Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
authorJed Davis <jld@mozilla.com>
Mon, 30 Oct 2017 19:45:39 -0600
changeset 390355 67cb7ca658a7a2e9a4aaebb0801a3f93c50deba7
parent 390354 eeb1aae7683bac5303976c8ebd425f632ecb0b9b
child 390356 4ccd1fbb5ea660f79c573f5b95d15188de3b8a94
push id32827
push userccoroiu@mozilla.com
push dateMon, 06 Nov 2017 23:02:00 +0000
treeherdermozilla-central@62aeebcc676e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1412464
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp MozReview-Commit-ID: DY0qdGYGNdL
security/sandbox/linux/SandboxFilter.cpp
security/sandbox/linux/SandboxHooks.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -922,23 +922,16 @@ public:
     case __NR_wait4:
 #ifdef __NR_waitpid
     case __NR_waitpid:
 #endif
       // NSPR will start a thread to wait for child processes even if
       // fork() fails; see bug 227246 and bug 1299581.
       return Error(ECHILD);
 
-      // inotify_{add,rm}_watch take filesystem paths.  Pretend the
-      // kernel doesn't support inotify; note that this could make
-      // libgio attempt network connections for FAM.
-    case __NR_inotify_init:
-    case __NR_inotify_init1:
-      return Error(ENOSYS);
-
     case __NR_eventfd2:
       return Allow();
 
 #ifdef __NR_memfd_create
     case __NR_memfd_create:
       return Allow();
 #endif
 
--- a/security/sandbox/linux/SandboxHooks.cpp
+++ b/security/sandbox/linux/SandboxHooks.cpp
@@ -1,21 +1,22 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/Types.h"
+
 #include <dlfcn.h>
 #include <signal.h>
 #include <errno.h>
-
-#include "mozilla/Types.h"
-
 #include <stdio.h>
 #include <stdlib.h>
+#include <sys/inotify.h>
 
 // Signal number used to enable seccomp on each thread.
 extern int gSeccompTsyncBroadcastSignum;
 
 // This file defines a hook for sigprocmask() and pthread_sigmask().
 // Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf
 // sandbox. To avoid this, we intercept the call and remove SIGSYS.
 //
@@ -65,8 +66,21 @@ sigprocmask(int how, const sigset_t* set
 extern "C" MOZ_EXPORT int
 pthread_sigmask(int how, const sigset_t* set, sigset_t* oldset)
 {
   static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*))
     dlsym(RTLD_NEXT, "pthread_sigmask");
 
   return HandleSigset(sRealFunc, how, set, oldset, false);
 }
+
+extern "C" MOZ_EXPORT int
+inotify_init(void)
+{
+  return inotify_init1(0);
+}
+
+extern "C" MOZ_EXPORT int
+inotify_init1(int flags)
+{
+  errno = ENOSYS;
+  return -1;
+}