Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r?jhector
MozReview-Commit-ID: 7UE6hyDiC6H
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -619,16 +619,21 @@ public:
return Allow();
case __NR_eventfd2:
case __NR_inotify_init1:
case __NR_inotify_add_watch:
case __NR_inotify_rm_watch:
return Allow();
+#ifdef __NR_memfd_create
+ case __NR_memfd_create:
+ return Allow();
+#endif
+
#ifdef __NR_rt_tgsigqueueinfo
// Only allow to send signals within the process.
case __NR_rt_tgsigqueueinfo: {
Arg<pid_t> tgid(0);
return If(tgid == getpid(), Allow())
.Else(InvalidSyscall());
}
#endif