Bug 1408498 - Allow FIONREAD in sandboxed content processes, for libgio. r?gcp
MozReview-Commit-ID: 23mO3vCb7Gu
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -729,16 +729,19 @@ public:
Arg<unsigned long> request(1);
auto shifted_type = request & kTypeMask;
// Rust's stdlib seems to use FIOCLEX instead of equivalent fcntls.
return If(request == FIOCLEX, Allow())
// ffmpeg, and anything else that calls isatty(), will be told
// that nothing is a typewriter:
.ElseIf(request == TCGETS, Error(ENOTTY))
+ // Bug 1408498: libgio uses FIONREAD on inotify fds.
+ // (We should stop using inotify: bug 1408497.)
+ .ElseIf(request == FIONREAD, Allow())
// Allow anything that isn't a tty ioctl, for now; bug 1302711
// will cover changing this to a default-deny policy.
.ElseIf(shifted_type != kTtyIoctls, Allow())
.Else(SandboxPolicyCommon::EvaluateSyscall(sysno));
}
CASES_FOR_fcntl:
// Some fcntls have significant side effects like sending