searching for reviewer(kang)
a96ed2b2a641978ef44f17c7f70676606e4bf7fe: Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
Jed Davis <jld@mozilla.com> - Thu, 22 Oct 2015 11:19:37 -0700 - rev 269009
Push 66992 by amccreight@mozilla.com at Thu, 22 Oct 2015 18:19:51 +0000
Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
004a93703fa8965085fb3b61930133ef0a584acb: Bug 930258 - Part 4: the PContent changes that connect the broker to its sandboxed client. r=kang r=billm
Jed Davis <jld@mozilla.com> - Wed, 07 Oct 2015 22:13:09 -0700 - rev 266707
Push 66268 by jedavis@mozilla.com at Thu, 08 Oct 2015 05:13:23 +0000
Bug 930258 - Part 4: the PContent changes that connect the broker to its sandboxed client. r=kang r=billm
c50fbae3d1a3bfd8c185db4634368c278a660b6d: Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang
Jed Davis <jld@mozilla.com> - Wed, 07 Oct 2015 22:13:08 -0700 - rev 266706
Push 66268 by jedavis@mozilla.com at Thu, 08 Oct 2015 05:13:23 +0000
Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang
f5e11173ec72ac5c700ea1e19fc9a87375bde41a: Bug 930258 - Part 2: seccomp-bpf integration. r=kang
Jed Davis <jld@mozilla.com> - Wed, 07 Oct 2015 22:13:08 -0700 - rev 266705
Push 66268 by jedavis@mozilla.com at Thu, 08 Oct 2015 05:13:23 +0000
Bug 930258 - Part 2: seccomp-bpf integration. r=kang
d4615c7b81773199a71de413efdc3d2fda103fac: Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj
Jed Davis <jld@mozilla.com> - Wed, 07 Oct 2015 22:13:08 -0700 - rev 266704
Push 66268 by jedavis@mozilla.com at Thu, 08 Oct 2015 05:13:23 +0000
Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj
06b3c63c39aa74bce1b83316b19d9920405c959b: Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang
Jed Davis <jld@mozilla.com> - Mon, 05 Oct 2015 09:21:39 -0700 - rev 266047
Push 66104 by jedavis@mozilla.com at Mon, 05 Oct 2015 16:21:50 +0000
Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang
10e3f62dc8a66c514fd1b3b42604cc5b7be8ebdc: Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
Jed Davis <jld@mozilla.com> - Fri, 28 Aug 2015 13:37:00 +0200 - rev 261668
Push 64804 by cbook@mozilla.com at Thu, 10 Sep 2015 07:24:32 +0000
Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
0d99e927527b2300dacfbc641e4af1249f46d604: Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
Jed Davis <jld@mozilla.com> - Fri, 28 Aug 2015 12:18:00 +0200 - rev 261667
Push 64804 by cbook@mozilla.com at Thu, 10 Sep 2015 07:24:32 +0000
Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang Bonus fix: don't start the chroot helper unless we're going to use it. For this to matter, you'd need a system with unprivileged user namespaces but no seccomp-bpf (or fake it with env vars) *and* to set media.gmp.insecure.allow, so this is more to set a good example for future changes to this code than for functional reasons.
d9a56e97c6b1a4184deaf3f9c7b8a8872bd7fd21: Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
Jed Davis <jld@mozilla.com> - Tue, 11 Aug 2015 16:30:00 -0400 - rev 257828
Push 63729 by ryanvm@gmail.com at Fri, 14 Aug 2015 13:42:22 +0000
Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
8e1b61112fbb126d25ca739fa99217230267fb50: Bug 1182565 - Disable sandboxing on Linux Thread Sanitizer builds. r=kang
Jed Davis <jld@mozilla.com> - Thu, 16 Jul 2015 11:53:00 -0400 - rev 253477
Push 62440 by ryanvm@gmail.com at Fri, 17 Jul 2015 14:56:59 +0000
Bug 1182565 - Disable sandboxing on Linux Thread Sanitizer builds. r=kang
fbf7aca43c3a79cabf6bc05adc80dc930cae43f3: Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
Jed Davis <jld@mozilla.com> - Mon, 13 Jul 2015 16:17:58 -0700 - rev 252646
Push 62199 by jedavis@mozilla.com at Mon, 13 Jul 2015 23:18:01 +0000
Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium This gives us a logging macro that's safe to use in async signal context (cf. bug 1046210, where we needed this and didn't have it). This patch also changes one of the format strings to work with SafeSPrintf's format string dialect; upstream would probably take a patch to handle those letters, but this is easier.
513d62fe75c9d136042f9ca85b017d3aad3cdc37: Bug 1176085 - Fix second/nanosecond confusion in Linux sandbox start error case. r=kang
Jed Davis <jld@mozilla.com> - Fri, 19 Jun 2015 14:26:44 -0700 - rev 249793
Push 61337 by kwierso@gmail.com at Fri, 19 Jun 2015 21:29:19 +0000
Bug 1176085 - Fix second/nanosecond confusion in Linux sandbox start error case. r=kang
6e2d23f31eebabd6264b27e5a96505e113394bed: Bug 1168555 - Work around Nuwa not always being single-threaded when a normal content process is. r=kang
Jed Davis <jld@mozilla.com> - Wed, 10 Jun 2015 13:38:00 -0400 - rev 248541
Push 60998 by ryanvm@gmail.com at Fri, 12 Jun 2015 14:06:23 +0000
Bug 1168555 - Work around Nuwa not always being single-threaded when a normal content process is. r=kang
6522add87d6bb4fa693c3089cc0c0e10ba77c301: Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang
Jed Davis <jld@mozilla.com> - Fri, 05 Jun 2015 15:17:40 -0700 - rev 247446
Push 60711 by jedavis@mozilla.com at Fri, 05 Jun 2015 22:17:57 +0000
Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang We can now keep the part of the policy implemented by upcalls to userspace in the same place as the part of the policy that's handled entirely in the kernel. This will become more useful in the future (e.g., bug 930258).
b3f98086e8cc3cbf7cd17d8336e2bce77c255252: Bug 1055310 - Step 2: Move SIGSYS handling to Chromium TrapRegistry. r=kang
Jed Davis <jld@mozilla.com> - Fri, 05 Jun 2015 15:17:35 -0700 - rev 247445
Push 60711 by jedavis@mozilla.com at Fri, 05 Jun 2015 22:17:57 +0000
Bug 1055310 - Step 2: Move SIGSYS handling to Chromium TrapRegistry. r=kang This is more complicated than I'd like it to be, because we don't have a good way to combine a specific trap function's knowledge that we want to get a crash dump with the SIGSYS handler's copy of the unprocessed signal info (which breakpad wants). The bpf_dsl interface requires a specific trap function type (via the TrapRegistry superclass), so even if we implement our own registry we can't change what's passed to it. Normally we could use thread-local storage to get around that, but it's not async signal safe. As a result there is an imperfect compromise: the trap function returns a failure with ENOSYS, Chromium's SIGSYS handler writes it into the context, our SIGSYS handler reads it back out and uses a copy of the original signal context for the crash dump. Other error codes (and returning ENOSYS via the seccomp-bpf policy itself) are handled normally.
32872aebf4abd375c974f1c752967de182680323: Bug 1055310 - Step 1: Convert seccomp-bpf policies to Chromium PolicyCompiler. r=kang
Jed Davis <jld@mozilla.com> - Fri, 05 Jun 2015 15:17:32 -0700 - rev 247444
Push 60711 by jedavis@mozilla.com at Fri, 05 Jun 2015 22:17:57 +0000
Bug 1055310 - Step 1: Convert seccomp-bpf policies to Chromium PolicyCompiler. r=kang This completely rewrites SandboxFilter.cpp and removes SandboxAssembler. System calls are now loosely grouped by what they do, now that order doesn't matter, and most of the intersection the content and media plugin whitelists is moved into a common superclass. Hopefully this improves the readability and comprehensibility of the syscall policies. Also, the macros that take the syscall name are gone, because a plain case label usually suffices now (the CASES_FOR_thing macros are a little unsightly, but they're relatively simple), and at one point we saw strange macro expansion issues with system header files that #define'd some syscall names. The signal handling is not migrated yet, so Trap() actions can't be used yet; the next patch will take care of that, and to keep the intermediate state working there's a minimal shim. Bonus fix: non-const global variables use the "g" prefix; "s" is for static class members and static variables in a function (where the default is to allocate a separate copy per instance/activation).
5f8235c2f2a3eb0ccd590ec90c7e3b1db25f7fac: Bug 1162965 - Use /dev/shm instead of /tmp for sandbox chroot if possible. r=kang
Jed Davis <jld@mozilla.com> - Thu, 14 May 2015 16:19:08 -0700 - rev 243944
Push 59801 by jedavis@mozilla.com at Thu, 14 May 2015 23:19:20 +0000
Bug 1162965 - Use /dev/shm instead of /tmp for sandbox chroot if possible. r=kang
acc410f0b28ca4affaed71fd1bfb0330a3c33072: Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
Jed Davis <jld@mozilla.com> - Fri, 10 Apr 2015 18:05:19 -0700 - rev 238631
Push 58289 by jedavis@mozilla.com at Sat, 11 Apr 2015 01:05:45 +0000
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang This needs more unit tests for the various pieces of what's going on here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but that's nontrivial due to needing a single-threaded process -- and currently they can't be run on Mozilla's CI anyway due to needing user namespaces, and local testing can just try using GMP and manually inspecting the child process. So that will be a followup.
9a186f904c5d4ed858f28ccb9129f501143991a1: Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
Jed Davis <jld@mozilla.com> - Fri, 10 Apr 2015 18:05:19 -0700 - rev 238630
Push 58289 by jedavis@mozilla.com at Sat, 11 Apr 2015 01:05:45 +0000
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang Using the equivalent of release assertions in the patch after this one is easier to justify if I can't come up with vaguely legitimate reasons why they might fail; this detects the ones I thought of.
4ed5d64f054ba283f8a47c698daa38c124c8bacc: Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
Jed Davis <jld@mozilla.com> - Fri, 10 Apr 2015 18:05:19 -0700 - rev 238629
Push 58289 by jedavis@mozilla.com at Sat, 11 Apr 2015 01:05:45 +0000
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent This means that B2G plugin-container must (dynamically) link against libmozsandbox in order to call into it before initializing Binder. (Desktop Linux plugin-container already contains the sandbox code.)
53a41684adcbca8801d9d208a2d3d42a2a8a11d4: Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
Jed Davis <jld@mozilla.com> - Fri, 10 Apr 2015 18:05:19 -0700 - rev 238628
Push 58289 by jedavis@mozilla.com at Sat, 11 Apr 2015 01:05:45 +0000
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
5aaf90d7a1e3e9f2dfe27d4f82e5938bb10bbd70: Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
Jed Davis <jld@mozilla.com> - Thu, 19 Mar 2015 11:57:00 -0400 - rev 235161
Push 57353 by kwierso@gmail.com at Mon, 23 Mar 2015 23:51:33 +0000
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
eece6a43d288b3f7bb85c3dd884258c321712d8f: Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
Jed Davis <jld@mozilla.com> - Wed, 18 Mar 2015 15:30:00 +0100 - rev 234404
Push 57122 by cbook@mozilla.com at Thu, 19 Mar 2015 08:00:41 +0000
Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
a648afebfadf15489dd2cdcc24e7daa13389ece1: Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang
Jed Davis <jld@mozilla.com> - Tue, 17 Mar 2015 22:50:00 +0100 - rev 234395
Push 57120 by cbook@mozilla.com at Thu, 19 Mar 2015 07:30:35 +0000
Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang See bug, and comment at top of SandboxInfo.cpp, for rationale. Bonus fix: reword comment about nested namespace limit; the exact limit is 33 (not counting the root) but doesn't particularly matter.
093b0a844c3b09d93d916d2812499d5a40f1f745: Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
Jed Davis <jld@mozilla.com> - Fri, 13 Mar 2015 13:47:56 -0700 - rev 233809
Push 56949 by cbook@mozilla.com at Mon, 16 Mar 2015 12:34:38 +0000
Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
46472d25b238433afc969e367b272aade51e61c4: Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
Jed Davis <jld@mozilla.com> - Fri, 13 Mar 2015 13:01:28 +0100 - rev 233478
Push 56861 by Ms2ger@gmail.com at Fri, 13 Mar 2015 12:02:00 +0000
Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
35ad2e5b036b9d141a0bbf71571b7b4936e23b7e: Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
Jed Davis <jld@mozilla.com> - Wed, 11 Mar 2015 12:39:00 +0100 - rev 233469
Push 56859 by cbook@mozilla.com at Fri, 13 Mar 2015 10:56:34 +0000
Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
65391f2d6659bc82076bdbfaa6e8e6ad0dccde08: Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused
Jed Davis <jld@mozilla.com> - Fri, 06 Mar 2015 13:59:00 -0500 - rev 232534
Push 56590 by ryanvm@gmail.com at Mon, 09 Mar 2015 14:25:15 +0000
Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused Currently, only user namespace support is detected. This is targeted at desktop, where (1) user namespace creation is effectively a prerequisite for unsharing any other namespace, and (2) any kernel with user namespace support almost certainly has all the others. Bonus fix: remove extra copy of sandbox flag key names in about:support; if JS property iteration order ever ceases to follow creation order, the table rows could be permuted, but this doesn't really matter.
dca901fa0641cf6b67dc4f5495b319efdb9365ca: Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
Jed Davis <jld@mozilla.com> - Sat, 07 Mar 2015 10:44:23 -0500 - rev 232398
Push 56539 by rjesup@wgate.com at Sat, 07 Mar 2015 15:45:03 +0000
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
0ffb57e3e9c9374ad83eb973bdde9365a80dc8a6: Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang
Jed Davis <jld@mozilla.com> - Wed, 10 Dec 2014 17:26:12 -0800 - rev 219133
Push 52740 by jedavis@mozilla.com at Thu, 11 Dec 2014 01:26:27 +0000
Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang
1e0944ec79a6a270e0d4ddb1ab20fb4631c9186d: Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang
Jed Davis <jld@mozilla.com> - Wed, 10 Dec 2014 17:26:12 -0800 - rev 219132
Push 52740 by jedavis@mozilla.com at Thu, 11 Dec 2014 01:26:27 +0000
Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang Also re-sorts some of the includes into something closer to the style guide.
e0f0ebdd1df58ab1b6dca2ae5bdc632fc1c4f465: Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang
Jed Davis <jld@mozilla.com> - Wed, 10 Dec 2014 17:26:12 -0800 - rev 219131
Push 52740 by jedavis@mozilla.com at Thu, 11 Dec 2014 01:26:27 +0000
Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang
a2ae4c0a26fe0ec5ddac93ec0c6c9642c4a3d321: Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang
Jed Davis <jld@mozilla.com> - Wed, 10 Dec 2014 17:26:12 -0800 - rev 219130
Push 52740 by jedavis@mozilla.com at Thu, 11 Dec 2014 01:26:27 +0000
Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang This reorganizes SandboxAssembler to stack up the policy rules and traverse them in reverse order to build the filter DAG from tail to head (i.e., starting with "deny all" and prepending allow and return-errno rules). Thus, this code will continue to work (perhaps with minor changes, such as to the NodePtr typedef) with future versions of the Chromium sandbox code that don't allow mutating the filter program with the JoinInstructions method.
d06d1a469bb1962807e29e036666e06c4f5670e5: Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium
Jed Davis <jld@mozilla.com> - Mon, 24 Nov 2014 15:22:13 -0800 - rev 217196
Push 52255 by jedavis@mozilla.com at Mon, 24 Nov 2014 23:23:03 +0000
Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium Specifically: * SandboxCrash() uses internal Gecko interfaces, so stays in libxul. * SandboxInfo moves to libxul from libmozsandbox, which no longer exists. * Where libxul calls Set*Sandbox(), it uses weak symbols. * Everything remains as it was on mobile.
0b3bfc3c27913e0be76dda67798865cf3c270f58: Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium
Jed Davis <jld@mozilla.com> - Mon, 24 Nov 2014 15:22:13 -0800 - rev 217195
Push 52255 by jedavis@mozilla.com at Mon, 24 Nov 2014 23:23:03 +0000
Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium This changes the interface so that the code which determines the flags can live in one place, but checking the flags doesn't need to call into another library. Also removes the no-op wrappers for Set*Sandbox when disabled at build time; nothing used them, one of them was unusable due to having the wrong type, and all they really accomplish is allowing sloppiness with ifdefs (which could hide actual mistakes).
09cbdbb68a5c9a35628d08293ba37523a5f996ba: Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj
Jed Davis <jld@mozilla.com> - Thu, 06 Nov 2014 13:11:00 +0100 - rev 214527
Push 51500 by cbook@mozilla.com at Fri, 07 Nov 2014 07:18:13 +0000
Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys will be added in the future (e.g., user namespaces). This also adds "canSandboxContent" and "canSandboxMedia", which are absent if the corresponding type of sandboxing isn't enabled at build type (or is disabled with environment variables), and otherwise present as a boolean indicating whether that type of sandboxing is supported. Currently this is always the same as hasSeccompBPF, but that could change in the future. Some changes have been made to the "mozilla/Sandbox.h" interface to support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
2881d59c61f243122b7c94deacee0140dd29f1ae: Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang
Jed Davis <jld@mozilla.com> - Thu, 06 Nov 2014 11:04:14 -0800 - rev 214415
Push 51482 by ryanvm@gmail.com at Thu, 06 Nov 2014 20:59:13 +0000
Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang
c2f036dd38b4adf30e260b2f91fbb6da4b551697: Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
Jed Davis <jld@mozilla.com> - Tue, 21 Oct 2014 11:18:00 +0200 - rev 212092
Push 50889 by cbook@mozilla.com at Fri, 24 Oct 2014 08:31:57 +0000
Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
6ab760222a4eff750b43417f1b13f950f653a63e: Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
Jed Davis <jld@mozilla.com> - Mon, 20 Oct 2014 12:29:25 -0700 - rev 211367
Push 50691 by kwierso@gmail.com at Tue, 21 Oct 2014 02:08:21 +0000
Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
11f1649bd31a1696dcf5fb27c0ca6badb0e446dd: Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
Jed Davis <jld@mozilla.com> - Thu, 16 Oct 2014 12:42:00 +0200 - rev 210838
Push 50569 by cbook@mozilla.com at Fri, 17 Oct 2014 09:10:09 +0000
Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
809b3ec41a5dbdcae1358b4be1d202203b548f29: Bug 1080077 - For sandbox failures with no crash reporter, log the C stack. r=kang
Jed Davis <jld@mozilla.com> - Mon, 13 Oct 2014 18:48:17 -0700 - rev 210186
Push 50379 by jedavis@mozilla.com at Tue, 14 Oct 2014 01:48:40 +0000
Bug 1080077 - For sandbox failures with no crash reporter, log the C stack. r=kang This is mostly for ASAN builds, which --disable-crash-reporter, but also fixes a related papercut: debug builds don't use the crash reporter unless overridden with an environment variable. Note: this is Linux-only, so NS_StackWalk is always part of the build; see also bug 1063455.
afeff2d265bdf1d9b27284de44b6185082691f91: Bug 1068410 - Convert remote crash dump to use pipe instead of socketpair in the child. r=kang r=ted
Jed Davis <jld@mozilla.com> - Fri, 03 Oct 2014 14:55:03 -0700 - rev 208769
Push 50000 by jedavis@mozilla.com at Fri, 03 Oct 2014 21:55:22 +0000
Bug 1068410 - Convert remote crash dump to use pipe instead of socketpair in the child. r=kang r=ted
f014f2bef4b793d5ae11c6f2598922e2b2b55109: Bug 1069700 - Fix recursive crash when non-content children violate sandbox policy. r=kang
Jed Davis <jld@mozilla.com> - Thu, 18 Sep 2014 18:17:00 -0400 - rev 206638
Push 49478 by ryanvm@gmail.com at Tue, 23 Sep 2014 12:58:47 +0000
Bug 1069700 - Fix recursive crash when non-content children violate sandbox policy. r=kang
ee14fb2a1053fff9b4a5cb5f0dd0486ddbe3ceb1: Bug 1054616 - Clean up logging-related shims for Linux sandboxing. r=kang
Jed Davis <jld@mozilla.com> - Tue, 26 Aug 2014 13:54:16 -0700 - rev 201712
Push 48242 by jedavis@mozilla.com at Tue, 26 Aug 2014 20:54:43 +0000
Bug 1054616 - Clean up logging-related shims for Linux sandboxing. r=kang
2f9d0821e08cdf73a7c6e32e9bc2ecf440960197: Bug 1041886 - Separate Linux sandbox code into its own shared library. r=kang r=glandium
Jed Davis <jld@mozilla.com> - Tue, 26 Aug 2014 13:54:09 -0700 - rev 201711
Push 48242 by jedavis@mozilla.com at Tue, 26 Aug 2014 20:54:43 +0000
Bug 1041886 - Separate Linux sandbox code into its own shared library. r=kang r=glandium This creates libmozsandbox.so on builds that use sandboxing (MOZ_CONTENT_SANDBOX or MOZ_GMP_SANDBOX). The unavoidably libxul-dependent parts, for invoking the crash reporter and printing the JS context, are separated into glue/SandboxCrash.cpp and invoked via a callback.
b3dcb5b33f780a0266be0c9261e297fe43e3b1a8: Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang
Jed Davis <jld@mozilla.com> - Tue, 26 Aug 2014 13:54:03 -0700 - rev 201710
Push 48242 by jedavis@mozilla.com at Tue, 26 Aug 2014 20:54:43 +0000
Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang
b6c34f278918a4a4ad7733b4859a3cb8832c316c: Bug 1009995 - Require seccomp-bpf on B2G devices based on Android >= KitKat. r=mwu r=kang
Jed Davis <jld@mozilla.com> - Fri, 15 Aug 2014 11:56:28 -0700 - rev 199964
Push 47775 by ryanvm@gmail.com at Sat, 16 Aug 2014 21:44:43 +0000
Bug 1009995 - Require seccomp-bpf on B2G devices based on Android >= KitKat. r=mwu r=kang
740e7cc973862f86e2a68b5908f3f22e0c663259: No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang
Jed Davis <jld@mozilla.com> - Thu, 14 Aug 2014 15:39:14 -0700 - rev 199619
Push 47694 by jedavis@mozilla.com at Thu, 14 Aug 2014 23:07:16 +0000
No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang
20dbe115d6285b6d618f7af8f0acd0a50413caeb: Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang
Jed Davis <jld@mozilla.com> - Tue, 12 Aug 2014 21:28:27 -0700 - rev 199179
Push 47584 by jedavis@mozilla.com at Wed, 13 Aug 2014 04:28:52 +0000
Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang Also refactors how sandbox support and disabling are handled, and allows simulating a lack of sandbox support with an env var (for testing without rebuilding a kernel).
36cf6a98d663a59eb03043e62527b120fc876e1d: Bug 1047620 - Fix sandboxing for B2G --disable-jemalloc builds. r=kang
Jed Davis <jld@mozilla.com> - Mon, 04 Aug 2014 15:11:33 -0700 - rev 197773
Push 47210 by jedavis@mozilla.com at Tue, 05 Aug 2014 01:37:35 +0000
Bug 1047620 - Fix sandboxing for B2G --disable-jemalloc builds. r=kang