Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 12:45:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
545,919 Commits 615 Branches 98 Tags 6 GiB
0edfa97e38
Commit Graph

310 Commits

Author SHA1 Message Date
Phil Ringnalda
c9fdc270b6 Merge m-c to autoland 
--HG--
rename : dom/media/webaudio/compiledtest/TestAudioEventTimeline.cpp => dom/media/webaudio/gtest/TestAudioEventTimeline.cpp
 2016-11-03 20:02:24 -07:00
Gian-Carlo Pascutto
35af45b5fe Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r=jld 
MozReview-Commit-ID: 82nCmXqnCbp

--HG--
extra : rebase_source : 8a94e2754a13bd82a007c087dd5b97c4e5c13e7a
 2016-11-02 20:02:42 +01:00
Jed Davis
76488739a9 Bug 1272062 - Merge security/sandbox/linux/common into its parent directory. r=gcp 
Now that SandboxInfo is always part of libmozsandbox, instead of being
in different places depending on widget, it doesn't need to be a
separate directory anymore.

Also updates a few comments that referenced it.

--HG--
rename : security/sandbox/linux/common/LinuxSched.h => security/sandbox/linux/LinuxSched.h
rename : security/sandbox/linux/common/SandboxInfo.cpp => security/sandbox/linux/SandboxInfo.cpp
rename : security/sandbox/linux/common/SandboxInfo.h => security/sandbox/linux/SandboxInfo.h
 2016-10-27 22:06:00 +02:00
Gian-Carlo Pascutto
8b0d2992cb Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld 
MozReview-Commit-ID: JjNfA6wUe3T

--HG--
extra : rebase_source : ad565d238e7554a951d2f6b4e076918bdfd7a450
extra : histedit_source : 127ff408e498f7c687cf6e7f8f7b4e2fbb8c5ae8
 2016-10-25 20:43:42 +02:00
Jed Davis
67a039045c Bug 1268733 - Move Linux sandboxing code back out to libmozsandbox.so. r=gcp r=glandium 2016-10-26 16:57:24 -06:00
Jed Davis
dce9969411 Bug 1268733 - Move sandbox interposition shims to their own static library. r=gcp r=glandium 
This way they'll continue to be at the beginning of the symbol search
path after mozsandbox returns to being a shared library instead of
statically linked into plugin-container.

--HG--
rename : security/sandbox/linux/SandboxHooks.cpp => security/sandbox/linux/interpose/SandboxHooks.cpp
 2016-10-26 16:57:18 -06:00
Jed Davis
13fea0b617 Bug 1268733 - Move sandbox telemetry / crash annotation code from mozsandbox to libxul. r=haik 2016-10-26 16:57:10 -06:00
Andi-Bogdan Postelnicu
c7be178cd3 Bug 1309133 - null terminate pathBuf2 in SandboxBroker::ThreadMain. r=gcp 
MozReview-Commit-ID: 8iA4Yzwj8nv

--HG--
extra : rebase_source : 81af49ea741957a3a79c91dd5503196a0a28a9ef
 2016-10-11 15:42:39 +03:00
Gian-Carlo Pascutto
f0dece11a4 Bug 1308564 - Tie logging to MOZ_SANDBOX_VERBOSE instead of DEBUG. r=jld 
MozReview-Commit-ID: JHIzIvbjA0Q

--HG--
extra : rebase_source : bb5652209a3fdb9e5cccb6c3cc4058fd74173fd1
 2016-10-07 21:33:12 +02:00
Gian-Carlo Pascutto
f255eedb86 Bug 1308851 - Open up devices for NVIDIA proprietary driver in the sandbox. r=jld 
MozReview-Commit-ID: 5OMRNSPBbe1

--HG--
extra : rebase_source : bb554a1f72a9e6bbde9250542989f5c34dfe7267
 2016-10-10 20:51:21 +02:00
Gian-Carlo Pascutto
5810afce39 Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik 
MozReview-Commit-ID: 6AdKbBH0NMh

--HG--
extra : rebase_source : aaf58affb124719b3d65dc819d98e7227abff8ec
 2016-10-07 22:09:57 +02:00
Gian-Carlo Pascutto
bbcb394669 Bug 1289718 - Clean up stat/stat64 wrapper. Deal with non-default TMPDIR. r=jld 
MozReview-Commit-ID: DW63be9qd3z

--HG--
extra : rebase_source : 0a1860c70a631b24bcafecb4946c044148536004
 2016-10-06 13:25:13 +02:00
Gian-Carlo Pascutto
f3a1ed7502 Bug 1289718 - Extend sandbox file broker to handle paths, support more syscalls. r=jld,tedd 
MozReview-Commit-ID: DW415ABoaeN
MozReview-Commit-ID: cXrlXNlEwh
MozReview-Commit-ID: CIX6d7td6Bc
MozReview-Commit-ID: DCQ9DGBBjm4
MozReview-Commit-ID: BOYSSof3t7
MozReview-Commit-ID: LmsTqv0GzC2
MozReview-Commit-ID: HOWR0HEHmMg
MozReview-Commit-ID: 6IzqdrUP7lD
MozReview-Commit-ID: 6r6sqOVekVu
MozReview-Commit-ID: 5FL2WkhIxFx
MozReview-Commit-ID: CcTyHn76p46
MozReview-Commit-ID: F8erB4Tvn2V
MozReview-Commit-ID: D9m10t0Rodc
MozReview-Commit-ID: I1llpEBgDP6

--HG--
extra : rebase_source : 1d50d5b7a9936c76decdf268a4e66e34ee7b200c
 2016-09-27 17:25:06 +02:00
Tom Schuster
774a8bf34d Bug 1302163 - Change code to use SprintfLiteral instead of snprintf. r=ehsan 2016-10-04 17:57:51 +02:00
Jed Davis
75b81d566f Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp 
--HG--
extra : rebase_source : 42fa66774311cc1dcf2c18643c7118483acff89d
 2016-09-26 16:10:00 -04:00
Jed Davis
cb2e7d319f Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp 
--HG--
extra : rebase_source : 595bf264b48968ec25d02c82866ef02ef87a59fa
 2016-09-26 16:32:00 -04:00
Bob Owen
d453628509 Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld 
MozReview-Commit-ID: 14eHMsYZznA
 2016-09-06 08:57:21 +01:00
Wes Kocher
81db6ce036 Merge m-c to autoland, a=merge 2016-08-30 18:15:33 -07:00
Gian-Carlo Pascutto
dd0d72c51a Bug 1295190 - Add sys_flock to seccomp whitelist. r=jld 
MozReview-Commit-ID: 2GxNWzwfh3u

--HG--
extra : rebase_source : e64bb3d7e499f97dd77721c230bb849e0654ca05
 2016-08-22 15:51:05 +02:00
Gian-Carlo Pascutto
7cb06880d3 Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd 
MozReview-Commit-ID: 72RrNf57FQQ

--HG--
extra : rebase_source : 875e95ee560ff35e81fb38e8459dfe7256c24735
 2016-08-30 16:59:39 +02:00
Kan-Ru Chen
b6d880aca1 Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj 
The patch is generated from following command:

  rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,

MozReview-Commit-ID: AtLcWApZfES


--HG--
rename : mfbt/unused.h => mfbt/Unused.h
 2016-08-24 14:47:04 +08:00
Gian-Carlo Pascutto
e2d263a0f4 Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd 
MozReview-Commit-ID: BUDRwsuAu0W

--HG--
extra : rebase_source : 9fa3cf044d67ed09e9a6a4cd8c5d5b0023d8077d
 2016-08-18 16:56:12 +02:00
Jed Davis
10843a73b7 Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps 
Making readlink() always fail with EINVAL (the result of applying it
to a non-symlink) worked on B2G, but this is not the case on desktop.
(Note: originally the idea for the B2G file broker was that it would
ignore symlinks and map lstat to stat, so that behavior for readlink
would have been consistent, but as eventually implemented it does do
lstat as actual lstat.)

In particular, this seems to be causing something in the graphics
library stack to change what GL renderer it uses (?), and on some
systems the presence of the readlink->EINVAL rule causes it to load a
version of the llvmpipe software renderer with a crash bug, instead of
(we assume) some other driver that works.
 2016-08-08 14:59:19 -07:00
Gian-Carlo Pascutto
c53a105dc7 Bug 1288410 - Basic implementation of AddDir and recursive Lookup. r=tedd 
MozReview-Commit-ID: 36jAPfm29LO

--HG--
extra : rebase_source : 5eb2a9b02ad3c40375b9a4d9b3f38d75932e29b1
 2016-08-10 15:09:58 +02:00
Carsten "Tomcat" Book
389a3e0817 merge mozilla-inbound to mozilla-central a=merge 
--HG--
rename : mobile/android/base/java/org/mozilla/gecko/GeckoAppShell.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/GeckoLayerClient.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/GeckoLayerClient.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/LayerRenderer.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/LayerRenderer.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/PanningPerfAPI.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/PanningPerfAPI.java
 2016-08-04 15:55:50 +02:00
Alexandre Lissy
0af5b943b6 Bug 1284674 - Remove NUWA r=cyu 
MozReview-Commit-ID: GyMRNzOBKw6

--HG--
extra : rebase_source : 293af1cd55f2035ce6a99f4ebf144059c32a2b8f
 2016-08-02 14:54:00 +02:00
Jed Davis
5fc855cf94 Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd 2016-08-01 13:10:00 +02:00
Jed Davis
6f2404e02a Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp 2016-08-01 15:47:00 +02:00
Jed Davis
938691d027 Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd 2016-08-01 15:44:00 +02:00
L. David Baron
3e30ec6687 Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector 
jprof is an in-tree profiling tool that runs on Linux.

This fixes the error:

Sandbox: seccomp sandbox violation: pid 29698, syscall 38, args 0 140731305513136 0 830 22509600 1.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: __GI_setitimer (/build/glibc-GKVZIf/glibc-2.23/time/../sysdeps/unix/syscall-template.S:84)
Sandbox: frame #02: startSignalCounter(unsigned long) (.../mozilla-central/mozilla/tools/jprof/stub/libmalloc.cpp:464)

which occurs during shutdown when running with jprof enabled via the
JPROF_FLAGS environment variable containing JP_DEFER without actually
sending the signal to start jprof.  It presumably occurs sooner if jprof
is actually used either via JP_START or by senging a SIGPROF/SIGALRM.

With the patch, these steps run to completion.

MozReview-Commit-ID: Fx4tzEyqIj2

--HG--
extra : transplant_source : %2AU%15F%8A%C5%E6%1D%03%20%1B%F6W%E9%EB%DA%8F%E7f%5D
 2016-08-01 08:49:48 +01:00
Julian Seward
a3b23bd33c Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector. 2016-07-29 17:42:55 +02:00
Julian Hector
6c0d578d0e Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp 2016-07-27 15:45:02 +02:00
Fabrice Desré
c23a54d9ec Bug 1289381 - Don't fail to build sandboxing with --disable-crashreporter r=gcp 2016-07-26 04:35:43 -07:00
Julian Hector
3236586a67 Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp 2016-07-25 19:37:58 +02:00
Julian Hector
1ab18ae903 Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp 2016-07-23 17:13:52 +02:00
Haik Aftandilian
8f7ffc84b7 Bug 1274540 - Record sandboxing status in crash reports; r=gcp 
Adds content sandbox metadata to parent and child crash reports:
Includes the value of pref security.sandbox.content.level,
whether or not the system is capable of sandboxing, if the
sandbox was successfully turned on, and (on Linux systems)
the sandbox capabilities flags.

New crash report keys:
"ContentSandboxLevel" in parent and content
"ContentSandboxCapable" in parent
"ContentSandboxEnabled" in content
"ContentSandboxCapabilities" in content on Linux
 2016-07-25 13:21:00 +02:00
Wei-Cheng Pan
fd87664d8e Bug 1264566 - Part 2: Refactor all usage of FileDescriptor. r=valentin 
Callers should use a UniquePtr to hold the platform handle.

MozReview-Commit-ID: 6BWnyAf4b3a

--HG--
extra : transplant_source : %26%CA%0D%28%08%9BT%97Z%A1%3Dq%CD%21%A1_%EFE%83%0E
extra : histedit_source : 77f8ed3d0fdec6cce0c95469130ade0fb547bb91
 2016-05-27 16:12:51 +08:00
Carsten "Tomcat" Book
336105a0de merge mozilla-inbound to mozilla-central a=merge 2016-07-22 11:58:02 +02:00
Wes Kocher
f11c79a662 Merge m-c to inbound, a=merge CLOSED TREE 2016-07-21 15:59:28 -07:00
Carsten "Tomcat" Book
bc1b31b01b Merge mozilla-central to autoland 2016-07-21 16:27:58 +02:00
Gian-Carlo Pascutto
0b8cfd1d36 Bug 1284240 - Use boolean rather than flag for Sandboxing Telemetry. r=gfritzsche 
MozReview-Commit-ID: EsXFAbEyxYs

--HG--
extra : rebase_source : 95bbfa30597490fb1b972056651b75f5a129daad
 2016-07-21 09:39:09 +02:00
Julian Hector
ea69125244 Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp 2016-07-10 22:06:57 +02:00
Julian Hector
f6b06d33a3 Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp 
MozReview-Commit-ID: AJEA73cJFo2
 2016-07-15 17:57:28 +02:00
Julian Hector
0caf755557 Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp 2016-07-15 17:34:29 +02:00
Tom Tromey
5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps 
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
 2016-07-14 10:16:42 -06:00
Julian Hector
b23e6a33e4 Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp 
MozReview-Commit-ID: FRVorDIIUVR
 2016-07-12 18:24:54 +02:00
Julian Hector
6dbdc2284b Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp 
MozReview-Commit-ID: CkX1txdLAMg
 2016-07-20 06:36:00 +02:00
Jed Davis
622813449c Bug 1286324 - Make fork() non-fatal in Linux content sandbox. r=jhector 
fork() will now fail with EPERM instead of crashing; see code comment
and bug for more info.  Tested with GTK3 Oxygen theme and SCIM, which
both seem to work.  Also verified that GMP child processes still crash
on fork().

--HG--
extra : rebase_source : 267c4cb892b691502a9d7760bca4d23fee3fe449
 2016-07-14 15:00:00 -04:00
Julian Hector
54f8b7b221 Bug 1286413 - Add CASES_FOR_fchown and use it. r=gcp 
--HG--
extra : rebase_source : b16522c25182223094fe2ed9ae18d5894bf6f9f1
 2016-07-13 01:18:02 +02:00
Carsten "Tomcat" Book
cd4a2ce973 Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber 
--HG--
extra : rebase_source : dede3bd9767b450934308a4c3de215a8837be93a
 2016-07-14 13:51:16 +02:00
Julian Hector
c58d37220b Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp 2016-07-13 15:03:30 +02:00
Julian Hector
a6c28f48e6 Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp 2016-07-13 01:18:02 +02:00
Julian Hector
50053496e7 Bug 1286033 - Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp 
--HG--
extra : rebase_source : 798fc3366d54abb256807952aa6e50438a8f8c7a
 2016-07-12 04:42:00 +02:00
Julian Hector
5c72f0a928 Bug 1285946 - Add sys_readv to seccomp whitelist. r=gcp 2016-07-11 18:51:33 +02:00
Julian Hector
620e4db84f Bug 1285827 - Add sys_link to seccomp whitelist. r=gcp 2016-07-11 19:38:53 +02:00
Julian Hector
3e3082511c Bug 1285816 - Add sys_accept4 to seccomp whitelist. r=gcp 
MozReview-Commit-ID: 8NTeEtX9wMz
 2016-07-11 00:12:49 +02:00
Julian Hector
085ce99e60 Bug 1285771 - Add sys_mlock to seccomp whitelist. r=gcp 2016-07-11 19:32:55 +02:00
Gian-Carlo Pascutto
bb409b10ab Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd 
For some reason libfontconfig really Needs To Know.

MozReview-Commit-ID: KSET8D5h9xf

--HG--
extra : rebase_source : 10c5df6a4b8b85be120a9828686d0c63e3fff5d4
 2016-07-11 10:54:48 +02:00
Gian-Carlo Pascutto
c4c92abf28 Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd 
MozReview-Commit-ID: 1yV0uqiMSru

--HG--
extra : rebase_source : cbc57f22fc4b5818b1ac9857446d2190eaa359c2
 2016-07-11 10:15:31 +02:00
Julian Hector
2071bf3b6c Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp 2016-07-08 17:59:41 +02:00
Gian-Carlo Pascutto
b3b0630046 Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector 
MozReview-Commit-ID: 7UE6hyDiC6H

--HG--
extra : rebase_source : ef1fcbf9e2aefbf2b215e18a459ce72d4e0abc5c
extra : histedit_source : 02ba293c9af543f850c6ddeb2ca214f7527e3923
 2016-07-08 17:12:30 +02:00
Julian Hector
aa5c174aa4 Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: JQAQAbHUObN

--HG--
extra : rebase_source : 42a14a28503b685125f27faa40ae4efc920c5c5d
 2016-06-16 12:39:07 +02:00
Julian Hector
feca70c6cc Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp 
MozReview-Commit-ID: HrBpcQ1BYFI

--HG--
extra : rebase_source : 0505ff9f9260627a0519e1f0ea536efd7af0210e
 2016-07-05 03:07:00 +02:00
Julian Hector
3ab8691db7 Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp 
MozReview-Commit-ID: 8CW916cJsUZ
 2016-07-05 13:51:57 +02:00
Carsten "Tomcat" Book
30cb0bf87f Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts 2016-07-05 12:25:55 +02:00
Carsten "Tomcat" Book
d90190d784 Backed out changeset 730fcdccb26e (bug 742434) 2016-07-05 12:25:41 +02:00
Julian Hector
a4e6059aeb Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: HyNozlK5SAE
 2016-06-16 12:39:07 +02:00
Julian Hector
21e153fc19 Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp 
MozReview-Commit-ID: HrBpcQ1BYFI
 2016-07-05 03:07:00 +02:00
Gian-Carlo Pascutto
0a5cac2ffc Backed out 2 changesets (bug 742434) 
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)

MozReview-Commit-ID: 8Chchv4HUL

--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
 2016-07-04 18:00:53 +02:00
Julian Hector
c50fb0578f Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld 
MozReview-Commit-ID: CuSCwcwRiND
 2016-06-16 12:39:07 +02:00
Gian-Carlo Pascutto
a7f65e7eac Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld 
MozReview-Commit-ID: F9rVM0VKmUR

--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
 2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto
d270c42cdd Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld 
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.

See Linux kernel commit:

commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date:   Tue Jul 14 15:24:24 2015 -0700

    x86/entry/syscalls: Wire up 32-bit direct socket calls


MozReview-Commit-ID: I3GEvolGfsR

--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
 2016-06-29 20:34:40 +02:00
Thomas Zimmermann
97a43c0b93 Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice 
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
 2016-06-16 08:43:51 +01:00
Sebastian Hengst
bb691db120 Backed out changeset b6c190b08824 (bug 1276927) 2016-06-15 12:23:52 +02:00
Thomas Zimmermann
565a7b74dc Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice 
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
 2016-06-15 10:59:49 +01:00
Julian Hector
14d815c27e Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld 
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
 2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto
d543e16807 Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld 
MozReview-Commit-ID: FsJ8ER9B9EY

--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
 2016-05-18 14:39:20 +02:00
Julian Hector
d5bb492be4 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector
1f2003d5b1 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book
efa443d4d3 Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js 
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
 2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book
1d324ed30a Backed out changeset 62646bfa1f95 (bug 1274873) 
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
 2016-06-07 12:06:51 +02:00
Julian Hector
fd5c167bdc Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld 2016-05-28 20:33:49 +02:00
Julian Hector
1b857c2f98 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector
1c0ad8ce67 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Julian Hector
d0f949dad4 Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
 2016-05-27 16:00:50 +02:00
Julian Hector
cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
 2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld 
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
 2016-05-27 15:56:35 +02:00
Alexandre Lissy
c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld 
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
 2016-05-26 01:02:25 +02:00
Gian-Carlo Pascutto
e8fd20fdcf Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche 
MozReview-Commit-ID: 6Un4yNzxGgg

--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
 2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
be11014a2b Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE 2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65 Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche 
MozReview-Commit-ID: GtIPsRqq5hr

--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
 2016-05-18 18:37:44 +02:00
Julian Hector
5894681e14 Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld 
MozReview-Commit-ID: IeFwQ2Gv21z

--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
 2016-05-20 14:42:50 +02:00
Chris Peterson
353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Gian-Carlo Pascutto
6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld 
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
 2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj. 
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
 2016-04-27 14:16:50 +10:00
Julian Hector
4c291ae709 Bug 1176099 - Fix missing NULL check r=luke 
MozReview-Commit-ID: ICNQNqJZzA8
 2016-04-28 20:41:14 +02:00
Julian Hector
3871240519 Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium 2016-04-21 13:17:50 +00:00
Julian Hector
1942e09c83 Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld 
MozReview-Commit-ID: 4kFgfxhCMFl

--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
 2016-04-21 15:59:53 +02:00
Julian Hector
d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
Thomas Zimmermann
e1b5ef463a Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld 
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
 2016-04-14 10:12:39 +02:00