wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
176,630 Commits 1 Branch 166 Tags 1.2 GiB
c0ba169d45
Commit Graph

39 Commits

Author SHA1 Message Date
Jed Davis
c01f7753a7 Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang 
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
 2014-03-28 17:58:26 -07:00
Jed Davis
a0cc886e03 Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
d43d0dfdd4 Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
a66e7db1f0 Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang 
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
 2014-03-20 10:19:42 -04:00
Jed Davis
5252d839d5 Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang 2014-03-20 09:27:28 -04:00
Guillaume Destuynder
172cae7cca Bug 983518: Fix running B2G-1.4 on KitKat by whitelisting sigalstack in the sandbox. r=kang r=jld 2014-03-14 18:54:20 -07:00
Vicamo Yang
459e5b28cf Bug 944625 - B2G Emulator-x86: fix undeclared __NR_sendto, __NR_recvfrom. r=jld,kang 2014-03-13 13:44:43 +09:00
Jed Davis
8518d7e52b Bug 977859 - Drop uid 0 in all content processes immediately after fork. r=bent r=kang 
Now all regular child processes, including preallocated, are deprivileged.
Only Nuwa needs uid 0, because each of its children has a different uid/gid.
 2014-03-12 15:48:15 -07:00
Jed Davis
bd32e9135c Bug 979686 - Fix the non-(ARM|x86|x86_64) desktop build. r=kang 2014-03-06 12:23:06 -08:00
Jed Davis
f6ffcce7a8 Bug 946407 - Disable sandbox when DMDing. r=njn r=kang 
See also bug 956961.
 2014-03-04 18:27:14 -08:00
Jed Davis
cffac485ff Bug 970676 - Turn on sandboxing on all relevant threads. r=dhylands r=bent f=kang 2014-02-27 13:18:01 -08:00
Jed Davis
971a5e4c91 Bug 971128 - Add sched_yield to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Jed Davis
5fbea02293 Bug 970562 - Add sched_getscheduler to seccomp whitelist. r=kang 2014-02-22 18:58:59 -08:00
Jed Davis
b66661141a Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang 
This is a workaround for issues with the SCTP code (bug 969715) and
NSPR's IPv6 support (bug 936320).
 2014-02-20 09:35:44 -05:00
Jed Davis
bebcd8c470 Bug 966547 - Switch sipcc from named to anonymous sockets on Unix. r=jesup, r=kang 2014-02-20 09:35:26 -05:00
Jed Davis
3c6de73e43 Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang 2014-02-19 15:55:42 -05:00
Wes Kocher
cb9ae2a2b7 Merge m-c to inbound on a CLOSED TREE 2014-02-13 18:50:08 -08:00
Jed Davis
e0e22b713f Bug 971370 - Fix seccomp whitelist errors caused by strace bug. r=kang 2014-02-13 09:47:16 -05:00
Guillaume Destuynder
5b32db4f17 bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld 2014-02-13 16:26:28 -08:00
Jed Davis
7e6db2be33 Bug 945504 - Include JS stack in sandbox reporter logs. r=kang 2014-02-07 10:46:38 -05:00
Eric Rahm
f3b451f0fe Bug 969126 - Fix sandbox build for b2g on OS X. r=kang 2014-02-06 16:11:53 -08:00
Jed Davis
319cd8feae Bug 945498 - Use breakpad to report seccomp violations as crashes. r=ted, r=kang 
Upstream issue for breakpad patch: https://breakpad.appspot.com/1114003/
 2014-02-05 13:29:51 -05:00
Jed Davis
b84e184fac Bug 964427 - Whitelist msync (asm.js cache) and sched_get_priority_m{in,ax} (webrtc). r=kang 2014-01-28 09:04:39 -05:00
Jed Davis
7533caa9fa Bug 960365 - Whitelist uname for nsSystemInfo. r=kang 2014-01-21 15:48:00 -05:00
Jed Davis
66de476356 Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang 
The main goal is to have a message that unambiguously indicates a crash,
so mozharness can grep for it even if some of the details change later.

Also now includes the entire argument list; most syscalls don't use all
six, so the last few will be meaningless, but it can't hurt to log them.
 2014-01-10 08:22:58 -05:00
Ryan VanderMeulen
6428c27a28 Merge b2g-inbound to m-c. 2013-12-09 17:26:11 -05:00
Birunthan Mohanathas
58325c73be Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo 
--HG--
rename : mfbt/Util.h => mfbt/ArrayUtils.h
 2013-12-08 21:52:54 -05:00
Vicamo Yang
e6144af740 Bug 944625 - B2G Emulator-x86: fix undeclared __NR_socketpair, __NR_sendmsg. r=kang,jld 2013-12-09 21:02:54 +08:00
Jed Davis
20acfb65e6 Bug 943774 - Allow sigaction when sandboxed, for the crash reporter. r=kang 2013-12-03 18:45:17 -05:00
Ms2ger
554db665e5 Bug 937258 - Part a: Remove empty makefiles; r=gps 2013-11-28 15:25:40 +01:00
Christoph Kerschbaumer
2360074175 Bug 935111 - Enable seccomp-bpf for Linux. r=jld 2013-11-19 16:09:18 -08:00
Mike Hommey
931cb49886 Bug 939632 - Remove LIBRARY_NAME for leaf libraries. r=gps 
Landing on a CLOSED TREE.
 2013-11-19 11:50:54 +09:00
Mike Hommey
db9e5129bc Bug 939074 - Remove most LIBXUL_LIBRARY. rs=gps 2013-11-19 11:48:10 +09:00
Mike Hommey
f0d1cd1e10 Bug 939044 - Remove most definitions of MODULE. r=mshal 2013-11-19 11:47:39 +09:00
Mike Hommey
f81885e53b Bug 935881 - Use FINAL_LIBRARY for all (fake) libraries that end up linked in a single other library. r=gps 2013-11-19 11:47:14 +09:00
Jed Davis
0575f79039 Bug 936163 - Fix profiling-specific sandbox whitelist for x86_64. r=kang 
There is no sigaction, only rt_sigaction.
 2013-11-08 13:30:05 -08:00
Jed Davis
bf53218b36 Bug 936252 - Augment seccomp whitelist for b2g mochitests. r=kang 
FormHistory invokes sqlite3, which calls fsync and geteuid.
A form test calls nsIFile's remove method, which uses lstat.
The crash reporter uses socketpair/sendmsg, to send a pipe back to the parent.
 2013-11-11 09:11:43 -05:00
Jed Davis
8a6912c5a8 Bug 936145 - Clean up architecture-specific parts of seccomp whitelist. r=kang 2013-11-08 15:31:20 -05:00
Brian R. Bondy
d8605953fb Bug 922756 - Build config for Chromium sandbox. r=bsmedberg 
--HG--
rename : security/sandbox/LICENSE => security/sandbox/linux/LICENSE
rename : security/sandbox/Makefile.in => security/sandbox/linux/Makefile.in
rename : security/sandbox/Sandbox.cpp => security/sandbox/linux/Sandbox.cpp
rename : security/sandbox/Sandbox.h => security/sandbox/linux/Sandbox.h
rename : security/sandbox/android_arm_ucontext.h => security/sandbox/linux/android_arm_ucontext.h
rename : security/sandbox/android_i386_ucontext.h => security/sandbox/linux/android_i386_ucontext.h
rename : security/sandbox/android_ucontext.h => security/sandbox/linux/android_ucontext.h
rename : security/sandbox/arm_linux_syscalls.h => security/sandbox/linux/arm_linux_syscalls.h
rename : security/sandbox/linux_seccomp.h => security/sandbox/linux/linux_seccomp.h
rename : security/sandbox/linux_syscalls.h => security/sandbox/linux/linux_syscalls.h
rename : security/sandbox/moz.build => security/sandbox/linux/moz.build
rename : security/sandbox/seccomp_filter.h => security/sandbox/linux/seccomp_filter.h
rename : security/sandbox/x86_32_linux_syscalls.h => security/sandbox/linux/x86_32_linux_syscalls.h
rename : security/sandbox/x86_64_linux_syscalls.h => security/sandbox/linux/x86_64_linux_syscalls.h
 2013-10-28 14:54:36 -07:00