mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 21:31:04 +00:00
Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
MozReview-Commit-ID: HyNozlK5SAE
This commit is contained in:
parent
21e153fc19
commit
a4e6059aeb
@ -973,6 +973,26 @@ pref("security.sandbox.windows.log.stackTraceDepth", 0);
|
||||
pref("security.sandbox.content.level", 1);
|
||||
#endif
|
||||
|
||||
#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// This pref is introduced as part of bug 742434, the naming is inspired from
|
||||
// its Windows/Mac counterpart, but on Linux it's an integer which means:
|
||||
// 0 -> "no sandbox"
|
||||
// 1 -> "content sandbox using seccomp-bpf when available"
|
||||
// 2 -> "seccomp-bpf + file broker"
|
||||
// Content sandboxing on Linux is currently in the stage of
|
||||
// 'just getting it enabled', which includes a very permissive whitelist. We
|
||||
// enable seccomp-bpf on nightly to see if everything is running, or if we need
|
||||
// to whitelist more system calls.
|
||||
//
|
||||
// So the purpose of this setting is to allow nightly users to disable the
|
||||
// sandbox while we fix their problems. This way, they won't have to wait for
|
||||
// another nightly release which disables seccomp-bpf again.
|
||||
//
|
||||
// This setting may not be required anymore once we decide to permanently
|
||||
// enable the content sandbox.
|
||||
pref("security.sandbox.content.level", 1);
|
||||
#endif
|
||||
|
||||
#if defined(XP_MACOSX) || defined(XP_WIN)
|
||||
#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// ID (a UUID when set by gecko) that is used to form the name of a
|
||||
|
@ -2599,6 +2599,14 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
|
||||
#endif
|
||||
MaybeFileDesc brokerFd = void_t();
|
||||
#ifdef XP_LINUX
|
||||
// XXX: Checking the pref here makes it possible to enable/disable sandboxing
|
||||
// during an active session. Currently the pref is only used for testing
|
||||
// purpose. If the decision is made to permanently rely on the pref, this
|
||||
// should be changed so that it is required to restart firefox for the change
|
||||
// of value to take effect.
|
||||
shouldSandbox = (Preferences::GetInt("security.sandbox.content.level") > 0) &&
|
||||
!PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");
|
||||
|
||||
if (shouldSandbox) {
|
||||
MOZ_ASSERT(!mSandboxBroker);
|
||||
UniquePtr<SandboxBroker::Policy> policy =
|
||||
|
@ -120,7 +120,7 @@ SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
|
||||
{
|
||||
// Allow overriding "unsupported"ness with a pref, for testing.
|
||||
if (!IsSystemSupported() &&
|
||||
Preferences::GetInt("security.sandbox.content.level") <= 0) {
|
||||
Preferences::GetInt("security.sandbox.content.level") <= 1) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user