security/sandbox/linux/SandboxFilter.cpp
35575b3633f7b9521a82b5a0dd20c372f79b1973
created 2016-06-08 19:05 +0200
pushed 2016-07-04 22:02 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
de210043730414a08997762d9b6311f6fc3c4a8c
created 2016-05-27 19:29 +0200
pushed 2016-06-10 13:39 +0000
Julian Hector Julian Hector - Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
0d08f7065337aa6f6ae5ddc9b0fe91a1f3dcbebb
created 2016-05-18 14:39 +0200
pushed 2016-06-09 09:58 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
31b951c44b4cd8e93c80156085f7cb9eac830dfc
created 2016-05-27 16:00 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
b34cd9c3b13978c37c4177dacd99b957bb887777
created 2016-05-27 15:58 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
25abbc9e62370b99ff495fee44c6145c38ae4656
created 2016-05-27 15:56 +0200
pushed 2016-06-06 09:56 +0000
Julian Hector Julian Hector - Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
35b1dbb9edf92a8690bb846d4acb071334691ae9
created 2016-04-28 20:04 +0200
pushed 2016-04-29 21:57 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
6de13323959319062135667f52ddb4bf33bc3609
created 2016-04-21 15:59 +0200
pushed 2016-04-26 21:19 +0000
Julian Hector Julian Hector - Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
b26d5448b54c615588fec7e9f2142ecbf7360253
created 2016-04-13 12:41 +0000
pushed 2016-04-15 09:42 +0000
Julian Hector Julian Hector - Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld
66c438e0cb1f0c3aefe1bedd1862eb206b766920
created 2016-04-14 10:12 +0200
pushed 2016-04-15 09:42 +0000
Thomas Zimmermann Thomas Zimmermann - Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
b8fb2ac78142ad28d90a9cc9fbc590aac6824527
created 2016-04-12 16:12 +1200
pushed 2016-04-12 11:50 +0000
Chris Pearce Chris Pearce - Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
43a6c26b28aeda91f8e346fcf5f35966089f1b4c
created 2016-04-06 19:48 +0000
pushed 2016-04-07 20:42 +0000
Julian Hector Julian Hector - Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
a96ed2b2a641978ef44f17c7f70676606e4bf7fe
created 2015-10-22 11:19 -0700
pushed 2015-10-23 09:34 +0000
Jed Davis Jed Davis - Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang
f5e11173ec72ac5c700ea1e19fc9a87375bde41a
created 2015-10-07 22:13 -0700
pushed 2015-10-08 13:27 +0000
Jed Davis Jed Davis - Bug 930258 - Part 2: seccomp-bpf integration. r=kang
2fb5a54331e35ec6fe1687a9cb9a1dcbc51d325a
created 2015-07-09 12:09 +0200
pushed 2015-07-21 14:57 +0000
Jed Davis Jed Davis - Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium
201c980cabe7cc195dd9c1dddcd70fe73f1408b5
created 2015-07-13 16:51 -0700
pushed 2015-07-14 10:23 +0000
Wes Kocher Wes Kocher - Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE
fbf7aca43c3a79cabf6bc05adc80dc930cae43f3
created 2015-07-13 16:17 -0700
pushed 2015-07-14 10:23 +0000
Jed Davis Jed Davis - Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
6522add87d6bb4fa693c3089cc0c0e10ba77c301
created 2015-06-05 15:17 -0700
pushed 2015-06-08 09:58 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang
b3f98086e8cc3cbf7cd17d8336e2bce77c255252
created 2015-06-05 15:17 -0700
pushed 2015-06-08 09:58 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 2: Move SIGSYS handling to Chromium TrapRegistry. r=kang
32872aebf4abd375c974f1c752967de182680323
created 2015-06-05 15:17 -0700
pushed 2015-06-08 09:58 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 1: Convert seccomp-bpf policies to Chromium PolicyCompiler. r=kang
7f5abc27fd5366c596a98b6b06169542b89dccb9
created 2015-03-23 16:51 -0700
pushed 2015-03-24 15:35 +0000
Wes Kocher Wes Kocher - Merge m-c to inbound a=merge CLOSED TREE
906d30061f7652f451f79a823e3c1cc29f721778
created 2015-03-24 10:56 +1300
pushed 2015-03-24 15:35 +0000
Edwin Flores Edwin Flores - Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld
84b52c0b3bd16213a0a634b1d1037ccaeeadf367
created 2015-03-24 10:53 +1300
pushed 2015-03-24 15:35 +0000
Edwin Flores Edwin Flores - Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me
d2918bcf0d90059ca3145a19b705658af0fa4434
created 2015-03-24 09:55 +1300
pushed 2015-03-24 15:35 +0000
Edwin Flores Edwin Flores - Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld
5aaf90d7a1e3e9f2dfe27d4f82e5938bb10bbd70
created 2015-03-19 11:57 -0400
pushed 2015-03-23 23:48 +0000
Jed Davis Jed Davis - Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
ac4464790ec4896a5188fa50cfc69ae0ffeddc08
created 2015-03-21 12:28 -0400
pushed 2015-03-22 20:58 +0000
Ehsan Akhgari Ehsan Akhgari - Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
eece6a43d288b3f7bb85c3dd884258c321712d8f
created 2015-03-18 15:30 +0100
pushed 2015-03-20 02:15 +0000
Jed Davis Jed Davis - Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
093b0a844c3b09d93d916d2812499d5a40f1f745
created 2015-03-13 13:47 -0700
pushed 2015-03-17 10:46 +0000
Jed Davis Jed Davis - Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
35ad2e5b036b9d141a0bbf71571b7b4936e23b7e
created 2015-03-11 12:39 +0100
pushed 2015-03-13 19:52 +0000
Jed Davis Jed Davis - Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
dca901fa0641cf6b67dc4f5495b319efdb9365ca
created 2015-03-07 10:44 -0500
pushed 2015-03-08 20:22 +0000
Jed Davis Jed Davis - Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
128980c4abde25f05950187b41e317dea5e52782
created 2015-02-20 12:16 +0100
pushed 2015-02-24 23:13 +0000
Jed Davis Jed Davis - Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
3928ee1b0381453833c00fbe1e1b72a26143f13a
created 2015-01-11 11:34 +0900
pushed 2015-01-12 10:44 +0000
Masatoshi Kimura Masatoshi Kimura - Bug 1120062 - Part 1: Remove most Nullptr.h includes. r=waldo
ff45d829cf6b0664727921dd4665db9a925cc407
created 2014-11-21 01:07 +0800
pushed 2014-12-18 01:24 +0000
Kai-Zhen Li Kai-Zhen Li - bug 1102277 - Update seccomp filter for newer bionic. r=jld
1e0944ec79a6a270e0d4ddb1ab20fb4631c9186d
created 2014-12-10 17:26 -0800
pushed 2014-12-12 01:30 +0000
Jed Davis Jed Davis - Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang
a2ae4c0a26fe0ec5ddac93ec0c6c9642c4a3d321
created 2014-12-10 17:26 -0800
pushed 2014-12-12 01:30 +0000
Jed Davis Jed Davis - Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang
92bd6caa14da1311e5fb40b0f05681cc36adab40
created 2014-12-02 17:10 -0500
pushed 2014-12-08 20:33 +0000
Jay Wang Jay Wang - Bug 1105452 - Need to use new Audio system APIs for audio offload playback. r=roc, r=jld, r=ggrisco
c2f036dd38b4adf30e260b2f91fbb6da4b551697
created 2014-10-21 11:18 +0200
pushed 2014-10-24 13:48 +0000
Jed Davis Jed Davis - Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
6ab760222a4eff750b43417f1b13f950f653a63e
created 2014-10-20 12:29 -0700
pushed 2014-10-21 01:15 +0000
Jed Davis Jed Davis - Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
11f1649bd31a1696dcf5fb27c0ca6badb0e446dd
created 2014-10-16 12:42 +0200
pushed 2014-10-20 12:40 +0000
Jed Davis Jed Davis - Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
afeff2d265bdf1d9b27284de44b6185082691f91
created 2014-10-03 14:55 -0700
pushed 2014-10-05 16:35 +0000
Jed Davis Jed Davis - Bug 1068410 - Convert remote crash dump to use pipe instead of socketpair in the child. r=kang r=ted
36cf6a98d663a59eb03043e62527b120fc876e1d
created 2014-08-04 15:11 -0700
pushed 2014-08-05 14:25 +0000
Jed Davis Jed Davis - Bug 1047620 - Fix sandboxing for B2G --disable-jemalloc builds. r=kang
b60e4395f1413e062b19e22dd16da68983719219
created 2014-08-04 15:11 -0700
pushed 2014-08-05 14:25 +0000
Jed Davis Jed Davis - Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang r=ted
d78784f732eb181c05e0c8759fe959e2bcf7ff49
created 2014-08-04 15:11 -0700
pushed 2014-08-05 14:25 +0000
Jed Davis Jed Davis - Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang
9a9d70cf22246fc0555b72ddb9acce2cdf207411
created 2014-08-01 15:05 -0700
pushed 2014-08-04 11:13 +0000
Jed Davis Jed Davis - Bug 1046525 - Allow get{e,}gid and sched_{g,s}etparam in sandboxed content processes. r=kang
99e1f3c50a12775a3f59843cc60b9febc3e0785e
created 2014-07-30 16:49 +0100
pushed 2014-07-30 21:14 +0000
Ed Morley Ed Morley - Backed out changeset d50d7e88f35e (bug 1012951) for LSan failures
d50d7e88f35eecb6c657467a179f64a47cd0c3c6
created 2014-07-29 15:31 -0700
pushed 2014-07-30 11:56 +0000
Jed Davis Jed Davis - Bug 1012951 - Sandbox GMP plugins on Linux using seccomp-bpf. r=kang r=ted
c361be2aeb66ec71289f34a5edfcc7a2527afbf8
created 2014-07-17 14:57 -0700
pushed 2014-07-18 19:00 +0000
Jed Davis Jed Davis - Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted
39ee921a5b2f66fec3dfc260274650e2a79db287
created 2014-07-14 18:35 -0700
pushed 2014-07-16 13:43 +0000
Jed Davis Jed Davis - Bug 1038490 - Fix misuse of MOZ_WIDGET_GONK in Linux content process sandbox policy. r=kang
3ea86a380019d51722b0c38c3206e5b0958b0567
created 2014-07-09 16:52 -0700
pushed 2014-07-16 13:43 +0000
Jed Davis Jed Davis - Bug 1038486 - Fix Linux desktop seccomp sandbox build on 32-bit x86. r=kang
78ebcfff12347b6cd921ddb8d240a89912b106d3
created 2014-07-10 17:37 -0700
pushed 2014-07-15 12:59 +0000
Jed Davis Jed Davis - Bug 1035786 - Avoid warning-as-error sandbox build failure with an explicit cast. r=gdestuynder
89e48a42e8a560df6e083329906c5f0950e7f5b9
created 2014-06-02 14:52 +0200
pushed 2014-06-04 13:32 +0000
Jed Davis Jed Davis - Bug 1014299 - Add times() to seccomp whitelist. r=kang
179363be564197fc8907d08823bd06609257ece4
created 2014-05-20 18:38 -0700
pushed 2014-05-21 11:46 +0000
Jed Davis Jed Davis - Bug 920372 - Fix socketcall whitelisting on i386. r=kang
2adbb2797d8b4add9ad4db27090d7f6b26d6a3ee
created 2014-05-20 18:38 -0700
pushed 2014-05-21 11:46 +0000
Jed Davis Jed Davis - Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
b56d5602d0cdcc7f06a82538e52fde16aa0d84a3
created 2014-05-20 18:37 -0700
pushed 2014-05-21 11:46 +0000
Jed Davis Jed Davis - Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
0c567eac263556a4103ac7d50aec0b1d5df5fd2c
created 2014-05-02 16:57 +0200
pushed 2014-05-06 12:23 +0000
Jed Davis Jed Davis - Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang
dc0586595f8039894a875654a18e54c85e88df1c
created 2014-04-17 16:23 -0400
pushed 2014-04-18 13:09 +0000
Jed Davis Jed Davis - Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang
aac74f0bcfbffa5c7da6cd011969d2d75100f065
created 2014-04-11 13:09 +0200
pushed 2014-04-15 16:25 +0000
Jed Davis Jed Davis - Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang
47cbfabd27b4bb316b914c00facf356a29529f42
created 2014-03-28 17:58 -0700
pushed 2014-03-29 16:01 +0000
Jed Davis Jed Davis - Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang
d380f713c721a7020886c6b00284d206d0c7fefb
created 2014-03-20 10:19 -0400
pushed 2014-03-20 21:03 +0000
Jed Davis Jed Davis - Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang
679ac1f215d8a51477ef135a3a751dc7d43a9a14
created 2014-03-20 10:19 -0400
pushed 2014-03-20 21:03 +0000
Jed Davis Jed Davis - Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang
less more (0) tip