Mercurial > mozreview > gecko / changeset / 377ad6dadef864844d55cef9a4abc7ff57ca7c21
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1438394 - Do SysV IPC check before bailing out early. r?jld draft
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 07 Mar 2018 19:05:00 +0100
changeset 764860 377ad6dadef864844d55cef9a4abc7ff57ca7c21
parent 763748 a4ef1082c51d5b4508882c22487f6c8de5b35e2a
push id101879
push userbmo:gpascutto@mozilla.com
push dateThu, 08 Mar 2018 15:04:19 +0000
reviewersjld
bugs1438394
milestone60.0a1
Bug 1438394 - Do SysV IPC check before bailing out early. r?jld The SandboxLaunchPrepare currently bails out early if it detects a lack of user namespaces. Hoist the check for drivers needing SysV IPC up so it's done before that early exit, and the required env variables get correctly set. With this we no longer fail with a SIGSYS sandbox error, though in a debug build we still crash because many assumptions in the graphics stack get broken when that fails to initialize the driver for WebGL. MozReview-Commit-ID: 8n3Hx6VSjTF
security/sandbox/linux/launch/SandboxLaunch.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -236,46 +236,46 @@ SandboxLaunchPrepare(GeckoProcessType aT
 
   // At this point, we know we'll be using sandboxing; generic
   // sandboxing support goes here.  The MOZ_SANDBOXED env var tells
   // the child process whether this is the case.
   aOptions->env_map["MOZ_SANDBOXED"] = "1";
   PreloadSandboxLib(&aOptions->env_map);
   AttachSandboxReporter(&aOptions->fds_to_remap);
 
+  bool canChroot = false;
+  int flags = 0;
+
+  if (aType == GeckoProcessType_Content && level >= 1) {
+      static const bool needSysV = ContentNeedsSysVIPC();
+      if (needSysV) {
+        // Tell the child process so it can adjust its seccomp-bpf
+        // policy.
+        aOptions->env_map["MOZ_SANDBOX_ALLOW_SYSV"] = "1";
+      } else {
+        flags |= CLONE_NEWIPC;
+      }
+  }
+
   // Anything below this requires unprivileged user namespaces.
   if (!info.Test(SandboxInfo::kHasUserNamespaces)) {
     return;
   }
 
-  bool canChroot = false;
-  int flags = 0;
-
   switch (aType) {
 #ifdef MOZ_GMP_SANDBOX
   case GeckoProcessType_GMPlugin:
     if (level >= 1) {
       canChroot = true;
       flags |= CLONE_NEWNET | CLONE_NEWIPC;
     }
     break;
 #endif
 #ifdef MOZ_CONTENT_SANDBOX
   case GeckoProcessType_Content:
-    if (level >= 1) {
-      static const bool needSysV = ContentNeedsSysVIPC();
-      if (needSysV) {
-        // Tell the child process so it can adjust its seccomp-bpf
-        // policy.
-        aOptions->env_map["MOZ_SANDBOX_ALLOW_SYSV"] = "1";
-      } else {
-        flags |= CLONE_NEWIPC;
-      }
-    }
-
     if (level >= 4) {
       canChroot = true;
       // Unshare network namespace if allowed by graphics; see
       // function definition above for details.  (The display
       // local-ness is cached because it won't change.)
       static const bool isDisplayLocal = IsDisplayLocal();
       if (isDisplayLocal) {
         flags |= CLONE_NEWNET;
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.