Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r?gcp
Guest sessions on Ubuntu (and maybe other distributions that use
LightDM?) apply an AppArmor policy that allows CLONE_NEWUSER but doesn't
allow using any of the capabilities it grants, or even configuring the
new user namespace.
This patch causes those environments to be detected as not supporting
unprivileged user namespaces, because for all practical purposes they
don't.
MozReview-Commit-ID: HVkoBakRwaA
--- a/security/sandbox/linux/SandboxInfo.cpp
+++ b/security/sandbox/linux/SandboxInfo.cpp
@@ -132,17 +132,21 @@ CanCreateUserNamespace()
// This is run at static initializer time, while single-threaded, so
// locking isn't needed to access the environment.
static const char kCacheEnvName[] = "MOZ_ASSUME_USER_NS";
const char* cached = getenv(kCacheEnvName);
if (cached) {
return cached[0] > '0';
}
- pid_t pid = syscall(__NR_clone, SIGCHLD | CLONE_NEWUSER,
+ // Bug 1434528: In addition to CLONE_NEWUSER, do something that uses
+ // the new capabilities (in this case, cloning another namespace) to
+ // detect AppArmor policies that allow CLONE_NEWUSER but don't allow
+ // doing anything useful with it.
+ pid_t pid = syscall(__NR_clone, SIGCHLD | CLONE_NEWUSER | CLONE_NEWPID,
nullptr, nullptr, nullptr, nullptr);
if (pid == 0) {
// In the child. Do as little as possible.
_exit(0);
}
if (pid == -1) {
// Failure.
MOZ_ASSERT(errno == EINVAL || // unsupported