Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 02 Nov 2016 20:02:42 +0100
changeset 320929 f9e1ac58390649526fd81d27968cc90e350afbe6
parent 320928 e81cbf6ee940b7cb3bd1fab044f3db091bf943d4
child 320930 d22ae5961c628ae3a9699678e5cd9916a5e08a10
push id30913
push userkwierso@gmail.com
push dateFri, 04 Nov 2016 19:14:07 +0000
treeherdermozilla-central@753433776a5e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1312678
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r=jld MozReview-Commit-ID: 82nCmXqnCbp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -134,16 +134,20 @@ SandboxBrokerPolicyFactory::SandboxBroke
   }
   // If the above fails at any point, fall back to a very good guess.
   if (NS_FAILED(rv)) {
     policy->AddDir(rdwrcr, "/tmp");
   }
 
   // Bug 1308851: NVIDIA proprietary driver when using WebGL
   policy->AddPrefix(rdwr, "/dev", "nvidia");
+
+  // Bug 1312678: radeonsi/Intel with DRI when using WebGL
+  policy->AddDir(rdwr, "/dev/dri");
+
   mCommonContentPolicy.reset(policy);
 #endif
 }
 
 #ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy>
 SandboxBrokerPolicyFactory::GetContentPolicy(int aPid)
 {