Phil Ringnalda
c9fdc270b6
Merge m-c to autoland
...
--HG--
rename : dom/media/webaudio/compiledtest/TestAudioEventTimeline.cpp => dom/media/webaudio/gtest/TestAudioEventTimeline.cpp
2016-11-03 20:02:24 -07:00
Gian-Carlo Pascutto
35af45b5fe
Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r=jld
...
MozReview-Commit-ID: 82nCmXqnCbp
--HG--
extra : rebase_source : 8a94e2754a13bd82a007c087dd5b97c4e5c13e7a
2016-11-02 20:02:42 +01:00
Jed Davis
76488739a9
Bug 1272062 - Merge security/sandbox/linux/common into its parent directory. r=gcp
...
Now that SandboxInfo is always part of libmozsandbox, instead of being
in different places depending on widget, it doesn't need to be a
separate directory anymore.
Also updates a few comments that referenced it.
--HG--
rename : security/sandbox/linux/common/LinuxSched.h => security/sandbox/linux/LinuxSched.h
rename : security/sandbox/linux/common/SandboxInfo.cpp => security/sandbox/linux/SandboxInfo.cpp
rename : security/sandbox/linux/common/SandboxInfo.h => security/sandbox/linux/SandboxInfo.h
2016-10-27 22:06:00 +02:00
Gian-Carlo Pascutto
8b0d2992cb
Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld
...
MozReview-Commit-ID: JjNfA6wUe3T
--HG--
extra : rebase_source : ad565d238e7554a951d2f6b4e076918bdfd7a450
extra : histedit_source : 127ff408e498f7c687cf6e7f8f7b4e2fbb8c5ae8
2016-10-25 20:43:42 +02:00
Jed Davis
67a039045c
Bug 1268733 - Move Linux sandboxing code back out to libmozsandbox.so. r=gcp r=glandium
2016-10-26 16:57:24 -06:00
Jed Davis
dce9969411
Bug 1268733 - Move sandbox interposition shims to their own static library. r=gcp r=glandium
...
This way they'll continue to be at the beginning of the symbol search
path after mozsandbox returns to being a shared library instead of
statically linked into plugin-container.
--HG--
rename : security/sandbox/linux/SandboxHooks.cpp => security/sandbox/linux/interpose/SandboxHooks.cpp
2016-10-26 16:57:18 -06:00
Jed Davis
13fea0b617
Bug 1268733 - Move sandbox telemetry / crash annotation code from mozsandbox to libxul. r=haik
2016-10-26 16:57:10 -06:00
Andi-Bogdan Postelnicu
c7be178cd3
Bug 1309133 - null terminate pathBuf2 in SandboxBroker::ThreadMain. r=gcp
...
MozReview-Commit-ID: 8iA4Yzwj8nv
--HG--
extra : rebase_source : 81af49ea741957a3a79c91dd5503196a0a28a9ef
2016-10-11 15:42:39 +03:00
Gian-Carlo Pascutto
f0dece11a4
Bug 1308564 - Tie logging to MOZ_SANDBOX_VERBOSE instead of DEBUG. r=jld
...
MozReview-Commit-ID: JHIzIvbjA0Q
--HG--
extra : rebase_source : bb5652209a3fdb9e5cccb6c3cc4058fd74173fd1
2016-10-07 21:33:12 +02:00
Gian-Carlo Pascutto
f255eedb86
Bug 1308851 - Open up devices for NVIDIA proprietary driver in the sandbox. r=jld
...
MozReview-Commit-ID: 5OMRNSPBbe1
--HG--
extra : rebase_source : bb554a1f72a9e6bbde9250542989f5c34dfe7267
2016-10-10 20:51:21 +02:00
Gian-Carlo Pascutto
5810afce39
Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
...
MozReview-Commit-ID: 6AdKbBH0NMh
--HG--
extra : rebase_source : aaf58affb124719b3d65dc819d98e7227abff8ec
2016-10-07 22:09:57 +02:00
Gian-Carlo Pascutto
bbcb394669
Bug 1289718 - Clean up stat/stat64 wrapper. Deal with non-default TMPDIR. r=jld
...
MozReview-Commit-ID: DW63be9qd3z
--HG--
extra : rebase_source : 0a1860c70a631b24bcafecb4946c044148536004
2016-10-06 13:25:13 +02:00
Gian-Carlo Pascutto
f3a1ed7502
Bug 1289718 - Extend sandbox file broker to handle paths, support more syscalls. r=jld,tedd
...
MozReview-Commit-ID: DW415ABoaeN
MozReview-Commit-ID: cXrlXNlEwh
MozReview-Commit-ID: CIX6d7td6Bc
MozReview-Commit-ID: DCQ9DGBBjm4
MozReview-Commit-ID: BOYSSof3t7
MozReview-Commit-ID: LmsTqv0GzC2
MozReview-Commit-ID: HOWR0HEHmMg
MozReview-Commit-ID: 6IzqdrUP7lD
MozReview-Commit-ID: 6r6sqOVekVu
MozReview-Commit-ID: 5FL2WkhIxFx
MozReview-Commit-ID: CcTyHn76p46
MozReview-Commit-ID: F8erB4Tvn2V
MozReview-Commit-ID: D9m10t0Rodc
MozReview-Commit-ID: I1llpEBgDP6
--HG--
extra : rebase_source : 1d50d5b7a9936c76decdf268a4e66e34ee7b200c
2016-09-27 17:25:06 +02:00
Tom Schuster
774a8bf34d
Bug 1302163 - Change code to use SprintfLiteral instead of snprintf. r=ehsan
2016-10-04 17:57:51 +02:00
Jed Davis
75b81d566f
Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp
...
--HG--
extra : rebase_source : 42fa66774311cc1dcf2c18643c7118483acff89d
2016-09-26 16:10:00 -04:00
Jed Davis
cb2e7d319f
Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp
...
--HG--
extra : rebase_source : 595bf264b48968ec25d02c82866ef02ef87a59fa
2016-09-26 16:32:00 -04:00
Bob Owen
d453628509
Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld
...
MozReview-Commit-ID: 14eHMsYZznA
2016-09-06 08:57:21 +01:00
Wes Kocher
81db6ce036
Merge m-c to autoland, a=merge
2016-08-30 18:15:33 -07:00
Gian-Carlo Pascutto
dd0d72c51a
Bug 1295190 - Add sys_flock to seccomp whitelist. r=jld
...
MozReview-Commit-ID: 2GxNWzwfh3u
--HG--
extra : rebase_source : e64bb3d7e499f97dd77721c230bb849e0654ca05
2016-08-22 15:51:05 +02:00
Gian-Carlo Pascutto
7cb06880d3
Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd
...
MozReview-Commit-ID: 72RrNf57FQQ
--HG--
extra : rebase_source : 875e95ee560ff35e81fb38e8459dfe7256c24735
2016-08-30 16:59:39 +02:00
Kan-Ru Chen
b6d880aca1
Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj
...
The patch is generated from following command:
rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,
MozReview-Commit-ID: AtLcWApZfES
--HG--
rename : mfbt/unused.h => mfbt/Unused.h
2016-08-24 14:47:04 +08:00
Gian-Carlo Pascutto
e2d263a0f4
Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd
...
MozReview-Commit-ID: BUDRwsuAu0W
--HG--
extra : rebase_source : 9fa3cf044d67ed09e9a6a4cd8c5d5b0023d8077d
2016-08-18 16:56:12 +02:00
Jed Davis
10843a73b7
Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
...
Making readlink() always fail with EINVAL (the result of applying it
to a non-symlink) worked on B2G, but this is not the case on desktop.
(Note: originally the idea for the B2G file broker was that it would
ignore symlinks and map lstat to stat, so that behavior for readlink
would have been consistent, but as eventually implemented it does do
lstat as actual lstat.)
In particular, this seems to be causing something in the graphics
library stack to change what GL renderer it uses (?), and on some
systems the presence of the readlink->EINVAL rule causes it to load a
version of the llvmpipe software renderer with a crash bug, instead of
(we assume) some other driver that works.
2016-08-08 14:59:19 -07:00
Gian-Carlo Pascutto
c53a105dc7
Bug 1288410 - Basic implementation of AddDir and recursive Lookup. r=tedd
...
MozReview-Commit-ID: 36jAPfm29LO
--HG--
extra : rebase_source : 5eb2a9b02ad3c40375b9a4d9b3f38d75932e29b1
2016-08-10 15:09:58 +02:00
Carsten "Tomcat" Book
389a3e0817
merge mozilla-inbound to mozilla-central a=merge
...
--HG--
rename : mobile/android/base/java/org/mozilla/gecko/GeckoAppShell.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/GeckoLayerClient.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/GeckoLayerClient.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/LayerRenderer.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/LayerRenderer.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/PanningPerfAPI.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/PanningPerfAPI.java
2016-08-04 15:55:50 +02:00
Alexandre Lissy
0af5b943b6
Bug 1284674 - Remove NUWA r=cyu
...
MozReview-Commit-ID: GyMRNzOBKw6
--HG--
extra : rebase_source : 293af1cd55f2035ce6a99f4ebf144059c32a2b8f
2016-08-02 14:54:00 +02:00
Jed Davis
5fc855cf94
Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
2016-08-01 13:10:00 +02:00
Jed Davis
6f2404e02a
Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp
2016-08-01 15:47:00 +02:00
Jed Davis
938691d027
Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd
2016-08-01 15:44:00 +02:00
L. David Baron
3e30ec6687
Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector
...
jprof is an in-tree profiling tool that runs on Linux.
This fixes the error:
Sandbox: seccomp sandbox violation: pid 29698, syscall 38, args 0 140731305513136 0 830 22509600 1. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01 : __GI_setitimer (/build/glibc-GKVZIf/glibc-2.23/time/../sysdeps/unix/syscall-template.S:84)
Sandbox: frame #02 : startSignalCounter(unsigned long) (.../mozilla-central/mozilla/tools/jprof/stub/libmalloc.cpp:464)
which occurs during shutdown when running with jprof enabled via the
JPROF_FLAGS environment variable containing JP_DEFER without actually
sending the signal to start jprof. It presumably occurs sooner if jprof
is actually used either via JP_START or by senging a SIGPROF/SIGALRM.
With the patch, these steps run to completion.
MozReview-Commit-ID: Fx4tzEyqIj2
--HG--
extra : transplant_source : %2AU%15F%8A%C5%E6%1D%03%20%1B%F6W%E9%EB%DA%8F%E7f%5D
2016-08-01 08:49:48 +01:00
Julian Seward
a3b23bd33c
Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector.
2016-07-29 17:42:55 +02:00
Julian Hector
6c0d578d0e
Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp
2016-07-27 15:45:02 +02:00
Fabrice Desré
c23a54d9ec
Bug 1289381 - Don't fail to build sandboxing with --disable-crashreporter r=gcp
2016-07-26 04:35:43 -07:00
Julian Hector
3236586a67
Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp
2016-07-25 19:37:58 +02:00
Julian Hector
1ab18ae903
Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp
2016-07-23 17:13:52 +02:00
Haik Aftandilian
8f7ffc84b7
Bug 1274540 - Record sandboxing status in crash reports; r=gcp
...
Adds content sandbox metadata to parent and child crash reports:
Includes the value of pref security.sandbox.content.level,
whether or not the system is capable of sandboxing, if the
sandbox was successfully turned on, and (on Linux systems)
the sandbox capabilities flags.
New crash report keys:
"ContentSandboxLevel" in parent and content
"ContentSandboxCapable" in parent
"ContentSandboxEnabled" in content
"ContentSandboxCapabilities" in content on Linux
2016-07-25 13:21:00 +02:00
Wei-Cheng Pan
fd87664d8e
Bug 1264566 - Part 2: Refactor all usage of FileDescriptor. r=valentin
...
Callers should use a UniquePtr to hold the platform handle.
MozReview-Commit-ID: 6BWnyAf4b3a
--HG--
extra : transplant_source : %26%CA%0D%28%08%9BT%97Z%A1%3Dq%CD%21%A1_%EFE%83%0E
extra : histedit_source : 77f8ed3d0fdec6cce0c95469130ade0fb547bb91
2016-05-27 16:12:51 +08:00
Carsten "Tomcat" Book
336105a0de
merge mozilla-inbound to mozilla-central a=merge
2016-07-22 11:58:02 +02:00
Wes Kocher
f11c79a662
Merge m-c to inbound, a=merge CLOSED TREE
2016-07-21 15:59:28 -07:00
Carsten "Tomcat" Book
bc1b31b01b
Merge mozilla-central to autoland
2016-07-21 16:27:58 +02:00
Gian-Carlo Pascutto
0b8cfd1d36
Bug 1284240 - Use boolean rather than flag for Sandboxing Telemetry. r=gfritzsche
...
MozReview-Commit-ID: EsXFAbEyxYs
--HG--
extra : rebase_source : 95bbfa30597490fb1b972056651b75f5a129daad
2016-07-21 09:39:09 +02:00
Julian Hector
ea69125244
Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp
2016-07-10 22:06:57 +02:00
Julian Hector
f6b06d33a3
Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp
...
MozReview-Commit-ID: AJEA73cJFo2
2016-07-15 17:57:28 +02:00
Julian Hector
0caf755557
Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp
2016-07-15 17:34:29 +02:00
Tom Tromey
5538d692d3
Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
...
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Julian Hector
b23e6a33e4
Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp
...
MozReview-Commit-ID: FRVorDIIUVR
2016-07-12 18:24:54 +02:00
Julian Hector
6dbdc2284b
Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
...
MozReview-Commit-ID: CkX1txdLAMg
2016-07-20 06:36:00 +02:00
Jed Davis
622813449c
Bug 1286324
- Make fork() non-fatal in Linux content sandbox. r=jhector
...
fork() will now fail with EPERM instead of crashing; see code comment
and bug for more info. Tested with GTK3 Oxygen theme and SCIM, which
both seem to work. Also verified that GMP child processes still crash
on fork().
--HG--
extra : rebase_source : 267c4cb892b691502a9d7760bca4d23fee3fe449
2016-07-14 15:00:00 -04:00
Julian Hector
54f8b7b221
Bug 1286413
- Add CASES_FOR_fchown and use it. r=gcp
...
--HG--
extra : rebase_source : b16522c25182223094fe2ed9ae18d5894bf6f9f1
2016-07-13 01:18:02 +02:00
Carsten "Tomcat" Book
cd4a2ce973
Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber
...
--HG--
extra : rebase_source : dede3bd9767b450934308a4c3de215a8837be93a
2016-07-14 13:51:16 +02:00
Julian Hector
c58d37220b
Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp
2016-07-13 15:03:30 +02:00
Julian Hector
a6c28f48e6
Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp
2016-07-13 01:18:02 +02:00
Julian Hector
50053496e7
Bug 1286033 - Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp
...
--HG--
extra : rebase_source : 798fc3366d54abb256807952aa6e50438a8f8c7a
2016-07-12 04:42:00 +02:00
Julian Hector
5c72f0a928
Bug 1285946 - Add sys_readv to seccomp whitelist. r=gcp
2016-07-11 18:51:33 +02:00
Julian Hector
620e4db84f
Bug 1285827 - Add sys_link to seccomp whitelist. r=gcp
2016-07-11 19:38:53 +02:00
Julian Hector
3e3082511c
Bug 1285816 - Add sys_accept4 to seccomp whitelist. r=gcp
...
MozReview-Commit-ID: 8NTeEtX9wMz
2016-07-11 00:12:49 +02:00
Julian Hector
085ce99e60
Bug 1285771 - Add sys_mlock to seccomp whitelist. r=gcp
2016-07-11 19:32:55 +02:00
Gian-Carlo Pascutto
bb409b10ab
Bug 1285293
- Add fstatfs to seccomp-bpf whitelist. r=tedd
...
For some reason libfontconfig really Needs To Know.
MozReview-Commit-ID: KSET8D5h9xf
--HG--
extra : rebase_source : 10c5df6a4b8b85be120a9828686d0c63e3fff5d4
2016-07-11 10:54:48 +02:00
Gian-Carlo Pascutto
c4c92abf28
Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd
...
MozReview-Commit-ID: 1yV0uqiMSru
--HG--
extra : rebase_source : cbc57f22fc4b5818b1ac9857446d2190eaa359c2
2016-07-11 10:15:31 +02:00
Julian Hector
2071bf3b6c
Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp
2016-07-08 17:59:41 +02:00
Gian-Carlo Pascutto
b3b0630046
Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector
...
MozReview-Commit-ID: 7UE6hyDiC6H
--HG--
extra : rebase_source : ef1fcbf9e2aefbf2b215e18a459ce72d4e0abc5c
extra : histedit_source : 02ba293c9af543f850c6ddeb2ca214f7527e3923
2016-07-08 17:12:30 +02:00
Julian Hector
aa5c174aa4
Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: JQAQAbHUObN
--HG--
extra : rebase_source : 42a14a28503b685125f27faa40ae4efc920c5c5d
2016-06-16 12:39:07 +02:00
Julian Hector
feca70c6cc
Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
...
MozReview-Commit-ID: HrBpcQ1BYFI
--HG--
extra : rebase_source : 0505ff9f9260627a0519e1f0ea536efd7af0210e
2016-07-05 03:07:00 +02:00
Julian Hector
3ab8691db7
Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp
...
MozReview-Commit-ID: 8CW916cJsUZ
2016-07-05 13:51:57 +02:00
Carsten "Tomcat" Book
30cb0bf87f
Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts
2016-07-05 12:25:55 +02:00
Carsten "Tomcat" Book
d90190d784
Backed out changeset 730fcdccb26e (bug 742434)
2016-07-05 12:25:41 +02:00
Julian Hector
a4e6059aeb
Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: HyNozlK5SAE
2016-06-16 12:39:07 +02:00
Julian Hector
21e153fc19
Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
...
MozReview-Commit-ID: HrBpcQ1BYFI
2016-07-05 03:07:00 +02:00
Gian-Carlo Pascutto
0a5cac2ffc
Backed out 2 changesets (bug 742434)
...
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)
MozReview-Commit-ID: 8Chchv4HUL
--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
2016-07-04 18:00:53 +02:00
Julian Hector
c50fb0578f
Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld
...
MozReview-Commit-ID: CuSCwcwRiND
2016-06-16 12:39:07 +02:00
Gian-Carlo Pascutto
a7f65e7eac
Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
...
MozReview-Commit-ID: F9rVM0VKmUR
--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto
d270c42cdd
Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld
...
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.
See Linux kernel commit:
commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date: Tue Jul 14 15:24:24 2015 -0700
x86/entry/syscalls: Wire up 32-bit direct socket calls
MozReview-Commit-ID: I3GEvolGfsR
--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
2016-06-29 20:34:40 +02:00
Thomas Zimmermann
97a43c0b93
Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
...
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
2016-06-16 08:43:51 +01:00
Sebastian Hengst
bb691db120
Backed out changeset b6c190b08824 (bug 1276927)
2016-06-15 12:23:52 +02:00
Thomas Zimmermann
565a7b74dc
Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
...
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
2016-06-15 10:59:49 +01:00
Julian Hector
14d815c27e
Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
...
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto
d543e16807
Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
...
MozReview-Commit-ID: FsJ8ER9B9EY
--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
2016-05-18 14:39:20 +02:00
Julian Hector
d5bb492be4
Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld
2016-05-26 16:20:44 +02:00
Julian Hector
1f2003d5b1
Bug 1274873 - Part 1: Change search order for free signal r=jld
2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book
efa443d4d3
Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js
...
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book
1d324ed30a
Backed out changeset 62646bfa1f95 (bug 1274873)
...
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
2016-06-07 12:06:51 +02:00
Julian Hector
fd5c167bdc
Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld
2016-05-28 20:33:49 +02:00
Julian Hector
1b857c2f98
Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld
2016-05-26 16:20:44 +02:00
Julian Hector
1c0ad8ce67
Bug 1274873 - Part 1: Change search order for free signal r=jld
2016-05-26 16:19:28 +02:00
Julian Hector
d0f949dad4
Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector
cb6d29b0b7
Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162
Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Alexandre Lissy
c6be1d0d13
Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
...
MozReview-Commit-ID: 3TVdcY7aXvW
--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Gian-Carlo Pascutto
e8fd20fdcf
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: 6Un4yNzxGgg
--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
be11014a2b
Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE
2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: GtIPsRqq5hr
--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Julian Hector
5894681e14
Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld
...
MozReview-Commit-ID: IeFwQ2Gv21z
--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
2016-05-20 14:42:50 +02:00
Chris Peterson
353ee65255
Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium
2016-05-11 00:00:01 -07:00
Gian-Carlo Pascutto
6491a25e6f
Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
...
MozReview-Commit-ID: DvaHjOa5GOv
--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327
Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
...
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.
MozReview-Commit-ID: 1VS4Dney4WX
--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Julian Hector
4c291ae709
Bug 1176099 - Fix missing NULL check r=luke
...
MozReview-Commit-ID: ICNQNqJZzA8
2016-04-28 20:41:14 +02:00
Julian Hector
3871240519
Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium
2016-04-21 13:17:50 +00:00
Julian Hector
1942e09c83
Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
...
MozReview-Commit-ID: 4kFgfxhCMFl
--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
2016-04-21 15:59:53 +02:00
Julian Hector
d9a01beca2
Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld
2016-04-13 12:41:19 +00:00
Thomas Zimmermann
e1b5ef463a
Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
...
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
2016-04-14 10:12:39 +02:00