Mercurial > mozreview > gecko / changeset / 73e89e235d3df83493379c6aa05968373590d892
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1439057 - Stop allowing access to /dev/shm in the Linux content sandbox. r?gcp draft
authorJed Davis <jld@mozilla.com>
Fri, 16 Mar 2018 18:28:03 -0600
changeset 772863 73e89e235d3df83493379c6aa05968373590d892
parent 772862 94108afcc1f7af06e1c7bf300d2098faa536d7c0
push id104068
push userbmo:jld@mozilla.com
push dateTue, 27 Mar 2018 01:50:10 +0000
reviewersgcp
bugs1439057
milestone61.0a1
Bug 1439057 - Stop allowing access to /dev/shm in the Linux content sandbox. r?gcp MozReview-Commit-ID: 7vbKKOWjQZP
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -180,17 +180,16 @@ AddLdconfigPaths(SandboxBroker::Policy* 
 }
 
 SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
 {
   // Policy entries that are the same in every process go here, and
   // are cached over the lifetime of the factory.
 #if defined(MOZ_CONTENT_SANDBOX)
   SandboxBroker::Policy* policy = new SandboxBroker::Policy;
-  policy->AddDir(rdwrcr, "/dev/shm");
   // Write permssions
   //
   // Bug 1308851: NVIDIA proprietary driver when using WebGL
   policy->AddFilePrefix(rdwr, "/dev", "nvidia");
 
   // Bug 1312678: radeonsi/Intel with DRI when using WebGL
   policy->AddDir(rdwr, "/dev/dri");
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.