Bug 1378434 - Fixed comments in firefox.js about macOS content sandboxing; r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Wed, 05 Jul 2017 13:03:01 -0400
changeset 367418 3b94664811ab471a34b4903a810e2f6e5773e190
parent 367417 789ccac5e77dea00f2ff0f517f4795354164639b
child 367419 d1ed3af55efbd5dc0505f0daeb0fca27410125cc
push id45973
push userryanvm@gmail.com
push dateWed, 05 Jul 2017 18:09:51 +0000
treeherderautoland@3b94664811ab [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1378434
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1378434 - Fixed comments in firefox.js about macOS content sandboxing; r=haik MozReview-Commit-ID: 21E7GrreHKu
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1062,17 +1062,19 @@ pref("security.sandbox.gpu.level", 0);
 // This pref is discussed in bug 1083344, the naming is inspired from its
 // Windows counterpart, but on Mac it's an integer which means:
 // 0 -> "no sandbox" (nightly only)
 // 1 -> "preliminary content sandboxing enabled: write access to
 //       home directory is prevented"
 // 2 -> "preliminary content sandboxing enabled with profile protection:
 //       write access to home directory is prevented, read and write access
 //       to ~/Library and profile directories are prevented (excluding
-//       $PROFILE/{extensions,weave})"
+//       $PROFILE/{extensions,chrome})"
+// 3 -> "no global read/write access, read access permitted to
+//       $PROFILE/{extensions,chrome}"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
 #if defined(NIGHTLY_BUILD)
 pref("security.sandbox.content.level", 2);
 #else
 pref("security.sandbox.content.level", 1);
 #endif