wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
197,489 Commits 1 Branch 166 Tags 1.2 GiB
7bab545482
Commit Graph

64 Commits

Author SHA1 Message Date
Jed Davis
7bab545482 Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang r=ted 
--HG--
extra : rebase_source : 1b890000d5b8d2a8954cdd1118a1023eba829c29
 2014-08-04 15:11:18 -07:00
Jed Davis
54f805e8b9 Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang 
--HG--
extra : rebase_source : e93a4a76f8188d715886e263a366d694c28b4525
 2014-08-04 15:11:04 -07:00
Jed Davis
b31eafbe86 Bug 1046525 - Allow get{e,}gid and sched_{g,s}etparam in sandboxed content processes. r=kang 
Some of these were already in the desktop whitelist; those duplicates
are removed.

--HG--
extra : amend_source : 3ab4b50e3f1980b4d7b93cc17f34b926e2aa2396
 2014-08-01 15:05:44 -07:00
Ed Morley
433e593c8c Backed out changeset d50d7e88f35e (bug 1012951) for LSan failures 2014-07-30 16:49:43 +01:00
Jed Davis
ac97af274c Bug 1012951 - Sandbox GMP plugins on Linux using seccomp-bpf. r=kang r=ted 2014-07-29 15:31:12 -07:00
Jed Davis
4f62652919 Bug 1017393 - Record rejected syscall number in crash dump. r=kang 2014-07-24 11:36:00 +02:00
Jed Davis
1cdd0d8544 Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted 
--HG--
extra : amend_source : 450d51dab077794e194bf407044de95627de0cde
 2014-07-17 14:57:28 -07:00
Jed Davis
285d65221e Bug 1038900 - Dynamically allocate signal number for sandbox startup. r=kang 2014-07-16 13:37:00 +02:00
Jed Davis
ad5a014572 Bug 1038490 - Fix misuse of MOZ_WIDGET_GONK in Linux content process sandbox policy. r=kang 
--HG--
extra : amend_source : 0a7fe8ca751b59102cbc23316b18982268306423
 2014-07-14 18:35:56 -07:00
Jed Davis
ada7d21572 Bug 1038486 - Fix Linux desktop seccomp sandbox build on 32-bit x86. r=kang 
--HG--
extra : amend_source : 130d2cbd485734997739ea96ac5d83c01899d8b0
 2014-07-09 16:52:56 -07:00
jvoisin
7c10650a8f Bug 1035786 - Fix namespace bug in Linux sandbox LOG_ERROR macro. r=jld 2014-07-08 05:53:00 +01:00
Jed Davis
d9856e93b1 Bug 1035786 - Avoid warning-as-error sandbox build failure with an explicit cast. r=gdestuynder 
getpid() is never negative, so this is safe.
 2014-07-10 17:37:45 -07:00
Bob Owen
218decde34 Bug 1035786 - Fix member variable initialisation order in LogMessage stub in Linux Sandbox.cpp. r=jld 2014-07-09 12:32:49 +01:00
Jed Davis
dd6575be07 Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang 
--HG--
extra : rebase_source : 4737cfd613c1ddee8e1a4340e819eddc151e73f7
extra : histedit_source : 2d2610a775a3ae986157f61ef3797f4e88baa922
 2014-07-02 11:28:48 -07:00
Wes Kocher
f174cd042e Backed out 3 changesets (bug 956961) for non-unified build bustage 
Backed out changeset f1be89cb58b9 (bug 956961)
Backed out changeset 272b01e4f856 (bug 956961)
Backed out changeset 56907af18c66 (bug 956961)
 2014-07-02 15:03:29 -07:00
Jed Davis
49f614d6ca Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang 
--HG--
extra : amend_source : 66f2453794e6a8a581e1564e786cfc8cac1f6bbd
 2014-07-02 11:28:48 -07:00
Jed Davis
d1a5790ae4 Bug 1014299 - Add times() to seccomp whitelist. r=kang 
This system call seems to be used by some versions of the Qualcomm Adreno
graphics drivers when we run WebGL apps.
 2014-06-02 14:52:00 +02:00
Jed Davis
c7dae997a6 Bug 920372 - Fix socketcall whitelisting on i386. r=kang 2014-05-20 18:38:14 -07:00
Jed Davis
1523066770 Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang 2014-05-20 18:38:06 -07:00
Jed Davis
3a308504da Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang 2014-05-20 18:37:53 -07:00
Jed Davis
52cd05523d Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang 2014-05-02 16:57:00 +02:00
Jed Davis
a52d5f0783 Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang 2014-04-17 16:23:23 -04:00
Jed Davis
738f39b679 Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang 2014-04-11 13:09:00 +02:00
Boris Zbarsky
46967823f5 Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE 2014-04-12 00:38:06 -04:00
Jed Davis
f8ce2f4279 Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang 2014-04-09 15:23:00 +02:00
Jed Davis
ddc591c878 Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang 
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
 2014-03-28 17:58:26 -07:00
Jed Davis
b939b580cf Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
d06bc434b1 Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
893f056ba5 Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang 
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
 2014-03-20 10:19:42 -04:00
Jed Davis
a8a37995ce Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang 2014-03-20 09:27:28 -04:00
Guillaume Destuynder
fc8cf73ff1 Bug 983518: Fix running B2G-1.4 on KitKat by whitelisting sigalstack in the sandbox. r=kang r=jld 2014-03-14 18:54:20 -07:00
Vicamo Yang
3bcd1c9eb8 Bug 944625 - B2G Emulator-x86: fix undeclared __NR_sendto, __NR_recvfrom. r=jld,kang 2014-03-13 13:44:43 +09:00
Jed Davis
f8d175ce14 Bug 977859 - Drop uid 0 in all content processes immediately after fork. r=bent r=kang 
Now all regular child processes, including preallocated, are deprivileged.
Only Nuwa needs uid 0, because each of its children has a different uid/gid.
 2014-03-12 15:48:15 -07:00
Jed Davis
685530a9a5 Bug 979686 - Fix the non-(ARM|x86|x86_64) desktop build. r=kang 2014-03-06 12:23:06 -08:00
Jed Davis
cfaafc654d Bug 946407 - Disable sandbox when DMDing. r=njn r=kang 
See also bug 956961.
 2014-03-04 18:27:14 -08:00
Jed Davis
b8c81fc6e2 Bug 970676 - Turn on sandboxing on all relevant threads. r=dhylands r=bent f=kang 2014-02-27 13:18:01 -08:00
Jed Davis
1467d9b632 Bug 971128 - Add sched_yield to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Jed Davis
3027739852 Bug 970562 - Add sched_getscheduler to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Jed Davis
6549f56f18 Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang 
This is a workaround for issues with the SCTP code (bug 969715) and
NSPR's IPv6 support (bug 936320).
 2014-02-20 09:35:44 -05:00
Jed Davis
bd5a8731fc Bug 966547 - Switch sipcc from named to anonymous sockets on Unix. r=jesup, r=kang 2014-02-20 09:35:26 -05:00
Jed Davis
cbefd9bed0 Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang 2014-02-19 15:55:42 -05:00
Wes Kocher
ee5da0ab00 Merge m-c to inbound on a CLOSED TREE 2014-02-13 18:50:08 -08:00
Jed Davis
5ea5299c58 Bug 971370 - Fix seccomp whitelist errors caused by strace bug. r=kang 2014-02-13 09:47:16 -05:00
Guillaume Destuynder
cb244dcc84 bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld 2014-02-13 16:26:28 -08:00
Jed Davis
ebe6274bbf Bug 945504 - Include JS stack in sandbox reporter logs. r=kang 2014-02-07 10:46:38 -05:00
Eric Rahm
c1dd0bb669 Bug 969126 - Fix sandbox build for b2g on OS X. r=kang 2014-02-06 16:11:53 -08:00
Jed Davis
230a08b7ab Bug 945498 - Use breakpad to report seccomp violations as crashes. r=ted, r=kang 
Upstream issue for breakpad patch: https://breakpad.appspot.com/1114003/
 2014-02-05 13:29:51 -05:00
Jed Davis
bbc239ca00 Bug 964427 - Whitelist msync (asm.js cache) and sched_get_priority_m{in,ax} (webrtc). r=kang 2014-01-28 09:04:39 -05:00
Jed Davis
e233c87fdd Bug 960365 - Whitelist uname for nsSystemInfo. r=kang 2014-01-21 15:48:00 -05:00
Jed Davis
81f5ace514 Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang 
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.

Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
 2014-01-10 08:22:58 -05:00