Bug 1382442 - Don't try to use GConf in content processes. r?gcp r?drno
GConf uses ORBit, which tries to create server sockets, which has been
disallowed by the content sandbox seccomp-bpf policy since 55 (
bug
1358647). GConf is considered obsolete and hasn't been updated since
2013. This patch disables the use of GConf in content processes, on the
assumption that anything that this would break is already broken by
rejecting the system call.
The one use case that's believed to be broken is using WebRTC behind a
mandatory proxy and using system preferences (rather than Firefox's) for
the proxy config. WebRTC uses nsIProtocolProxyService in the content
process, so if this combination of things is done on a system with GConf,
it will not be able to read the system prefs.
The larger use case of WebRTC + GConf (with or without a proxy) will
crash on Nightly without this patch, because rejected syscalls produce
crashes in order to gather more diagnostic information.
MozReview-Commit-ID: 6jpBkByzo7n
--- a/toolkit/system/gnome/nsGConfService.cpp
+++ b/toolkit/system/gnome/nsGConfService.cpp
@@ -5,16 +5,17 @@
#include "mozilla/ArrayUtils.h"
#include "nsGConfService.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsISupportsPrimitives.h"
#include "nsIMutableArray.h"
+#include "nsXULAppAPI.h"
#include "prlink.h"
#include <gconf/gconf-client.h>
using namespace mozilla;
#define GCONF_FUNCTIONS \
FUNC(gconf_client_get_default, GConfClient*, (void)) \
@@ -71,16 +72,20 @@ nsresult
nsGConfService::Init()
{
#define FUNC(name, type, params) { #name, (nsGConfFunc *)&_##name },
static const nsGConfDynamicFunction kGConfSymbols[] = {
GCONF_FUNCTIONS
};
#undef FUNC
+ if (NS_WARN_IF(XRE_IsContentProcess())) {
+ return NS_ERROR_SERVICE_NOT_AVAILABLE;
+ }
+
if (!gconfLib) {
gconfLib = PR_LoadLibrary("libgconf-2.so.4");
if (!gconfLib)
return NS_ERROR_FAILURE;
}
for (auto GConfSymbol : kGConfSymbols) {
*GConfSymbol.function =