Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod
authorJed Davis <jld@mozilla.com>
Wed, 27 Feb 2019 20:14:54 +0000
changeset 11174 fc030be80ea296961d2e96b3d7fa2c5124cd2c3f
parent 11173 b933f201af91ae7a19ba609ce60f65a6973c8403
child 11175 e7d6c94535993e84cb429dcddd5584521f6f9999
push id119
push userflodolo@mozilla.com
push dateThu, 28 Feb 2019 13:45:37 +0000
reviewersgcp, mjf, flod
bugs1506291, 1511560
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: 493b443954fe15f7b542ba14671f25e5f8531dff X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: 0ccb6406ff135639a179f81d4502ffac7cddcda6 X-Channel-Repo: releases/mozilla-release X-Channel-Revision: c2fca1944d8c54d01a5e2d7e13d965e4a6597307
--- a/toolkit/toolkit/about/aboutSupport.ftl
+++ b/toolkit/toolkit/about/aboutSupport.ftl
@@ -256,16 +256,18 @@ has-privileged-user-namespaces = User Na
 can-sandbox-content = Content Process Sandboxing
 can-sandbox-media = Media Plugin Sandboxing
 content-sandbox-level = Content Process Sandbox Level
 effective-content-sandbox-level = Effective Content Process Sandbox Level
 sandbox-proc-type-content = content
 sandbox-proc-type-file = file content
 sandbox-proc-type-media-plugin = media plugin
+sandbox-proc-type-data-decoder = data decoder
 launcher-process-status-0 = Enabled
 launcher-process-status-1 = Disabled due to failure
 launcher-process-status-2 = Disabled forcibly
 launcher-process-status-unknown = Unknown status
 # Variables
 # $remoteWindows (integer) - Number of remote windows
 # $totalWindows (integer) - Number of total windows