Bug 1439057 - Stop allowing access to /dev/shm in the Linux content sandbox. r?gcp
MozReview-Commit-ID: 7vbKKOWjQZP
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -180,17 +180,16 @@ AddLdconfigPaths(SandboxBroker::Policy*
}
SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
{
// Policy entries that are the same in every process go here, and
// are cached over the lifetime of the factory.
#if defined(MOZ_CONTENT_SANDBOX)
SandboxBroker::Policy* policy = new SandboxBroker::Policy;
- policy->AddDir(rdwrcr, "/dev/shm");
// Write permssions
//
// Bug 1308851: NVIDIA proprietary driver when using WebGL
policy->AddFilePrefix(rdwr, "/dev", "nvidia");
// Bug 1312678: radeonsi/Intel with DRI when using WebGL
policy->AddDir(rdwr, "/dev/dri");