glibc 2.32 rseq support incompatible with Firefox sandbox
Florian Weimer
fweimer@redhat.com
Fri Jul 10 08:28:26 GMT 2020
* Carlos O'Donell:
> Florian,
>
> To test this I did temp Rawhide sync to master (-18) and so somewhere between
> commit c6aac3bf3663709cdefde5f5d5e9e875d607be5e and
> commit c363f834cfcbf5efa5449ef13f62233a6d5b9422 we break the OpenH264 decoding
> (I used a local Fedora Rawhide VM for testing on x86_64).
>
> I see this repeating with MOZ_SANDBOX_LOGGING=1:
> Sandbox: policy for /dev/shm/org.mozilla.ipc.4406.: 1 -> 47
> ... seccomp-bpf program ...
> ###!!! [Child][MessageChannel::SendAndWait] Error: Channel error: cannot send/recv
> Sandbox: EOF from pid 4232
>
> Which I don't see in Rawhide's -17 before I do the update (which includes the
> most recent 68 commits).
The OpenH264 plugin has its own, separate sandbox. Apparently it does
not use the additional system call list for the content sandbox.
What's your test procedure for the OpenH264 plugin?
Thanks,
Florian
More information about the Libc-alpha
mailing list