Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
authorMatthew Gregan <kinetik@flim.org>
Mon, 16 Oct 2017 14:54:46 +1300
changeset 386366 6a25d8a48554255bd8991850ae3d030077e7f7f0
parent 386365 3df6520e217f7bda8b6f30b979e30101e2e5ec39
child 386367 84ff58454e222ce067ec27f8841ba684934b7666
push id96233
push usermgregan@mozilla.com
push dateMon, 16 Oct 2017 20:59:36 +0000
treeherdermozilla-inbound@6a25d8a48554 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1408821
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -726,16 +726,18 @@ public:
                     kTtyIoctls == (FIOASYNC & kTypeMask),
                     "tty-related ioctls use the same type");
 
       Arg<unsigned long> request(1);
       auto shifted_type = request & kTypeMask;
 
       // Rust's stdlib seems to use FIOCLEX instead of equivalent fcntls.
       return If(request == FIOCLEX, Allow())
+        // Rust's stdlib also uses FIONBIO instead of equivalent fcntls.
+        .ElseIf(request == FIONBIO, Allow())
         // ffmpeg, and anything else that calls isatty(), will be told
         // that nothing is a typewriter:
         .ElseIf(request == TCGETS, Error(ENOTTY))
         // Allow anything that isn't a tty ioctl, for now; bug 1302711
         // will cover changing this to a default-deny policy.
         .ElseIf(shifted_type != kTtyIoctls, Allow())
         .Else(SandboxPolicyCommon::EvaluateSyscall(sysno));
     }