diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
index 0dad108d72a..d4adbb1aa98 100644
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -918,13 +918,21 @@ ContentChild::AllocPBackgroundChild(Transport* aTransport,
 bool
 ContentChild::RecvSetProcessSandbox()
 {
-  // We may want to move the sandbox initialization somewhere else
-  // at some point; see bug 880808.
+    // We may want to move the sandbox initialization somewhere else
+    // at some point; see bug 880808.
 #if defined(MOZ_CONTENT_SANDBOX)
 #if defined(XP_LINUX)
-    if (CanSandboxContentProcess()) {
-        SetContentProcessSandbox();
+#if defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
+    // For B2G >= KitKat, sandboxing is mandatory; this has already
+    // been enforced by ContentParent::StartUp().
+    MOZ_ASSERT(CanSandboxContentProcess());
+#else
+    // Otherwise, sandboxing is best-effort.
+    if (!CanSandboxContentProcess()) {
+        return true;
     }
+#endif
+    SetContentProcessSandbox();
 #elif defined(XP_WIN)
     mozilla::SandboxTarget::Instance()->StartSandbox();
 #endif
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
index 94c1d111ea0..99f7499067c 100755
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -177,6 +177,10 @@ using namespace mozilla::system;
 #include "nsIIPCBackgroundChildCreateCallback.h"
 #endif
 
+#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#include "mozilla/Sandbox.h"
+#endif
+
 static NS_DEFINE_CID(kCClipboardCID, NS_CLIPBOARD_CID);
 static const char* sClipboardTextFlavors[] = { kUnicodeMime };
 
@@ -647,6 +651,18 @@ ContentParent::StartUp()
         return;
     }
 
+#if defined(MOZ_CONTENT_SANDBOX) && defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
+    // Require sandboxing on B2G >= KitKat.  This condition must stay
+    // in sync with ContentChild::RecvSetProcessSandbox.
+    if (!CanSandboxContentProcess()) {
+        // MOZ_CRASH strings are only for debug builds; make sure the
+        // message is clear on non-debug builds as well:
+        printf_stderr("Sandboxing support is required on this platform.  "
+                      "Recompile kernel with CONFIG_SECCOMP_FILTER=y\n");
+        MOZ_CRASH("Sandboxing support is required on this platform.");
+    }
+#endif
+
     // Note: This reporter measures all ContentParents.
     RegisterStrongMemoryReporter(new ContentParentsMemoryReporter());