomp filter program is public, so being able to probe it by catching the SIGSYS isn't useful.
Trying: https://tbpl.mozilla.org/?tree=Try&rev=dd3a4274c75b Tested locally with a userdebug build (and a modified seccomp_filter.h).
Attachment #8386473 - Flags: review?(khuey) → review+
Attachment #8386473 - Flags: review?(gdestuynder) → review+
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.