Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld

MozReview-Commit-ID: HyNozlK5SAE
This commit is contained in:
Julian Hector 2016-06-16 12:39:07 +02:00
parent 21e153fc19
commit a4e6059aeb
3 changed files with 29 additions and 1 deletions

View File

@ -973,6 +973,26 @@ pref("security.sandbox.windows.log.stackTraceDepth", 0);
pref("security.sandbox.content.level", 1);
#endif
#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
// This pref is introduced as part of bug 742434, the naming is inspired from
// its Windows/Mac counterpart, but on Linux it's an integer which means:
// 0 -> "no sandbox"
// 1 -> "content sandbox using seccomp-bpf when available"
// 2 -> "seccomp-bpf + file broker"
// Content sandboxing on Linux is currently in the stage of
// 'just getting it enabled', which includes a very permissive whitelist. We
// enable seccomp-bpf on nightly to see if everything is running, or if we need
// to whitelist more system calls.
//
// So the purpose of this setting is to allow nightly users to disable the
// sandbox while we fix their problems. This way, they won't have to wait for
// another nightly release which disables seccomp-bpf again.
//
// This setting may not be required anymore once we decide to permanently
// enable the content sandbox.
pref("security.sandbox.content.level", 1);
#endif
#if defined(XP_MACOSX) || defined(XP_WIN)
#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
// ID (a UUID when set by gecko) that is used to form the name of a

View File

@ -2599,6 +2599,14 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
#endif
MaybeFileDesc brokerFd = void_t();
#ifdef XP_LINUX
// XXX: Checking the pref here makes it possible to enable/disable sandboxing
// during an active session. Currently the pref is only used for testing
// purpose. If the decision is made to permanently rely on the pref, this
// should be changed so that it is required to restart firefox for the change
// of value to take effect.
shouldSandbox = (Preferences::GetInt("security.sandbox.content.level") > 0) &&
!PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");
if (shouldSandbox) {
MOZ_ASSERT(!mSandboxBroker);
UniquePtr<SandboxBroker::Policy> policy =

View File

@ -120,7 +120,7 @@ SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
{
// Allow overriding "unsupported"ness with a pref, for testing.
if (!IsSystemSupported() &&
Preferences::GetInt("security.sandbox.content.level") <= 0) {
Preferences::GetInt("security.sandbox.content.level") <= 1) {
return nullptr;
}