Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
authorJed Davis <jld@mozilla.com>
Sat, 07 Mar 2015 10:44:23 -0500
changeset 232398 dca901fa0641cf6b67dc4f5495b319efdb9365ca
parent 232397 cb7d748abbe8d518223927383c96e5d8dcbe26db
child 232399 cb1c692e89638fada258ff3539ad16d2e1ecc26b
push id56539
push userrjesup@wgate.com
push dateSat, 07 Mar 2015 15:45:03 +0000
treeherdermozilla-inbound@dca901fa0641 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang
bugs1140111
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -204,16 +204,17 @@ SandboxFilterImplContent::Build() {
   Allow(SYSCALL_LARGEFILE(fstat, fstat64));
   Allow(SYSCALL_LARGEFILE(stat, stat64));
   Allow(SYSCALL_LARGEFILE(lstat, lstat64));
   Allow(SYSCALL_LARGEFILE(newfstatat, fstatat64));
   Allow(SOCKETCALL(socketpair, SOCKETPAIR));
   Deny(EACCES, SOCKETCALL(socket, SOCKET));
   Allow(SYSCALL(open));
   Allow(SYSCALL(readlink)); /* Workaround for bug 964455 */
+  Allow(SYSCALL(readlinkat)); /* Workaround for bug 964455 */
   Allow(SYSCALL(prctl));
   Allow(SYSCALL(access));
   Allow(SYSCALL(unlink));
   Allow(SYSCALL(unlinkat));
   Allow(SYSCALL(fsync));
   Allow(SYSCALL(msync));
 
 #if defined(ANDROID) && !defined(MOZ_MEMORY)