Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r?gcp
MozReview-Commit-ID: Cz9MKxOJnsS
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -533,20 +533,16 @@ public:
#ifdef ANDROID
case SYS_SOCKET:
return Some(Error(EACCES));
#else // #ifdef DESKTOP
case SYS_RECV:
case SYS_SEND:
case SYS_SOCKET: // DANGEROUS
case SYS_CONNECT: // DANGEROUS
- case SYS_ACCEPT:
- case SYS_ACCEPT4:
- case SYS_BIND:
- case SYS_LISTEN:
case SYS_GETSOCKOPT:
case SYS_SETSOCKOPT:
case SYS_GETSOCKNAME:
case SYS_GETPEERNAME:
case SYS_SHUTDOWN:
return Some(Allow());
#endif
default: