security/sandbox/linux/SandboxFilter.cpp
26025c7f0d298872c5fe88739c9897254da6fc75
created 2016-12-06 12:38 -1000
pushed 2016-12-07 10:30 +0000
Jed Davis Jed Davis - Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd r=gcp
c021b68fc7dfbc9890e225db9d98e4763d7f08b6
created 2016-11-28 12:05 -0700
pushed 2016-11-30 20:53 +0000
Jed Davis Jed Davis - Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
15775247c226598e8b00a5229c4f2c20a35b2c3a
created 2016-10-25 20:43 +0200
pushed 2016-10-28 02:22 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld
61aed24ee7e7d856f0a3bee895dc85b443f69d91
created 2016-10-07 23:22 -0400
pushed 2016-10-08 23:47 +0000
Ryan VanderMeulen Ryan VanderMeulen - Merge m-c to autoland. a=merge
d3f56ee6993a1ec8e4529a583a93342b2cdf9c47
created 2016-10-07 22:07 +0200
pushed 2016-10-08 23:47 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 9887bfe1f8fa (bug 1308568) on request of its developer. r=backout
9887bfe1f8fa7a7ae5ce58a68acb5a1f6c3dccd0
created 2016-10-07 20:58 +0200
pushed 2016-10-08 23:47 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
099e8386665bce6331b79a9e0568075037f00b86
created 2016-10-07 22:09 +0200
pushed 2016-10-08 03:00 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
c838d2546cadd65bf8d5579db20a268c8b6e4b87
created 2016-10-06 13:25 +0200
pushed 2016-10-07 02:57 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Clean up stat/stat64 wrapper. Deal with non-default TMPDIR. r=jld
a79ec9afac7b7cbed2802c7ffa9db47313b1f445
created 2016-09-27 17:25 +0200
pushed 2016-10-07 02:57 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Extend sandbox file broker to handle paths, support more syscalls. r=jld,tedd
11a470398b1f22a7be23b4a02d42fcb3fbf343da
created 2016-09-26 16:10 -0400
pushed 2016-09-28 13:57 +0000
Jed Davis Jed Davis - Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp
17592aa0049962153db68fb10e4893b99116b8f2
created 2016-09-26 16:32 -0400
pushed 2016-09-28 13:57 +0000
Jed Davis Jed Davis - Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp
a46f0e32289bb8975eef7f87d14cbd71c9c10582
created 2016-09-06 08:57 +0100
pushed 2016-09-06 13:28 +0000
Bob Owen Bob Owen - Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld
0fab4436ad09df818b87d4dba3e11b15b5a804d9
created 2016-08-30 18:15 -0700
pushed 2016-08-31 13:53 +0000
Wes Kocher Wes Kocher - Merge m-c to autoland, a=merge
b8771e81cc6ee8c95ba3e6f251ca94a732eef5ad
created 2016-08-22 15:51 +0200
pushed 2016-08-31 13:53 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1295190 - Add sys_flock to seccomp whitelist. r=jld
1a6361b000fcb97f941e4091001e88be0e46927f
created 2016-08-30 16:59 +0200
pushed 2016-08-31 00:35 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd
7239d050d65fbc4dbe4387c59d07cd68649e35c3
created 2016-08-18 16:56 +0200
pushed 2016-08-23 14:01 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd
f416db46e66e9b89ecf3767f3a2b08f26504cabb
created 2016-08-08 14:59 -0700
pushed 2016-08-12 20:45 +0000
Jed Davis Jed Davis - Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
847bef59265f604cc2fca1aaf5d4b731afb20851
created 2016-08-01 13:10 +0200
pushed 2016-08-04 13:58 +0000
Jed Davis Jed Davis - Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
fa84c3fbfbad99169d6db2e47dd85b748a5bedff
created 2016-08-01 15:47 +0200
pushed 2016-08-04 13:58 +0000
Jed Davis Jed Davis - Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp
0143eed9088443d8b09238cab3dde6ab793be261
created 2016-08-01 15:44 +0200
pushed 2016-08-04 13:58 +0000
Jed Davis Jed Davis - Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd
eadaa06966fefa5ea284da51a8d58ef2423edf47
created 2016-08-01 08:49 +0100
pushed 2016-08-02 15:10 +0000
L. David Baron L. David Baron - Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector
e3f85c717e6578a66bb6f3a82d72ce609e33ed7c
created 2016-07-27 15:45 +0200
pushed 2016-07-29 09:56 +0000
Julian Hector Julian Hector - Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp
c941e8a139541661f1ca69c673959345e76f20bf
created 2016-07-25 19:37 +0200
pushed 2016-07-26 15:00 +0000
Julian Hector Julian Hector - Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp
7107f6c515422d297e25e9028f37d29efcbba0ec
created 2016-07-23 17:13 +0200
pushed 2016-07-26 15:00 +0000
Julian Hector Julian Hector - Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp
250943418f3a43c46de84797ad58a22f724caf58
created 2016-07-12 18:24 +0200
pushed 2016-07-22 09:58 +0000
Julian Hector Julian Hector - Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp
b83fcff9edd2e930eaf518d0a337eb53b75ec9f1
created 2016-07-20 06:36 +0200
pushed 2016-07-22 09:58 +0000
Julian Hector Julian Hector - Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
414ef1361cd25cbf734e413b08be9538de551229
created 2016-07-10 22:06 +0200
pushed 2016-07-21 14:25 +0000
Julian Hector Julian Hector - Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp
59d21113b4619c117c178b86ec8c7fd5d7fb5807
created 2016-07-15 17:57 +0200
pushed 2016-07-20 14:55 +0000
Julian Hector Julian Hector - Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp
4f3556a9addc454d21d1f874f270eddc8f41577e
created 2016-07-15 17:34 +0200
pushed 2016-07-20 09:21 +0000
Julian Hector Julian Hector - Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp
7b3f1cc706bdfc764bc7f4f808afc84c4c873c23
created 2016-07-14 15:00 -0400
pushed 2016-07-17 08:08 +0000
Jed Davis Jed Davis - Bug 1286324 - Make fork() non-fatal in Linux content sandbox. r=jhector
9e2b738c7966e0aea677de546a34f9764df2fdac
created 2016-07-13 01:18 +0200
pushed 2016-07-15 14:15 +0000
Julian Hector Julian Hector - Bug 1286413 - Add CASES_FOR_fchown and use it. r=gcp
5789d5804cae470433d96cd92f9f411af2400202
created 2016-07-14 13:51 +0200
pushed 2016-07-15 14:15 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber
9dc4452707f853444127bc272c77a9b3c168ebd1
created 2016-07-13 15:03 +0200
pushed 2016-07-15 14:15 +0000
Julian Hector Julian Hector - Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp
535e23baec4a471bb74a7035492bd93938d5967d
created 2016-07-13 01:18 +0200
pushed 2016-07-15 14:15 +0000
Julian Hector Julian Hector - Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp
dfd94f28c5734d3b404232b310b82617040cce9d
created 2016-07-12 04:42 +0200
pushed 2016-07-12 22:24 +0000
Julian Hector Julian Hector - Bug 1286033 - Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp
baf618eb5988a658afc6631b667c03e38e419d78
created 2016-07-11 18:51 +0200
pushed 2016-07-12 14:30 +0000
Julian Hector Julian Hector - Bug 1285946 - Add sys_readv to seccomp whitelist. r=gcp
7fc03ac81fa12c8adc427f69bef0068e2839507f
created 2016-07-11 19:38 +0200
pushed 2016-07-12 14:30 +0000
Julian Hector Julian Hector - Bug 1285827 - Add sys_link to seccomp whitelist. r=gcp
e9c1b7bf955f87d43ba755c5a80e720a2fae3693
created 2016-07-11 00:12 +0200
pushed 2016-07-12 14:30 +0000
Julian Hector Julian Hector - Bug 1285816 - Add sys_accept4 to seccomp whitelist. r=gcp
52763f9aca69d0df49368a8e0096ee7033034372
created 2016-07-11 19:32 +0200
pushed 2016-07-12 14:30 +0000
Julian Hector Julian Hector - Bug 1285771 - Add sys_mlock to seccomp whitelist. r=gcp
e82b92329a054213e85b31b31e70ed2797b08a36
created 2016-07-11 10:54 +0200
pushed 2016-07-11 14:21 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd
4b46c6dcd1ea8bc355da21bf19bf212a9a7842e0
created 2016-07-11 10:15 +0200
pushed 2016-07-11 14:21 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd
516786c7c7b8d74e4fda556c5edb6e96b20a09bd
created 2016-07-08 17:59 +0200
pushed 2016-07-11 14:21 +0000
Julian Hector Julian Hector - Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp
a22656e76df720def44b182a645f9ba78dc085d6
created 2016-07-08 17:12 +0200
pushed 2016-07-11 14:21 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector
279d7b204e96ae99bd010a730930310d174eaf32
created 2016-07-05 03:07 +0200
pushed 2016-07-07 09:41 +0000
Julian Hector Julian Hector - Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
bd4db3e235a49de1eaf59e67620220fc7b0ae702
created 2016-07-05 13:51 +0200
pushed 2016-07-06 00:04 +0000
Julian Hector Julian Hector - Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp
c71004cf2ebfe2f07b93ee08b1f9f553c35322d2
created 2016-07-05 12:25 +0200
pushed 2016-07-05 14:03 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts
3601419d2e4b21fe407226d648d5389559f44a20
created 2016-07-05 03:07 +0200
pushed 2016-07-05 14:03 +0000
Julian Hector Julian Hector - Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
35575b3633f7b9521a82b5a0dd20c372f79b1973
created 2016-06-08 19:05 +0200
pushed 2016-07-04 22:02 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
de210043730414a08997762d9b6311f6fc3c4a8c
created 2016-05-27 19:29 +0200
pushed 2016-06-10 13:39 +0000
Julian Hector Julian Hector - Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
0d08f7065337aa6f6ae5ddc9b0fe91a1f3dcbebb
created 2016-05-18 14:39 +0200
pushed 2016-06-09 09:58 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
31b951c44b4cd8e93c80156085f7cb9eac830dfc
created 2016-05-27 16:00 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
b34cd9c3b13978c37c4177dacd99b957bb887777
created 2016-05-27 15:58 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
25abbc9e62370b99ff495fee44c6145c38ae4656
created 2016-05-27 15:56 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
35b1dbb9edf92a8690bb846d4acb071334691ae9
created 2016-04-28 20:04 +0200
pushed 2016-04-29 21:57 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
6de13323959319062135667f52ddb4bf33bc3609
created 2016-04-21 15:59 +0200
pushed 2016-04-26 21:19 +0000
Julian Hector Julian Hector - Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
b26d5448b54c615588fec7e9f2142ecbf7360253
created 2016-04-13 12:41 +0000
pushed 2016-04-15 09:42 +0000
Julian Hector Julian Hector - Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld
66c438e0cb1f0c3aefe1bedd1862eb206b766920
created 2016-04-14 10:12 +0200
pushed 2016-04-15 09:42 +0000
Thomas Zimmermann Thomas Zimmermann - Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
b8fb2ac78142ad28d90a9cc9fbc590aac6824527
created 2016-04-12 16:12 +1200
pushed 2016-04-12 11:50 +0000
Chris Pearce Chris Pearce - Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
43a6c26b28aeda91f8e346fcf5f35966089f1b4c
created 2016-04-06 19:48 +0000
pushed 2016-04-07 20:42 +0000
Julian Hector Julian Hector - Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
a96ed2b2a641978ef44f17c7f70676606e4bf7fe
created 2015-10-22 11:19 -0700
pushed 2015-10-23 09:34 +0000
Jed Davis Jed Davis - Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
less more (0) -100 -60 tip