Bob Owen
3f62750874
Bug 1018966 - Part 1: Add the main warn only sandbox machinery - with no Chromium code changes. r=bsmedberg
...
This change also includes the content sandboxing code on Windows Nightly by defining MOZ_CONTENT_SANDBOX=1.
Whether the content sandbox is disabled, in warn only mode, or enabled is controlled by a new pref: browser.tabs.remote.sandbox=(off/warn/on)
2014-06-11 15:32:37 +01:00
Carsten "Tomcat" Book
0b56bf9838
Backed out changeset 5adabc2818b2 (bug 1018966) for b2g bustage
2014-09-04 15:14:41 +02:00
Carsten "Tomcat" Book
d50d535713
Backed out changeset 5d21dd9ca51e (bug 1018966) for b2g Build bustage
2014-09-04 15:13:14 +02:00
Bob Owen
65f144b3ff
Bug 1018966 - Part 2: Make warn only sandbox changes to the Chromium code. r=tabraldes
2014-09-03 10:31:53 +01:00
Bob Owen
cf06b12d8d
Bug 1018966 - Part 1: Add the main warn only sandbox machinery - with no Chromium code changes. r=bsmedberg r=tabraldes
...
This change also includes the content sandboxing code on Windows Nightly by defining MOZ_CONTENT_SANDBOX=1.
Whether the content sandbox is disabled, in warn only mode, or enabled is controlled by a new pref: browser.tabs.remote.sandbox=(off/warn/on)
2014-06-11 15:32:37 +01:00
Mike Hommey
a653121671
Bug 1059113 - Use templates for shared libraries and frameworks. r=gps
...
Also force to use the existing template for XPCOM components.
2014-09-04 09:04:45 +09:00
Mike Hommey
fc99c53ae5
Bug 1041941 - Use templates for programs, simple programs, libraries and C++ unit tests. r=gps
2014-09-03 14:10:54 +09:00
Jed Davis
aaa558dd7c
Bug 1061085 - Clean up misused export macros from bug 1041886. r=glandium
2014-08-31 23:23:00 +02:00
Tim Abraldes
6157602479
bug 1027906. Set delayed token level for GMP plugin processes to USER_RESTRICTED. Whitelist certain files and registry keys that are required for EME plugins to successfully load. r=bobowen. r=jesup. r=bent.
2014-08-29 17:34:26 -07:00
Jed Davis
75747ff40f
Bug 1059602 - Make libxul -> libmozsandbox dependency not a weak symbol. r=glandium
...
MFBT_API is not the right macro for this; it changes the affected
definition/usage to a weak symbol, for reasons explained in the comments
on its definition.
This was causing the linker to drop the dependency from libmozglue
to libmozsandbox, in some cases (--as-needed, with a linker that
doesn't consider weak symbols "needed"), and thus load libxul with
gSandboxCrashFunc relocated to address 0 (the expected behavior of an
unresolved weak symbol), which caused crashes when writing to it on
startup.
--HG--
extra : amend_source : b99fded391ae90b1311f4cabaf40f15e6414f245
2014-08-28 23:23:13 -07:00
David Major
492c4f4f7d
Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe. r=glandium,f=tabraldes
...
--HG--
rename : security/sandbox/moz.build => security/sandbox/objs.mozbuild
extra : rebase_source : e0b1515a4729ecfe82a67b6439d9a38453f7556a
2014-08-28 14:50:10 +12:00
Jed Davis
6315518788
Bug 1041886 - Fix no-opt-only build bustage caused by mozilla::unused. r=glandium
...
See also bug 1059038.
2014-08-26 19:23:44 -07:00
Jed Davis
6746bb3d35
Bug 1054616 - Clean up logging-related shims for Linux sandboxing. r=kang
2014-08-26 13:54:16 -07:00
Jed Davis
773d03d0d7
Bug 1041886 - Separate Linux sandbox code into its own shared library. r=kang r=glandium
...
This creates libmozsandbox.so on builds that use sandboxing
(MOZ_CONTENT_SANDBOX or MOZ_GMP_SANDBOX).
The unavoidably libxul-dependent parts, for invoking the crash reporter
and printing the JS context, are separated into glue/SandboxCrash.cpp
and invoked via a callback.
2014-08-26 13:54:09 -07:00
Jed Davis
dcfa9f6e79
Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang
2014-08-26 13:54:03 -07:00
Steven Michaud
a17eb6d1fd
Bug 1056936 - Specify full path to plugin-container in sandbox rules. r=rjesup
2014-08-25 15:01:04 -05:00
Masatoshi Kimura
1ee4b71e83
Bug 1055541 - Fix build failure on VS2013 with --enable-warnings-as-errors due to Warning C4996. r=ehsan
2014-08-20 04:09:03 +09:00
Chris Peterson
ed9323def1
Bug 1052033 - Fix warnings in security/sandbox and mark as FAIL_ON_WARNINGS. r=smichaud
2014-08-09 14:25:24 -07:00
Jed Davis
212cc5b860
No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang
...
--HG--
extra : rebase_source : c0e936b62289c0e5eecad41fce9afac881fe4667
2014-08-14 15:39:14 -07:00
Jed Davis
66d1734f54
Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang
...
Also refactors how sandbox support and disabling are handled, and allows
simulating a lack of sandbox support with an env var (for testing
without rebuilding a kernel).
2014-08-12 21:28:27 -07:00
Steven Michaud
d67d41563b
Bug 1012949 - Sandbox the OpenH264 plugin for Mac r=rjesup,areinald,ted a=PatchNeedsToLandToday
2014-08-08 11:55:22 -05:00
Mike Hommey
0f4c5d9244
Bug 1047267 - Move remaining OS_LIBS and EXTRA_LIBS to moz.build. r=gps
...
* * *
Bug 1047267 - To fold with "Move remaining OS_LIBS and EXTRA_LIBS to moz.build"
2014-08-07 14:21:03 +09:00
Mike Hommey
ec54bf6c1f
Bug 1045783 - Move most OS_LIBS to moz.build and do some related cleanup. r=mshal
2014-08-06 07:25:33 +09:00
Jed Davis
b55b89b5b5
Bug 1047620 - Fix sandboxing for B2G --disable-jemalloc builds. r=kang
...
--HG--
extra : rebase_source : 1b2ec6491277a9dc451ab767d8563076cf522c27
2014-08-04 15:11:33 -07:00
Jed Davis
7bab545482
Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang r=ted
...
--HG--
extra : rebase_source : 1b890000d5b8d2a8954cdd1118a1023eba829c29
2014-08-04 15:11:18 -07:00
Jed Davis
54f805e8b9
Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang
...
--HG--
extra : rebase_source : e93a4a76f8188d715886e263a366d694c28b4525
2014-08-04 15:11:04 -07:00
Jed Davis
b31eafbe86
Bug 1046525 - Allow get{e,}gid and sched_{g,s}etparam in sandboxed content processes. r=kang
...
Some of these were already in the desktop whitelist; those duplicates
are removed.
--HG--
extra : amend_source : 3ab4b50e3f1980b4d7b93cc17f34b926e2aa2396
2014-08-01 15:05:44 -07:00
Ed Morley
433e593c8c
Backed out changeset d50d7e88f35e (bug 1012951) for LSan failures
2014-07-30 16:49:43 +01:00
Jed Davis
ac97af274c
Bug 1012951 - Sandbox GMP plugins on Linux using seccomp-bpf. r=kang r=ted
2014-07-29 15:31:12 -07:00
Jed Davis
4f62652919
Bug 1017393 - Record rejected syscall number in crash dump. r=kang
2014-07-24 11:36:00 +02:00
Mike Hommey
71623acdd6
Bug 1036894 part 9 - Replace all EXTRA_DSO_LDOPTS, SHARED_LIBRARY_LIBS and LIBS with EXTRA_LIBS, OS_LIBS or OS_LDFLAGS, appropriately. r=gps
...
OS_LIBS for libraries that are not part of the gecko tree, EXTRA_LIBS for
libraries, such as NSPR, that are in the tree, but are not handled by
moz.build just yet. Those EXTRA_LIBS may also come from a system library.
However, in cases where the expanded variables are always empty for the
in-tree case, OS_LIBS is used (as for, e.g. MOZ_ZLIB_LIBS). OS_LDFLAGS is
used exclusively for non-library linker flags.
Always pass EXTRA_LIBS before OS_LIBS on linker command lines.
Forbid EXTRA_DSO_LDOPTS, SHARED_LIBRARY_LIBS and LIBS in Makefiles.
2014-07-23 13:31:02 +09:00
Mike Hommey
e5c43ef995
Bug 1036894 part 8 - Move most in-tree library linkage information to moz.build, as USE_LIBS. r=gps
2014-07-23 13:30:52 +09:00
Ehsan Akhgari
c7a033be8e
Bug 1041325 - Use intrin.h for _ReturnAddress in the chromium sandbox code; r=bbondy
...
--HG--
extra : rebase_source : 06bb642636a9f3df2e75eb950816a7d48da85faf
2014-07-20 19:05:44 -04:00
Jed Davis
1cdd0d8544
Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted
...
--HG--
extra : amend_source : 450d51dab077794e194bf407044de95627de0cde
2014-07-17 14:57:28 -07:00
Jed Davis
285d65221e
Bug 1038900 - Dynamically allocate signal number for sandbox startup. r=kang
2014-07-16 13:37:00 +02:00
Tim Abraldes
2271b8aa31
bug 985252. Build sandbox code regardless of whether --enable-content-sandbox/MOZ_CONTENT_SANDBOX is provided. Enable sandboxing of GMP plugins. Enable SandboxBroker
to set different security policies for different process types. r=bbondy, r=cpearce, r=bent
2014-07-16 16:01:34 -07:00
Bob Owen
4f4b3629bb
Bug 1035275 - Remove unused base Chromium code. r=bbondy
2014-07-07 13:59:11 +01:00
Jed Davis
ad5a014572
Bug 1038490 - Fix misuse of MOZ_WIDGET_GONK in Linux content process sandbox policy. r=kang
...
--HG--
extra : amend_source : 0a7fe8ca751b59102cbc23316b18982268306423
2014-07-14 18:35:56 -07:00
Jed Davis
ada7d21572
Bug 1038486 - Fix Linux desktop seccomp sandbox build on 32-bit x86. r=kang
...
--HG--
extra : amend_source : 130d2cbd485734997739ea96ac5d83c01899d8b0
2014-07-09 16:52:56 -07:00
jvoisin
7c10650a8f
Bug 1035786 - Fix namespace bug in Linux sandbox LOG_ERROR macro. r=jld
2014-07-08 05:53:00 +01:00
Jed Davis
d9856e93b1
Bug 1035786 - Avoid warning-as-error sandbox build failure with an explicit cast. r=gdestuynder
...
getpid() is never negative, so this is safe.
2014-07-10 17:37:45 -07:00
Bob Owen
218decde34
Bug 1035786 - Fix member variable initialisation order in LogMessage stub in Linux Sandbox.cpp. r=jld
2014-07-09 12:32:49 +01:00
Mike Hommey
07267c6f7f
Bug 1036864 - Remove EXPORT_LIBRARY. r=mshal
2014-07-11 19:06:55 +09:00
Jed Davis
dd6575be07
Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
...
--HG--
extra : rebase_source : 4737cfd613c1ddee8e1a4340e819eddc151e73f7
extra : histedit_source : 2d2610a775a3ae986157f61ef3797f4e88baa922
2014-07-02 11:28:48 -07:00
Wes Kocher
f174cd042e
Backed out 3 changesets (bug 956961) for non-unified build bustage
...
Backed out changeset f1be89cb58b9 (bug 956961)
Backed out changeset 272b01e4f856 (bug 956961)
Backed out changeset 56907af18c66 (bug 956961)
2014-07-02 15:03:29 -07:00
Jed Davis
49f614d6ca
Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
...
--HG--
extra : amend_source : 66f2453794e6a8a581e1564e786cfc8cac1f6bbd
2014-07-02 11:28:48 -07:00
Jed Davis
d1a5790ae4
Bug 1014299 - Add times() to seccomp whitelist. r=kang
...
This system call seems to be used by some versions of the Qualcomm Adreno
graphics drivers when we run WebGL apps.
2014-06-02 14:52:00 +02:00
Bob Owen
2c9a59f64a
Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz
2014-05-14 16:09:31 +01:00
Jed Davis
c7dae997a6
Bug 920372 - Fix socketcall whitelisting on i386. r=kang
2014-05-20 18:38:14 -07:00
Jed Davis
1523066770
Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
2014-05-20 18:38:06 -07:00
Jed Davis
3a308504da
Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
2014-05-20 18:37:53 -07:00
Jed Davis
3b103d307f
Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang
...
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h
Updated:
* base/basictypes.h
* base/macros.h
At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require. However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
2014-05-20 18:37:45 -07:00
Jed Davis
52cd05523d
Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang
2014-05-02 16:57:00 +02:00
Jed Davis
a52d5f0783
Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang
2014-04-17 16:23:23 -04:00
Jed Davis
738f39b679
Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang
2014-04-11 13:09:00 +02:00
Boris Zbarsky
46967823f5
Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE
2014-04-12 00:38:06 -04:00
Jed Davis
f8ce2f4279
Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang
2014-04-09 15:23:00 +02:00
Bob Owen
f5a4bd97f2
Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz
2014-04-08 16:25:18 +01:00
Jed Davis
ddc591c878
Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang
...
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
2014-03-28 17:58:26 -07:00
Makoto Kato
c0da567b5b
Bug 987888 - --enable-content-sandbox breaks 64-bit builds. r=dkeeler,r=mshal
2014-03-28 13:59:16 +09:00
Jed Davis
b939b580cf
Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang
2014-03-20 10:19:42 -04:00
Jed Davis
d06bc434b1
Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang
2014-03-20 10:19:42 -04:00
Jed Davis
893f056ba5
Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang
...
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
2014-03-20 10:19:42 -04:00
Jed Davis
a8a37995ce
Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang
2014-03-20 09:27:28 -04:00
Phil Ringnalda
8c19bde08b
Merge m-c to m-i
2014-03-15 12:32:04 -07:00
Kyle Huey
510a49016d
Bug 967364: Rename already_AddRefed::get to take. r=bsmedberg
2014-03-15 12:00:15 -07:00
Guillaume Destuynder
fc8cf73ff1
Bug 983518: Fix running B2G-1.4 on KitKat by whitelisting sigalstack in the sandbox. r=kang r=jld
2014-03-14 18:54:20 -07:00
Vicamo Yang
3bcd1c9eb8
Bug 944625 - B2G Emulator-x86: fix undeclared __NR_sendto, __NR_recvfrom. r=jld,kang
2014-03-13 13:44:43 +09:00
Jed Davis
f8d175ce14
Bug 977859 - Drop uid 0 in all content processes immediately after fork. r=bent r=kang
...
Now all regular child processes, including preallocated, are deprivileged.
Only Nuwa needs uid 0, because each of its children has a different uid/gid.
2014-03-12 15:48:15 -07:00
Jed Davis
685530a9a5
Bug 979686 - Fix the non-(ARM|x86|x86_64) desktop build. r=kang
2014-03-06 12:23:06 -08:00
Brian R. Bondy
6be742312e
Bug 941110 - Make the Windows sandbox code compile without the Win8 SDK. r=jimm
2014-03-06 12:53:24 -05:00
Jed Davis
cfaafc654d
Bug 946407 - Disable sandbox when DMDing. r=njn r=kang
...
See also bug 956961.
2014-03-04 18:27:14 -08:00
Ehsan Akhgari
bf09c6f469
Bug 976896 - Port STL_FLAGS to moz.build; r=mshal
2014-03-04 19:39:06 -05:00
Ryan VanderMeulen
b00f0ba8d9
Merge m-c to inbound.
2014-02-28 10:15:57 -05:00
Jed Davis
b8c81fc6e2
Bug 970676 - Turn on sandboxing on all relevant threads. r=dhylands r=bent f=kang
2014-02-27 13:18:01 -08:00
Ehsan Akhgari
87db9c0f0f
Bug 976898 - Move the sdkdecls.h force-include out of the build system; r=bbondy,glandium
2014-02-28 08:17:22 -05:00
Jed Davis
1467d9b632
Bug 971128 - Add sched_yield to seccomp whitelist. r=kang
2014-02-22 18:58:59 -08:00
Jed Davis
3027739852
Bug 970562 - Add sched_getscheduler to seccomp whitelist. r=kang
2014-02-22 18:58:59 -08:00
Brian R. Bondy
7563d524e8
Bug 974979 - Browser crashes after trying to restart a crashed e10s process. r=aklotz
2014-02-20 12:58:04 -05:00
Brian R. Bondy
842125950f
Bug 928061 - Enable separate Desktop in Windows sandbox policy. r=aklotz
2014-02-20 12:37:22 -05:00
Jed Davis
6549f56f18
Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang
...
This is a workaround for issues with the SCTP code (bug 969715) and
NSPR's IPv6 support (bug 936320).
2014-02-20 09:35:44 -05:00
Jed Davis
bd5a8731fc
Bug 966547 - Switch sipcc from named to anonymous sockets on Unix. r=jesup, r=kang
2014-02-20 09:35:26 -05:00
Jed Davis
cbefd9bed0
Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang
2014-02-19 15:55:42 -05:00
Ehsan Akhgari
c79e8f4c6e
Bug 973405 - Move some misc LOCAL_INCLUDES to moz.build; r=glandium
2014-02-18 08:49:12 -05:00
Ms2ger
6e066deaea
Bug 968856 - Move unconditional LOCAL_INCLUDES into moz.build; r=mshal
2014-02-15 21:24:59 +01:00
Brian R. Bondy
c4e16b9b50
Bug 969559 - Set delayed restricted integrity in child process to block off pipe and file access after LowerToken call. r=aklotz
2014-02-14 11:07:16 -05:00
Wes Kocher
ee5da0ab00
Merge m-c to inbound on a CLOSED TREE
2014-02-13 18:50:08 -08:00
Jed Davis
5ea5299c58
Bug 971370 - Fix seccomp whitelist errors caused by strace bug. r=kang
2014-02-13 09:47:16 -05:00
Guillaume Destuynder
cb244dcc84
bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld
2014-02-13 16:26:28 -08:00
Jed Davis
ebe6274bbf
Bug 945504 - Include JS stack in sandbox reporter logs. r=kang
2014-02-07 10:46:38 -05:00
Eric Rahm
c1dd0bb669
Bug 969126 - Fix sandbox build for b2g on OS X. r=kang
2014-02-06 16:11:53 -08:00
Jed Davis
230a08b7ab
Bug 945498 - Use breakpad to report seccomp violations as crashes. r=ted, r=kang
...
Upstream issue for breakpad patch: https://breakpad.appspot.com/1114003/
2014-02-05 13:29:51 -05:00
Brian R. Bondy
17c805b60e
Bug 961757 - Add the ability to include shim first for a buildable sandbox on Windows. r=glandium
...
--HG--
rename : security/sandbox/base/at_exit.cc => security/sandbox/chromium/base/at_exit.cc
rename : security/sandbox/base/at_exit.h => security/sandbox/chromium/base/at_exit.h
rename : security/sandbox/base/atomic_ref_count.h => security/sandbox/chromium/base/atomic_ref_count.h
rename : security/sandbox/base/atomic_sequence_num.h => security/sandbox/chromium/base/atomic_sequence_num.h
rename : security/sandbox/base/atomicops.h => security/sandbox/chromium/base/atomicops.h
rename : security/sandbox/base/atomicops_internals_tsan.h => security/sandbox/chromium/base/atomicops_internals_tsan.h
rename : security/sandbox/base/atomicops_internals_x86_gcc.h => security/sandbox/chromium/base/atomicops_internals_x86_gcc.h
rename : security/sandbox/base/atomicops_internals_x86_msvc.h => security/sandbox/chromium/base/atomicops_internals_x86_msvc.h
rename : security/sandbox/base/base_export.h => security/sandbox/chromium/base/base_export.h
rename : security/sandbox/base/base_paths.cc => security/sandbox/chromium/base/base_paths.cc
rename : security/sandbox/base/base_paths.h => security/sandbox/chromium/base/base_paths.h
rename : security/sandbox/base/base_paths_win.cc => security/sandbox/chromium/base/base_paths_win.cc
rename : security/sandbox/base/base_paths_win.h => security/sandbox/chromium/base/base_paths_win.h
rename : security/sandbox/base/base_switches.cc => security/sandbox/chromium/base/base_switches.cc
rename : security/sandbox/base/base_switches.h => security/sandbox/chromium/base/base_switches.h
rename : security/sandbox/base/basictypes.h => security/sandbox/chromium/base/basictypes.h
rename : security/sandbox/base/bind.h => security/sandbox/chromium/base/bind.h
rename : security/sandbox/base/bind_helpers.h => security/sandbox/chromium/base/bind_helpers.h
rename : security/sandbox/base/bind_internal.h => security/sandbox/chromium/base/bind_internal.h
rename : security/sandbox/base/bind_internal_win.h => security/sandbox/chromium/base/bind_internal_win.h
rename : security/sandbox/base/callback.h => security/sandbox/chromium/base/callback.h
rename : security/sandbox/base/callback_forward.h => security/sandbox/chromium/base/callback_forward.h
rename : security/sandbox/base/callback_internal.cc => security/sandbox/chromium/base/callback_internal.cc
rename : security/sandbox/base/callback_internal.h => security/sandbox/chromium/base/callback_internal.h
rename : security/sandbox/base/command_line.cc => security/sandbox/chromium/base/command_line.cc
rename : security/sandbox/base/command_line.h => security/sandbox/chromium/base/command_line.h
rename : security/sandbox/base/compiler_specific.h => security/sandbox/chromium/base/compiler_specific.h
rename : security/sandbox/base/containers/hash_tables.h => security/sandbox/chromium/base/containers/hash_tables.h
rename : security/sandbox/base/cpu.cc => security/sandbox/chromium/base/cpu.cc
rename : security/sandbox/base/cpu.h => security/sandbox/chromium/base/cpu.h
rename : security/sandbox/base/critical_closure.h => security/sandbox/chromium/base/critical_closure.h
rename : security/sandbox/base/debug/alias.cc => security/sandbox/chromium/base/debug/alias.cc
rename : security/sandbox/base/debug/alias.h => security/sandbox/chromium/base/debug/alias.h
rename : security/sandbox/base/debug/debugger.h => security/sandbox/chromium/base/debug/debugger.h
rename : security/sandbox/base/debug/leak_annotations.h => security/sandbox/chromium/base/debug/leak_annotations.h
rename : security/sandbox/base/debug/profiler.cc => security/sandbox/chromium/base/debug/profiler.cc
rename : security/sandbox/base/debug/profiler.h => security/sandbox/chromium/base/debug/profiler.h
rename : security/sandbox/base/environment.h => security/sandbox/chromium/base/environment.h
rename : security/sandbox/base/file_descriptor_posix.h => security/sandbox/chromium/base/file_descriptor_posix.h
rename : security/sandbox/base/file_util.cc => security/sandbox/chromium/base/file_util.cc
rename : security/sandbox/base/file_util.h => security/sandbox/chromium/base/file_util.h
rename : security/sandbox/base/file_util_win.cc => security/sandbox/chromium/base/file_util_win.cc
rename : security/sandbox/base/file_version_info.h => security/sandbox/chromium/base/file_version_info.h
rename : security/sandbox/base/file_version_info_win.h => security/sandbox/chromium/base/file_version_info_win.h
rename : security/sandbox/base/files/file_path.h => security/sandbox/chromium/base/files/file_path.h
rename : security/sandbox/base/float_util.h => security/sandbox/chromium/base/float_util.h
rename : security/sandbox/base/format_macros.h => security/sandbox/chromium/base/format_macros.h
rename : security/sandbox/base/guid.h => security/sandbox/chromium/base/guid.h
rename : security/sandbox/base/lazy_instance.cc => security/sandbox/chromium/base/lazy_instance.cc
rename : security/sandbox/base/lazy_instance.h => security/sandbox/chromium/base/lazy_instance.h
rename : security/sandbox/base/location.cc => security/sandbox/chromium/base/location.cc
rename : security/sandbox/base/location.h => security/sandbox/chromium/base/location.h
rename : security/sandbox/base/logging.cc => security/sandbox/chromium/base/logging.cc
rename : security/sandbox/base/logging.h => security/sandbox/chromium/base/logging.h
rename : security/sandbox/base/logging_win.cc => security/sandbox/chromium/base/logging_win.cc
rename : security/sandbox/base/logging_win.h => security/sandbox/chromium/base/logging_win.h
rename : security/sandbox/base/memory/aligned_memory.h => security/sandbox/chromium/base/memory/aligned_memory.h
rename : security/sandbox/base/memory/raw_scoped_refptr_mismatch_checker.h => security/sandbox/chromium/base/memory/raw_scoped_refptr_mismatch_checker.h
rename : security/sandbox/base/memory/ref_counted.cc => security/sandbox/chromium/base/memory/ref_counted.cc
rename : security/sandbox/base/memory/ref_counted.h => security/sandbox/chromium/base/memory/ref_counted.h
rename : security/sandbox/base/memory/scoped_ptr.h => security/sandbox/chromium/base/memory/scoped_ptr.h
rename : security/sandbox/base/memory/singleton.cc => security/sandbox/chromium/base/memory/singleton.cc
rename : security/sandbox/base/memory/singleton.h => security/sandbox/chromium/base/memory/singleton.h
rename : security/sandbox/base/memory/weak_ptr.h => security/sandbox/chromium/base/memory/weak_ptr.h
rename : security/sandbox/base/move.h => security/sandbox/chromium/base/move.h
rename : security/sandbox/base/observer_list.h => security/sandbox/chromium/base/observer_list.h
rename : security/sandbox/base/observer_list_threadsafe.h => security/sandbox/chromium/base/observer_list_threadsafe.h
rename : security/sandbox/base/os_compat_nacl.h => security/sandbox/chromium/base/os_compat_nacl.h
rename : security/sandbox/base/path_service.cc => security/sandbox/chromium/base/path_service.cc
rename : security/sandbox/base/path_service.h => security/sandbox/chromium/base/path_service.h
rename : security/sandbox/base/pending_task.h => security/sandbox/chromium/base/pending_task.h
rename : security/sandbox/base/platform_file.cc => security/sandbox/chromium/base/platform_file.cc
rename : security/sandbox/base/platform_file.h => security/sandbox/chromium/base/platform_file.h
rename : security/sandbox/base/port.h => security/sandbox/chromium/base/port.h
rename : security/sandbox/base/process/process_handle.h => security/sandbox/chromium/base/process/process_handle.h
rename : security/sandbox/base/profiler/alternate_timer.h => security/sandbox/chromium/base/profiler/alternate_timer.h
rename : security/sandbox/base/profiler/tracked_time.h => security/sandbox/chromium/base/profiler/tracked_time.h
rename : security/sandbox/base/rand_util.h => security/sandbox/chromium/base/rand_util.h
rename : security/sandbox/base/run_loop.h => security/sandbox/chromium/base/run_loop.h
rename : security/sandbox/base/scoped_clear_errno.h => security/sandbox/chromium/base/scoped_clear_errno.h
rename : security/sandbox/base/sequence_checker.h => security/sandbox/chromium/base/sequence_checker.h
rename : security/sandbox/base/sequence_checker_impl.h => security/sandbox/chromium/base/sequence_checker_impl.h
rename : security/sandbox/base/sequenced_task_runner.h => security/sandbox/chromium/base/sequenced_task_runner.h
rename : security/sandbox/base/sequenced_task_runner_helpers.h => security/sandbox/chromium/base/sequenced_task_runner_helpers.h
rename : security/sandbox/base/shim/base/gtest_prod_util.h => security/sandbox/chromium/base/shim/base/gtest_prod_util.h
rename : security/sandbox/base/shim/base/logging.cpp => security/sandbox/chromium/base/shim/base/logging.cpp
rename : security/sandbox/base/shim/base/strings/string_piece.h => security/sandbox/chromium/base/shim/base/strings/string_piece.h
rename : security/sandbox/base/shim/base/third_party/nspr/prtime.h => security/sandbox/chromium/base/shim/base/third_party/nspr/prtime.h
rename : security/sandbox/base/shim/base/third_party/nspr/prtypes.h => security/sandbox/chromium/base/shim/base/third_party/nspr/prtypes.h
rename : security/sandbox/base/shim/base/tracked_objects.h => security/sandbox/chromium/base/shim/base/tracked_objects.h
rename : security/sandbox/base/shim/sdkdecls.h => security/sandbox/chromium/base/shim/sdkdecls.h
rename : security/sandbox/base/single_thread_task_runner.h => security/sandbox/chromium/base/single_thread_task_runner.h
rename : security/sandbox/base/stl_util.h => security/sandbox/chromium/base/stl_util.h
rename : security/sandbox/base/strings/nullable_string16.cc => security/sandbox/chromium/base/strings/nullable_string16.cc
rename : security/sandbox/base/strings/nullable_string16.h => security/sandbox/chromium/base/strings/nullable_string16.h
rename : security/sandbox/base/strings/string16.h => security/sandbox/chromium/base/strings/string16.h
rename : security/sandbox/base/strings/string_number_conversions.cc => security/sandbox/chromium/base/strings/string_number_conversions.cc
rename : security/sandbox/base/strings/string_number_conversions.h => security/sandbox/chromium/base/strings/string_number_conversions.h
rename : security/sandbox/base/strings/string_piece.cc => security/sandbox/chromium/base/strings/string_piece.cc
rename : security/sandbox/base/strings/string_piece.h => security/sandbox/chromium/base/strings/string_piece.h
rename : security/sandbox/base/strings/string_util.h => security/sandbox/chromium/base/strings/string_util.h
rename : security/sandbox/base/strings/string_util_constants.cc => security/sandbox/chromium/base/strings/string_util_constants.cc
rename : security/sandbox/base/strings/string_util_stripped.cc => security/sandbox/chromium/base/strings/string_util_stripped.cc
rename : security/sandbox/base/strings/string_util_win.h => security/sandbox/chromium/base/strings/string_util_win.h
rename : security/sandbox/base/strings/stringprintf.cc => security/sandbox/chromium/base/strings/stringprintf.cc
rename : security/sandbox/base/strings/stringprintf.h => security/sandbox/chromium/base/strings/stringprintf.h
rename : security/sandbox/base/strings/utf_string_conversion_utils.cc => security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc
rename : security/sandbox/base/strings/utf_string_conversion_utils.h => security/sandbox/chromium/base/strings/utf_string_conversion_utils.h
rename : security/sandbox/base/strings/utf_string_conversions.cc => security/sandbox/chromium/base/strings/utf_string_conversions.cc
rename : security/sandbox/base/strings/utf_string_conversions.h => security/sandbox/chromium/base/strings/utf_string_conversions.h
rename : security/sandbox/base/synchronization/lock.cc => security/sandbox/chromium/base/synchronization/lock.cc
rename : security/sandbox/base/synchronization/lock.h => security/sandbox/chromium/base/synchronization/lock.h
rename : security/sandbox/base/synchronization/lock_impl.h => security/sandbox/chromium/base/synchronization/lock_impl.h
rename : security/sandbox/base/synchronization/lock_impl_win.cc => security/sandbox/chromium/base/synchronization/lock_impl_win.cc
rename : security/sandbox/base/sys_info.h => security/sandbox/chromium/base/sys_info.h
rename : security/sandbox/base/task_runner.h => security/sandbox/chromium/base/task_runner.h
rename : security/sandbox/base/template_util.h => security/sandbox/chromium/base/template_util.h
rename : security/sandbox/base/third_party/dmg_fp/LICENSE => security/sandbox/chromium/base/third_party/dmg_fp/LICENSE
rename : security/sandbox/base/third_party/dmg_fp/dmg_fp.h => security/sandbox/chromium/base/third_party/dmg_fp/dmg_fp.h
rename : security/sandbox/base/third_party/dmg_fp/dtoa.cc => security/sandbox/chromium/base/third_party/dmg_fp/dtoa.cc
rename : security/sandbox/base/third_party/dmg_fp/g_fmt.cc => security/sandbox/chromium/base/third_party/dmg_fp/g_fmt.cc
rename : security/sandbox/base/third_party/dynamic_annotations/LICENSE => security/sandbox/chromium/base/third_party/dynamic_annotations/LICENSE
rename : security/sandbox/base/third_party/dynamic_annotations/dynamic_annotations.h => security/sandbox/chromium/base/third_party/dynamic_annotations/dynamic_annotations.h
rename : security/sandbox/base/third_party/icu/LICENSE => security/sandbox/chromium/base/third_party/icu/LICENSE
rename : security/sandbox/base/third_party/icu/icu_utf.cc => security/sandbox/chromium/base/third_party/icu/icu_utf.cc
rename : security/sandbox/base/third_party/icu/icu_utf.h => security/sandbox/chromium/base/third_party/icu/icu_utf.h
rename : security/sandbox/base/thread_task_runner_handle.h => security/sandbox/chromium/base/thread_task_runner_handle.h
rename : security/sandbox/base/threading/platform_thread.h => security/sandbox/chromium/base/threading/platform_thread.h
rename : security/sandbox/base/threading/platform_thread_win.cc => security/sandbox/chromium/base/threading/platform_thread_win.cc
rename : security/sandbox/base/threading/sequenced_worker_pool.h => security/sandbox/chromium/base/threading/sequenced_worker_pool.h
rename : security/sandbox/base/threading/thread_checker_impl.h => security/sandbox/chromium/base/threading/thread_checker_impl.h
rename : security/sandbox/base/threading/thread_collision_warner.cc => security/sandbox/chromium/base/threading/thread_collision_warner.cc
rename : security/sandbox/base/threading/thread_collision_warner.h => security/sandbox/chromium/base/threading/thread_collision_warner.h
rename : security/sandbox/base/threading/thread_id_name_manager.cc => security/sandbox/chromium/base/threading/thread_id_name_manager.cc
rename : security/sandbox/base/threading/thread_id_name_manager.h => security/sandbox/chromium/base/threading/thread_id_name_manager.h
rename : security/sandbox/base/threading/thread_local.h => security/sandbox/chromium/base/threading/thread_local.h
rename : security/sandbox/base/threading/thread_local_storage.h => security/sandbox/chromium/base/threading/thread_local_storage.h
rename : security/sandbox/base/threading/thread_local_win.cc => security/sandbox/chromium/base/threading/thread_local_win.cc
rename : security/sandbox/base/threading/thread_restrictions.cc => security/sandbox/chromium/base/threading/thread_restrictions.cc
rename : security/sandbox/base/threading/thread_restrictions.h => security/sandbox/chromium/base/threading/thread_restrictions.h
rename : security/sandbox/base/time/time.cc => security/sandbox/chromium/base/time/time.cc
rename : security/sandbox/base/time/time.h => security/sandbox/chromium/base/time/time.h
rename : security/sandbox/base/time/time_win.cc => security/sandbox/chromium/base/time/time_win.cc
rename : security/sandbox/base/tracking_info.h => security/sandbox/chromium/base/tracking_info.h
rename : security/sandbox/base/tuple.h => security/sandbox/chromium/base/tuple.h
rename : security/sandbox/base/values.h => security/sandbox/chromium/base/values.h
rename : security/sandbox/base/version.h => security/sandbox/chromium/base/version.h
rename : security/sandbox/base/win/event_trace_provider.cc => security/sandbox/chromium/base/win/event_trace_provider.cc
rename : security/sandbox/base/win/event_trace_provider.h => security/sandbox/chromium/base/win/event_trace_provider.h
rename : security/sandbox/base/win/pe_image.cc => security/sandbox/chromium/base/win/pe_image.cc
rename : security/sandbox/base/win/pe_image.h => security/sandbox/chromium/base/win/pe_image.h
rename : security/sandbox/base/win/registry.cc => security/sandbox/chromium/base/win/registry.cc
rename : security/sandbox/base/win/registry.h => security/sandbox/chromium/base/win/registry.h
rename : security/sandbox/base/win/scoped_handle.cc => security/sandbox/chromium/base/win/scoped_handle.cc
rename : security/sandbox/base/win/scoped_handle.h => security/sandbox/chromium/base/win/scoped_handle.h
rename : security/sandbox/base/win/scoped_process_information.cc => security/sandbox/chromium/base/win/scoped_process_information.cc
rename : security/sandbox/base/win/scoped_process_information.h => security/sandbox/chromium/base/win/scoped_process_information.h
rename : security/sandbox/base/win/startup_information.cc => security/sandbox/chromium/base/win/startup_information.cc
rename : security/sandbox/base/win/startup_information.h => security/sandbox/chromium/base/win/startup_information.h
rename : security/sandbox/base/win/windows_version.cc => security/sandbox/chromium/base/win/windows_version.cc
rename : security/sandbox/base/win/windows_version.h => security/sandbox/chromium/base/win/windows_version.h
2014-01-28 15:19:22 -05:00
Jed Davis
bbc239ca00
Bug 964427 - Whitelist msync (asm.js cache) and sched_get_priority_m{in,ax} (webrtc). r=kang
2014-01-28 09:04:39 -05:00
Jed Davis
e233c87fdd
Bug 960365 - Whitelist uname for nsSystemInfo. r=kang
2014-01-21 15:48:00 -05:00
Jed Davis
81f5ace514
Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang
...
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.
Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
2014-01-10 08:22:58 -05:00
Ryan VanderMeulen
ca386608b9
Merge b2g-inbound to m-c.
2013-12-09 17:26:11 -05:00
Birunthan Mohanathas
759ab69b0a
Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo
...
--HG--
rename : mfbt/Util.h => mfbt/ArrayUtils.h
2013-12-08 21:52:54 -05:00
Vicamo Yang
02b63a0803
Bug 944625 - B2G Emulator-x86: fix undeclared __NR_socketpair, __NR_sendmsg. r=kang,jld
2013-12-09 21:02:54 +08:00
Jed Davis
d1ffa9058b
Bug 943774 - Allow sigaction when sandboxed, for the crash reporter. r=kang
2013-12-03 18:45:17 -05:00
Ms2ger
f56294acdb
Bug 937258 - Part a: Remove empty makefiles; r=gps
2013-11-28 15:25:40 +01:00
Mike Hommey
9245936f8b
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-27 22:55:07 +09:00
Mike Hommey
2b828323f2
Backout changeset 3fd4b546eed4 (bug 874266) and changeset a35d2e3a872f (bug 942043) for ASAN build bustage and Windows test bustage
...
--HG--
extra : amend_source : f20d09aeff1c8b5cbd0f1d24c7ce04e86f3aed1d
2013-11-28 14:24:05 +09:00
Mike Hommey
d210f8ff00
Bug 874266 - Move all DEFINES that can be moved to moz.build. r=mshal
2013-11-28 13:08:16 +09:00
Christoph Kerschbaumer
ad08ffe884
Bug 935111 - Enable seccomp-bpf for Linux. r=jld
2013-11-19 16:09:18 -08:00
Mike Hommey
a65383e1e9
Bug 939632 - Remove LIBRARY_NAME for leaf libraries. r=gps
...
Landing on a CLOSED TREE.
2013-11-19 11:50:54 +09:00
Mike Hommey
8ceb917350
Bug 939074 - Remove most LIBXUL_LIBRARY. rs=gps
2013-11-19 11:48:10 +09:00
Mike Hommey
b95448fc0b
Bug 914245 - Move FORCE_SHARED_LIB to moz.build. r=mshal
2013-11-19 11:47:45 +09:00
Mike Hommey
bb6779efe3
Bug 939044 - Remove most definitions of MODULE. r=mshal
2013-11-19 11:47:39 +09:00
Mike Hommey
d7b6f95761
Bug 935881 - Use FINAL_LIBRARY for all (fake) libraries that end up linked in a single other library. r=gps
2013-11-19 11:47:14 +09:00
Jed Davis
bdf5094b93
Bug 936163 - Fix profiling-specific sandbox whitelist for x86_64. r=kang
...
There is no sigaction, only rt_sigaction.
2013-11-08 13:30:05 -08:00
Jed Davis
7a807d7a56
Bug 936252 - Augment seccomp whitelist for b2g mochitests. r=kang
...
FormHistory invokes sqlite3, which calls fsync and geteuid.
A form test calls nsIFile's remove method, which uses lstat.
The crash reporter uses socketpair/sendmsg, to send a pipe back to the parent.
2013-11-11 09:11:43 -05:00
Jed Davis
5b0c9a29cf
Bug 936145 - Clean up architecture-specific parts of seccomp whitelist. r=kang
2013-11-08 15:31:20 -05:00
Brian R. Bondy
e6fe7374c3
Bug 935042 - Allow more than one process to be sandboxed from a single sandboxbroker. r=aklotz
2013-11-05 13:07:40 -05:00
Brian R. Bondy
2edaa77988
Bug 934445 - Fix Windows linking error in Release mode only when MOZ_CONTENT_SANDBOX is defined. r=aklotz
2013-11-04 15:35:03 -05:00
Brian R. Bondy
9b594b1851
Bug 925571 - Packaging for Sandboxing dll. r=bsmedberg
2013-10-30 16:58:56 -07:00
Brian R. Bondy
038d21bf1d
Bug 925571 - Initial Windows content process sandbox broker code. r=aklotz
2013-10-30 16:58:52 -07:00
Brian R. Bondy
b77c4127db
Bug 925571 - Build config for plugin_container windows sandboxing. r=bsmedberg
2013-10-30 16:58:45 -07:00
Brian R. Bondy
4d159c0649
Bug 922756 - Changes to import of Chromium sandbox so that it's buildable. r=aklotz
2013-10-28 14:54:46 -07:00
Brian R. Bondy
5763932590
Bug 922756 - Initial import of subset of Chromium sandbox. r=aklotz
2013-10-28 14:54:42 -07:00
Brian R. Bondy
f0bbd6b4f3
Bug 922756 - Build config for Chromium sandbox. r=bsmedberg
...
--HG--
rename : security/sandbox/LICENSE => security/sandbox/linux/LICENSE
rename : security/sandbox/Makefile.in => security/sandbox/linux/Makefile.in
rename : security/sandbox/Sandbox.cpp => security/sandbox/linux/Sandbox.cpp
rename : security/sandbox/Sandbox.h => security/sandbox/linux/Sandbox.h
rename : security/sandbox/android_arm_ucontext.h => security/sandbox/linux/android_arm_ucontext.h
rename : security/sandbox/android_i386_ucontext.h => security/sandbox/linux/android_i386_ucontext.h
rename : security/sandbox/android_ucontext.h => security/sandbox/linux/android_ucontext.h
rename : security/sandbox/arm_linux_syscalls.h => security/sandbox/linux/arm_linux_syscalls.h
rename : security/sandbox/linux_seccomp.h => security/sandbox/linux/linux_seccomp.h
rename : security/sandbox/linux_syscalls.h => security/sandbox/linux/linux_syscalls.h
rename : security/sandbox/moz.build => security/sandbox/linux/moz.build
rename : security/sandbox/seccomp_filter.h => security/sandbox/linux/seccomp_filter.h
rename : security/sandbox/x86_32_linux_syscalls.h => security/sandbox/linux/x86_32_linux_syscalls.h
rename : security/sandbox/x86_64_linux_syscalls.h => security/sandbox/linux/x86_64_linux_syscalls.h
2013-10-28 14:54:36 -07:00
Brian R. Bondy
66dccd9d5b
Bug 931429 - Fix PR_LOG compiling error for sandbox code on Linux. r=kang
2013-10-28 14:42:26 -07:00
Birunthan Mohanathas
5d748e0ca5
Bug 784739 - Switch from NULL to nullptr in security/; r=ehsan
2013-10-28 10:05:19 -04:00
Mike Hommey
1d566f7586
Bug 929905 - Consolidate sources in moz.build. r=gps
2013-10-25 08:23:05 +09:00
Brian O'Keefe
4c98f61956
Bug 928709 - Convert chromium-config.mk to mozbuild, r=mshal
2013-10-02 13:17:55 -04:00
Ms2ger
bfd2d90f89
Bug 908142 - Part b: Move FAIL_ON_WARNINGS to moz.build in security/sandbox/; r=gps
2013-10-20 09:25:19 +02:00
Jed Davis
fee032cd43
Bug 912822 - Enable sandbox logging on Android without setting NSPR_LOG_MODULES. r=kang
2013-10-06 15:15:50 -04:00
Jed Davis
f6ace5f553
Bug 919090 - Let content processes use sigaction and tgkill if profiling enabled. r=kang
2013-10-04 13:29:48 -04:00
Ms2ger
7ffcd856c2
Bug 900980 - Part a: Move unconditional assignments to EXPORT_LIBRARY to moz.build; rs=gps
2013-10-03 09:11:13 +02:00
David Keeler
10b7700647
bug 914716 - get seccomp-bpf sandboxing to compile on x86_64 r=kang
2013-09-25 11:14:34 -07:00
Vicamo Yang
e413395a3d
Bug 909658: B2G emulator-x86 has no __NR_{recv,msgget,semget}. r=kang
2013-09-11 00:23:35 +08:00
Jed Davis
d7d8d94afd
Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
...
Relatively harmless syscalls:
* dup, used by mozilla::ipc::Shmem
* getuid, for android::IPCThreadState, used in audio decode
* nanosleep, used by android::AudioTrack
Of potential concern:
* sched_setscheduler, used by audio threads in e.g. CubeVid
This might be restrictable somewhat by inspecting its arguments.
Of serious concern:
* unlink, as a workaround for bug 906996 (q.v.).
Note that we already allow open(), including for writing (temporary
files, /dev/genlock on qcom devices, probably more), so allowing unlink
won't make the situation much worse.
2013-09-06 09:13:59 -04:00
Mike Hommey
f1cf3b4238
Bug 912293 - Remove now redundant boilerplate from Makefile.in. r=gps
2013-09-05 09:01:46 +09:00
Brian O'Keefe
4f68eb9b02
Bug 875934 - Move LIBRARY_NAME to moz.build, batch 3; r=mshal
2013-08-15 09:02:09 -04:00
Jed Davis
845479d565
Bug 907002 - Add restart_syscall to seccomp whitelist. r=kang
2013-08-26 11:27:49 -04:00
Ms2ger
c3e345584c
Bug 883284 - Part f: Move LIBXUL_LIBRARY into moz.build (p-z); r=glandium
2013-08-22 08:56:01 +02:00
Guillaume Destuynder
100ce2c5f3
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=khuey, r=gerv, r=agal, r=dhylands, r=keeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00
Ms2ger
f9ca076cae
Backout changeset 9a57f0f347e3 for insufficient review.
2013-08-13 13:30:00 +02:00
Guillaume Destuynder
65326fc6cb
Bug 790923: Adds seccomp-bfp sandboxing support for B2G. r=agal, r=dhylands, r=dkeeler, r=imelven, a=kang.
2013-08-12 12:58:35 -07:00