Bug 1302891 - Part 3 - Whitelist mremap in Sandbox; r?glandium
MozReview-Commit-ID: KkjlEtr0SVv
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -174,16 +174,21 @@ public:
case __NR_nanosleep:
return Allow();
// Thread synchronization
case __NR_futex:
// FIXME: This could be more restrictive....
return Allow();
+ // CFI in LLVM/Clang uses mremap to reinitialize its memory region
+ // when a library is dlopen'ed.
+ case __NR_mremap:
+ return Allow();
+
// Asynchronous I/O
case __NR_epoll_wait:
case __NR_epoll_pwait:
case __NR_epoll_ctl:
case __NR_ppoll:
case __NR_poll:
return Allow();