Mercurial > mozreview > gecko / changeset / bfd3c85646a2486ab11cd6647f699fcb491c335a
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1213998 - Apply chroot() to sandboxed content processes on Linux. r=gcp draft
authorJed Davis <jld@mozilla.com>
Tue, 16 Jan 2018 19:10:51 -0700
changeset 748915 bfd3c85646a2486ab11cd6647f699fcb491c335a
parent 748914 e553850d9e37114d58331c8235d68965bd9aa72c
child 748916 9f17734fe3719eee3f5e6a2572a9aa77d624dd62
push id97274
push userbmo:jld@mozilla.com
push dateTue, 30 Jan 2018 17:43:04 +0000
reviewersgcp
bugs1213998
milestone60.0a1
Bug 1213998 - Apply chroot() to sandboxed content processes on Linux. r=gcp MozReview-Commit-ID: DGepECmw3pq
security/sandbox/linux/launch/SandboxLaunch.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -215,16 +215,17 @@ SandboxLaunchPrepare(GeckoProcessType aT
     break;
 #endif
 #ifdef MOZ_CONTENT_SANDBOX
   case GeckoProcessType_Content:
     // TODO: CLONE_NEWIPC (bug 1376910) if not fglrx and level >= 1,
     // once the XShm detection shim is fixed.
 
     if (level >= 4) {
+      canChroot = true;
       // Unshare network namespace if allowed by graphics; see
       // function definition above for details.  (The display
       // local-ness is cached because it won't change.)
       static const bool isDisplayLocal = IsDisplayLocal();
       if (isDisplayLocal) {
         flags |= CLONE_NEWNET;
       }
     }
gecko
Deployed from 90768f014fd7 at 2025-05-26T08:10:17Z.