Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r?jld
MozReview-Commit-ID: 82nCmXqnCbp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -134,16 +134,20 @@ SandboxBrokerPolicyFactory::SandboxBroke
}
// If the above fails at any point, fall back to a very good guess.
if (NS_FAILED(rv)) {
policy->AddDir(rdwrcr, "/tmp");
}
// Bug 1308851: NVIDIA proprietary driver when using WebGL
policy->AddPrefix(rdwr, "/dev", "nvidia");
+
+ // Bug 1312678: radeonsi/Intel with DRI when using WebGL
+ policy->AddDir(rdwr, "/dev/dri");
+
mCommonContentPolicy.reset(policy);
#endif
}
#ifdef MOZ_CONTENT_SANDBOX
UniquePtr<SandboxBroker::Policy>
SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
{