security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
7de6e431f1ae32cacc2b5d4aea1c47bf7900c4c4
created 2019-03-31 15:12 +0000
pushed 2019-03-31 22:00 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
dc8935d7c0b10afc0401049936cc9d5f9fc5b003
created 2019-03-18 22:31 +0000
pushed 2019-03-19 22:11 +0000
Alex Gaynor Alex Gaynor - Bug 1375863 - fold MOZ_CONTENT_SANDBOX and MOZ_GMP_SANDBOX into MOZ_SANDBOX; r=jld,firefox-build-system-reviewers
493b443954fe15f7b542ba14671f25e5f8531dff
created 2019-02-27 20:14 +0000
pushed 2019-02-28 11:44 +0000
Jed Davis Jed Davis - Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod
bacaa3d582814d0a1ba3769de92e68a01d16a777
created 2019-02-27 15:23 +0000
pushed 2019-02-28 11:44 +0000
Jed Davis Jed Davis - Bug 1500297 - Fix Linux content sandbox level 1. r=gcp
5f4630838d46dd81dadb13220a4af0da9e23a619
created 2019-01-18 10:16 +0100
pushed 2019-01-18 09:19 +0000
Ehsan Akhgari Ehsan Akhgari - Bug 1521000 - Part 2: Adjust our clang-format rules to include spaces after the hash for nested preprocessor directives r=sylvestre
7725c317d72320510a3c792a60185179a4183632
created 2018-11-30 22:23 +0000
pushed 2018-12-01 05:58 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1507830 - When using Wayland, don't allow connections to the X server. r=jld
6f3709b3878117466168c40affa7bca0b60cf75b
created 2018-11-30 11:46 +0100
pushed 2018-11-30 15:15 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
8a34342120f17e0bca6336b9a7038f481d6b8588
created 2018-08-22 01:52 +0000
pushed 2018-08-22 16:33 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1480755 - Add support for new Mesa device probing. r=jld
02395f0e8074d8a4d6a0de6963574ba83bee9027
created 2018-07-31 10:41 -0600
pushed 2018-07-31 16:41 +0000
Jed Davis Jed Davis - Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=gcp
564e53c57905714866e727e649e79ea14cb808b3
created 2018-07-17 18:30 +0100
pushed 2018-07-20 21:51 +0000
Robert Bartlensky Robert Bartlensky - Bug 1476340: Fix DEAD_STORE errors in security/sandbox/linux/*. r=gcp
7793bcae69f6a0faea864b26a3de9b657b99bdcc
created 2018-04-23 07:59 -0600
pushed 2018-04-23 16:42 +0000
jld jld - Backed out 2 changesets (bug 1439057, bug 1447867)
baeab3bff80799a6b1747fb0eef6f556410ce2e6
created 2018-04-12 23:48 -0600
pushed 2018-04-20 09:16 +0000
Jed Davis Jed Davis - Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=froydnj,gcp
6b6efca52e56ef7a616a480168c066802e9d75c7
created 2018-03-29 14:04 +0200
pushed 2018-04-04 18:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1434711 - WebGL causes a crash with the AMDGPU-PRO video driver. r=jld
792ab44dd9ec02732ae1d964c1726967e05b598f
created 2018-03-09 19:31 -0700
pushed 2018-03-10 02:31 +0000
Jed Davis Jed Davis - Bug 1440206 - Allow brokered access to a subset of connect() in the Linux content sandbox. r=gcp
556c4caabc61fc81b194471a5a1931e386c78cc8
created 2017-11-03 13:18 +0100
pushed 2018-02-01 14:24 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik
773543190318862160daf7e5f23a66b514318c64
created 2017-10-26 17:50 +0200
pushed 2018-02-01 14:24 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
6c3adb8e7433a7e0c8a9c7173a758a62e044621c
created 2017-10-26 18:57 +0200
pushed 2018-02-01 14:24 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
f99d9f55dbaac6473f7988c4fad3b6739ee9ad3e
created 2018-01-09 16:29 +0100
pushed 2018-02-01 14:24 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=jld
af41b725ff915e0bca46a43175fc20c8a0785b86
created 2018-01-23 22:37 -0700
pushed 2018-01-24 05:39 +0000
Jed Davis Jed Davis - Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp
c2836d5bc6bc2daef4c7fb2d6507730992bd3d97
created 2018-01-23 22:37 -0700
pushed 2018-01-24 05:39 +0000
Jed Davis Jed Davis - Bug 1386019 - Remove PulseAudio-specific sandbox broker rules when remoting audio. r=gcp
fc577ae44921c821b122c4d290e1fa0fc6899ef6
created 2018-01-10 14:08 +0200
pushed 2018-01-10 22:05 +0000
Csoregi Natalia Csoregi Natalia - Backed out 6 changesets (bug 1386404) for failing /webdriver/test/ tests on Linux. r=backout on a CLOSED TREE
8dca7ef74c4a153c95b0577a9dfdadc7b709af57
created 2017-11-03 13:18 +0100
pushed 2018-01-10 22:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik
2c007d385ce4c1277240945d6f6f0e89a1e3584c
created 2017-10-26 17:50 +0200
pushed 2018-01-10 22:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
fbe717b9a66443bdefa742be1875fa58de04a309
created 2017-10-26 18:57 +0200
pushed 2018-01-10 22:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
14f1fbe5263af6decbe78afd47e13030ea6aae5e
created 2018-01-09 16:29 +0100
pushed 2018-01-10 22:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik,jld
0dc0af730b77e5e15f8d40b9577021d35588a8b0
created 2017-11-17 15:23 +0100
pushed 2017-11-18 10:12 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
b9124906c30d9568620362f98193f0891b8a7d8a
created 2017-11-17 15:45 +0100
pushed 2017-11-18 10:12 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
993f57169829ffce97249fba7e02787e723dd8a9
created 2017-06-01 10:38 -0400
pushed 2017-11-11 10:04 +0000
Alex Gaynor Alex Gaynor - Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
1be6d94e801583f8c38964a90d6130741decab17
created 2017-11-10 19:23 +0200
pushed 2017-11-10 21:14 +0000
shindli shindli - Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE
00edc1ac58f9e9eb7c2773013b95a6a87d1fcc3e
created 2017-06-01 10:38 -0400
pushed 2017-11-10 21:14 +0000
Alex Gaynor Alex Gaynor - Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
1aa6d3251c7039e8b0e8c94374ddde3f886b40eb
created 2017-11-03 20:28 +0100
pushed 2017-11-04 10:03 +0000
Sebastian Hengst Sebastian Hengst - Backed out 6 changesets (bug 1386404) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE
c80acdea24c1c7954c4560c05d4625776ac09134
created 2017-11-03 13:18 +0100
pushed 2017-11-04 10:03 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik
eac6eb517096e96693a19504843a81adea9af0af
created 2017-10-26 17:50 +0200
pushed 2017-11-04 10:03 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
802a00ea50e785d2fccce7d3035b84dcdfa6cadb
created 2017-10-26 18:57 +0200
pushed 2017-11-04 10:03 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
d7f697bac6efc9a3c64d76137eb653aab9601b8b
created 2017-10-12 11:18 +0200
pushed 2017-11-04 10:03 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
27a4ccb808ea959aba8837a13ef89bcfffd19598
created 2017-10-30 19:10 +0100
pushed 2017-10-30 23:02 +0000
Sebastian Hengst Sebastian Hengst - Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
b136f90dc49f8c34b44246d8e3e4916bc5c5c24a
created 2017-10-26 17:50 +0200
pushed 2017-10-30 23:02 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
4600c2d575f9fdd3168942edde1bc01d2874c460
created 2017-10-26 18:57 +0200
pushed 2017-10-30 23:02 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
c2c40e4d9815fb3ab65543071a2d891dcd142bc9
created 2017-10-12 11:18 +0200
pushed 2017-10-30 23:02 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
67487a0a224b6ca0a487d4ad517927fc4a993157
created 2017-10-06 12:35 +0200
pushed 2017-10-12 10:04 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld
656e8186307b112ec71e081031f29da1cdf7cfb7
created 2017-10-09 09:29 +0200
pushed 2017-10-09 21:58 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp
9fc84ba52f31cb8640dd3077585fdd8fc53f7385
created 2017-10-05 18:10 -0600
pushed 2017-10-07 08:58 +0000
Jed Davis Jed Davis - Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp
2e2d6d3b8421f843ba7eba79658fe2367426acae
created 2017-10-04 10:50 -0700
pushed 2017-10-07 08:58 +0000
Haik Aftandilian Haik Aftandilian - Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
531f3dcfbbfc4d7d6f36c0489ded0af79e7a13b8
created 2017-10-05 00:20 +0200
pushed 2017-10-05 09:47 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 1ba3220d84fa (bug 1393805)
1ba3220d84fa149de42ea996dac0472292069538
created 2017-10-04 10:50 -0700
pushed 2017-10-05 09:47 +0000
Haik Aftandilian Haik Aftandilian - Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
e5c54805bcc18f3c700d2e4703c4e25a63fb396a
created 2017-10-03 20:35 -0600
pushed 2017-10-05 09:47 +0000
Jed Davis Jed Davis - Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp
d07bcfc779eed06b8f521b630841f18070ec6a74
created 2017-09-28 16:19 +0200
pushed 2017-10-02 17:08 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld
d095506bd1d678c5a004ce12510707186f86963b
created 2017-09-19 19:54 -0600
pushed 2017-09-22 00:04 +0000
Jed Davis Jed Davis - Bug 1396542 - Let sandboxed content processes read /var/lib/dbus/machine-id. r=gcp
d5dc76a1482891edaced2f77d2ee86d58b55b29c
created 2017-09-13 15:55 +0200
pushed 2017-09-14 22:20 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r=jld
ec5526fce679a088d91baf146d3d9507253dd3e7
created 2017-09-13 13:41 +0200
pushed 2017-09-14 14:52 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r=jld
4ffacd080dc6030453c08549f8c65a94fccb94be
created 2017-08-24 15:02 -0600
pushed 2017-08-24 21:03 +0000
Jed Davis Jed Davis - Backed out 3 changesets (bug 1380701, bug 1384804)
7894c44fbcb6407831a809608d23a24d2c42f0bf
created 2017-08-10 19:02 -0600
pushed 2017-08-22 00:11 +0000
Jed Davis Jed Davis - Bug 1384986 - Adjust sandbox policy for dconf's `mkdir -p` behavior. r=gcp
2f541b1c207d17b998596bc807672a8e956b5adb
created 2017-08-10 21:38 -0600
pushed 2017-08-22 00:11 +0000
Jed Davis Jed Davis - Bug 1384986 - Prevent sandbox file broker rules from removing rights granted by more general rules. r=gcp
0d0513f1bb4537c86577c9b05fd9e786efe03204
created 2017-08-17 17:53 +0200
pushed 2017-08-18 23:29 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1387742 - Whitelist default dynamic linker paths, including /lib64. r=jld
afdd35ed8902c1a6d670a56996673e91e30979f7
created 2017-08-17 16:59 +0200
pushed 2017-08-18 23:29 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld
babbce26f79b577209f11e953e1332baff93dea3
created 2017-08-08 16:17 -0600
pushed 2017-08-08 22:18 +0000
Jed Davis Jed Davis - Bug 1388545 - Fix PulseAudio breakage caused by read restrictions. r=gcp
0dd9cbe575fe8d630c0c7f974d4a7f780b6c6061
created 2017-08-03 12:31 +0200
pushed 2017-08-07 22:26 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld
55b494574257d233fe1fac3a25049777b8e96ac2
created 2017-08-04 09:48 +0200
pushed 2017-08-07 22:26 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385891 - Whitelist things in the extension dir, not just the dir itself. r=jld
9724d06abb63a43d0d775ce1d1871247e6a51b3c
created 2017-08-02 12:02 +0200
pushed 2017-08-04 01:13 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385715 - Add support for WebGL on NVIDIA PRIME. r=jld
9a01a7a8bb4ed0b568b34dbed9bf2ede5577f274
created 2017-08-02 11:51 +0200
pushed 2017-08-04 01:13 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385253 - Whitelist main NixOS data store directory. r=jld
less more (0) -60 tip