1285525 - Add sys_semget to seccomp-bpf whitelist. r?tedd
draft
1285525 - Add sys_semget to seccomp-bpf whitelist. r?tedd
MozReview-Commit-ID: 1yV0uqiMSru
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -633,16 +633,21 @@ public:
// Only allow to send signals within the process.
case __NR_rt_tgsigqueueinfo: {
Arg<pid_t> tgid(0);
return If(tgid == getpid(), Allow())
.Else(InvalidSyscall());
}
#endif
+#ifdef __NR_semget
+ case __NR_semget:
+ return Allow();
+#endif
+
#endif // DESKTOP
#ifdef __NR_getrandom
case __NR_getrandom:
return Allow();
#endif
// nsSystemInfo uses uname (and we cache an instance, so