This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys
will be added in the future (e.g., user namespaces).
This also adds "canSandboxContent" and "canSandboxMedia", which are
absent if the corresponding type of sandboxing isn't enabled at build
type (or is disabled with environment variables), and otherwise present
as a boolean indicating whether that type of sandboxing is supported.
Currently this is always the same as hasSeccompBPF, but that could change
in the future.
Some changes have been made to the "mozilla/Sandbox.h" interface to
support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment
variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.
Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.
Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
This fixes the download panel issue, and brings us revs 727721e5d8ac,
844b142d8111 and 236989b3a807 as a bonus. Remove the unmaintained
OpenBSD/amd64 specific versions.
Root() does not actually root JS things, so if some other class's Unlink() method ends
up calling the GC, whiteNodes will end up containing dead pointers. (This is safe right
now because the Unlink and Unroot methods do not do anything to JS things.) It is less
error prone to simply never store those pointers.
Also, add some asserts to enforce that we never call any of the white-object methods
for JS things.
If an Unlink() method ends up running JS, it can cause a GC, which will make us reenter the CC,
which will not do anything because we're already in a CC. Therefore, FinishAnyCurrentCollection()
won't finish the CC. This is safe because the CC only touches things it actually holds alive via
the Root() method.
On B2G, there are crashes very late in shutdown on content processes. On Windows XP,
there is an intermittent test failure. We work around both of these by calling exit(0)
during XPCOM shutdown prior to the points where these errors occur. This enables us to
land part 4, that stops us from crashing in content processes when the xpcom-shutdown
message is sent, and enables leak checking in content processes on Linux.
We build without UNICODE, so we end up calling the ANSI version
of the function, and then we would attempt to interpret the
resulting narrow char buffer as a wide char buffer.
