Bug 1286865 - Step 3: Expose rejected syscall log in about:support. r=adw r=gcp
MozReview-Commit-ID: 6YcwfRtPM2
--- a/toolkit/content/aboutSupport.js
+++ b/toolkit/content/aboutSupport.js
@@ -582,21 +582,46 @@ var snapshotFormatters = {
let strings = stringBundle();
let tbody = $("sandbox-tbody");
for (let key in data) {
// Simplify the display a little in the common case.
if (key === "hasPrivilegedUserNamespaces" &&
data[key] === data["hasUserNamespaces"]) {
continue;
}
+ if (key === "syscallLog") {
+ // Not in this table.
+ continue;
+ }
tbody.appendChild($.new("tr", [
$.new("th", strings.GetStringFromName(key), "column"),
- $.new("td", data[key])
+ $.new("td", data[key]),
]));
}
+
+ let syscallBody = $("sandbox-syscalls-tbody");
+ let argsHead = $("sandbox-syscalls-argshead");
+ for (let syscall of data.syscallLog) {
+ if (argsHead.colSpan < syscall.args.length) {
+ argsHead.colSpan = syscall.args.length;
+ }
+ let cells = [
+ $.new("td", syscall.index, "integer"),
+ $.new("td", syscall.msecAgo / 1000),
+ $.new("td", syscall.pid, "integer"),
+ $.new("td", syscall.tid, "integer"),
+ $.new("td", strings.GetStringFromName("sandboxProcType." +
+ syscall.procType)),
+ $.new("td", syscall.syscall, "integer"),
+ ];
+ for (let arg of syscall.args) {
+ cells.push($.new("td", arg, "integer"));
+ }
+ syscallBody.appendChild($.new("tr", cells));
+ }
},
};
var $ = document.getElementById.bind(document);
$.new = function $_new(tag, textContentOrChildren, className, attributes) {
let elt = document.createElement(tag);
if (className)
--- a/toolkit/content/aboutSupport.xhtml
+++ b/toolkit/content/aboutSupport.xhtml
@@ -543,15 +543,48 @@
<h2 class="major-section" id="sandbox">
&aboutSupport.sandboxTitle;
</h2>
<table>
<tbody id="sandbox-tbody">
</tbody>
</table>
+
+#if defined(XP_LINUX)
+ <h4>&aboutSupport.sandboxSyscallLogTitle;</h4>
+ <table>
+ <thead>
+ <tr>
+ <th>
+ &aboutSupport.sandboxSyscallIndex;
+ </th>
+ <th>
+ &aboutSupport.sandboxSyscallAge;
+ </th>
+ <th>
+ &aboutSupport.sandboxSyscallPID;
+ </th>
+ <th>
+ &aboutSupport.sandboxSyscallTID;
+ </th>
+ <th>
+ &aboutSupport.sandboxSyscallProcType;
+ </th>
+ <th>
+ &aboutSupport.sandboxSyscallNumber;
+ </th>
+ <th id="sandbox-syscalls-argshead">
+ &aboutSupport.sandboxSyscallArgs;
+ </th>
+ </tr>
+ </thead>
+ <tbody id="sandbox-syscalls-tbody">
+ </tbody>
+ </table>
+#endif
#endif
</div>
</body>
</html>
--- a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd
+++ b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd
@@ -105,16 +105,24 @@ variant of aboutSupport.showDir.label. -
<!ENTITY aboutSupport.installationHistoryTitle "Installation History">
<!ENTITY aboutSupport.updateHistoryTitle "Update History">
<!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard">
<!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard">
<!ENTITY aboutSupport.sandboxTitle "Sandbox">
+<!ENTITY aboutSupport.sandboxSyscallLogTitle "Rejected System Calls">
+<!ENTITY aboutSupport.sandboxSyscallIndex "#">
+<!ENTITY aboutSupport.sandboxSyscallAge "Seconds Ago">
+<!ENTITY aboutSupport.sandboxSyscallPID "PID">
+<!ENTITY aboutSupport.sandboxSyscallTID "TID">
+<!ENTITY aboutSupport.sandboxSyscallProcType "Process Type">
+<!ENTITY aboutSupport.sandboxSyscallNumber "Syscall">
+<!ENTITY aboutSupport.sandboxSyscallArgs "Arguments">
<!ENTITY aboutSupport.safeModeTitle "Try Safe Mode">
<!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…">
<!ENTITY aboutSupport.graphicsFeaturesTitle "Features">
<!ENTITY aboutSupport.graphicsDiagnosticsTitle "Diagnostics">
<!ENTITY aboutSupport.graphicsFailureLogTitle "Failure Log">
<!ENTITY aboutSupport.graphicsGPU1Title "GPU #1">
--- a/toolkit/locales/en-US/chrome/global/aboutSupport.properties
+++ b/toolkit/locales/en-US/chrome/global/aboutSupport.properties
@@ -99,16 +99,18 @@ loadedLibVersions = Version in use
hasSeccompBPF = Seccomp-BPF (System Call Filtering)
hasSeccompTSync = Seccomp Thread Synchronization
hasUserNamespaces = User Namespaces
hasPrivilegedUserNamespaces = User Namespaces for privileged processes
canSandboxContent = Content Process Sandboxing
canSandboxMedia = Media Plugin Sandboxing
contentSandboxLevel = Content Process Sandbox Level
+sandboxProcType.content = content
+sandboxProcType.mediaPlugin = media plugin
# LOCALIZATION NOTE %1$S and %2$S will be replaced with the number of remote and the total number
# of windows, respectively, while %3$S will be replaced with one of the status strings below,
# which contains a description of the multi-process preference and status.
# Note: multiProcessStatus.3 doesn't exist because status=3 was deprecated.
multiProcessWindows = %1$S/%2$S (%3$S)
multiProcessStatus.0 = Enabled by user
multiProcessStatus.1 = Enabled by default
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@@ -564,16 +564,31 @@ if (AppConstants.MOZ_SANDBOX) {
let sysInfo = Cc["@mozilla.org/system-info;1"].
getService(Ci.nsIPropertyBag2);
for (let key of keys) {
if (sysInfo.hasKey(key)) {
data[key] = sysInfo.getPropertyAsBool(key);
}
}
+
+ let reporter = Cc["@mozilla.org/sandbox/syscall-reporter;1"].
+ getService(Ci.mozISandboxReporter);
+ const snapshot = reporter.snapshot();
+ let syscalls = [];
+ for (let index = snapshot.begin; index < snapshot.end; ++index) {
+ let report = snapshot.getElement(index);
+ let { msecAgo, pid, tid, procType, syscall } = report;
+ let args = []
+ for (let i = 0; i < report.numArgs; ++i) {
+ args.push(report.getArg(i));
+ }
+ syscalls.push({ index, msecAgo, pid, tid, procType, syscall, args });
+ }
+ data.syscallLog = syscalls;
}
if (AppConstants.MOZ_CONTENT_SANDBOX) {
data.contentSandboxLevel =
Services.prefs.getIntPref("security.sandbox.content.level");
}
done(data);
--- a/toolkit/modules/tests/browser/browser_Troubleshoot.js
+++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js
@@ -482,16 +482,52 @@ const SNAPSHOT_SCHEMA = {
canSandboxMedia: {
required: false,
type: "boolean"
},
contentSandboxLevel: {
required: AppConstants.MOZ_CONTENT_SANDBOX,
type: "number"
},
+ syscallLog: {
+ required: AppConstants.platform == "linux",
+ type: "array",
+ items: {
+ type: "object",
+ properties: {
+ index: {
+ required: true,
+ type: "number",
+ },
+ pid: {
+ required: true,
+ type: "number",
+ },
+ tid: {
+ required: true,
+ type: "number",
+ },
+ procType: {
+ required: true,
+ type: "string",
+ },
+ syscall: {
+ required: true,
+ type: "number",
+ },
+ args: {
+ required: true,
+ type: "array",
+ items: {
+ type: "string",
+ },
+ },
+ },
+ },
+ },
},
},
},
};
/**
* Throws an Error if obj doesn't conform to schema. That way you get a nice
* error message and a stack to help you figure out what went wrong, which you
--- a/toolkit/themes/shared/aboutSupport.css
+++ b/toolkit/themes/shared/aboutSupport.css
@@ -64,16 +64,21 @@ th.column {
width: 0px;
}
td {
text-align: start;
border-color: var(--in-content-table-border-dark-color);
}
+td.integer {
+ text-align: end;
+ font-family: monospace;
+}
+
.prefs-table {
width: 100%;
table-layout: fixed;
}
.pref-name {
width: 70%;
white-space: nowrap;