security/sandbox/linux/Sandbox.cpp
c23905a01c29f257f64db3e627d07a1eb71eb0d0
created 2015-11-30 18:21 +0100
pushed 2015-12-16 19:25 +0000
Jed Davis Jed Davis - Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder
7ec70e0c699746cf72e03acadc09d0d5877423d0
created 2015-11-02 07:53 +0200
pushed 2015-11-02 13:29 +0000
Birunthan Mohanathas Birunthan Mohanathas - Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj
f5e11173ec72ac5c700ea1e19fc9a87375bde41a
created 2015-10-07 22:13 -0700
pushed 2015-10-08 14:45 +0000
Jed Davis Jed Davis - Bug 930258 - Part 2: seccomp-bpf integration. r=kang
10e3f62dc8a66c514fd1b3b42604cc5b7be8ebdc
created 2015-08-28 13:37 +0200
pushed 2015-09-10 19:28 +0000
Jed Davis Jed Davis - Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
0d99e927527b2300dacfbc641e4af1249f46d604
created 2015-08-28 12:18 +0200
pushed 2015-09-10 19:28 +0000
Jed Davis Jed Davis - Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
d9a56e97c6b1a4184deaf3f9c7b8a8872bd7fd21
created 2015-08-11 16:30 -0400
pushed 2015-08-14 21:17 +0000
Jed Davis Jed Davis - Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang
2fb5a54331e35ec6fe1687a9cb9a1dcbc51d325a
created 2015-07-09 12:09 +0200
pushed 2015-07-21 16:41 +0000
Jed Davis Jed Davis - Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium
201c980cabe7cc195dd9c1dddcd70fe73f1408b5
created 2015-07-13 16:51 -0700
pushed 2015-07-14 13:24 +0000
Wes Kocher Wes Kocher - Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE
fbf7aca43c3a79cabf6bc05adc80dc930cae43f3
created 2015-07-13 16:17 -0700
pushed 2015-07-13 23:24 +0000
Jed Davis Jed Davis - Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
513d62fe75c9d136042f9ca85b017d3aad3cdc37
created 2015-06-19 14:26 -0700
pushed 2015-06-22 04:50 +0000
Jed Davis Jed Davis - Bug 1176085 - Fix second/nanosecond confusion in Linux sandbox start error case. r=kang
6e2d23f31eebabd6264b27e5a96505e113394bed
created 2015-06-10 13:38 -0400
pushed 2015-06-12 20:00 +0000
Jed Davis Jed Davis - Bug 1168555 - Work around Nuwa not always being single-threaded when a normal content process is. r=kang
6522add87d6bb4fa693c3089cc0c0e10ba77c301
created 2015-06-05 15:17 -0700
pushed 2015-06-08 11:01 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang
b3f98086e8cc3cbf7cd17d8336e2bce77c255252
created 2015-06-05 15:17 -0700
pushed 2015-06-08 11:01 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 2: Move SIGSYS handling to Chromium TrapRegistry. r=kang
32872aebf4abd375c974f1c752967de182680323
created 2015-06-05 15:17 -0700
pushed 2015-06-08 11:01 +0000
Jed Davis Jed Davis - Bug 1055310 - Step 1: Convert seccomp-bpf policies to Chromium PolicyCompiler. r=kang
acc410f0b28ca4affaed71fd1bfb0330a3c33072
created 2015-04-10 18:05 -0700
pushed 2015-04-13 10:33 +0000
Jed Davis Jed Davis - Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
4ed5d64f054ba283f8a47c698daa38c124c8bacc
created 2015-04-10 18:05 -0700
pushed 2015-04-13 10:33 +0000
Jed Davis Jed Davis - Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
53a41684adcbca8801d9d208a2d3d42a2a8a11d4
created 2015-04-10 18:05 -0700
pushed 2015-04-13 10:33 +0000
Jed Davis Jed Davis - Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
3928ee1b0381453833c00fbe1e1b72a26143f13a
created 2015-01-11 11:34 +0900
pushed 2015-01-12 18:26 +0000
Masatoshi Kimura Masatoshi Kimura - Bug 1120062 - Part 1: Remove most Nullptr.h includes. r=waldo
1e0944ec79a6a270e0d4ddb1ab20fb4631c9186d
created 2014-12-10 17:26 -0800
pushed 2014-12-11 21:18 +0000
Jed Davis Jed Davis - Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang
d06d1a469bb1962807e29e036666e06c4f5670e5
created 2014-11-24 15:22 -0800
pushed 2014-11-25 16:33 +0000
Jed Davis Jed Davis - Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium
0b3bfc3c27913e0be76dda67798865cf3c270f58
created 2014-11-24 15:22 -0800
pushed 2014-11-25 16:33 +0000
Jed Davis Jed Davis - Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium
09cbdbb68a5c9a35628d08293ba37523a5f996ba
created 2014-11-06 13:11 +0100
pushed 2014-11-07 23:35 +0000
Jed Davis Jed Davis - Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj
2881d59c61f243122b7c94deacee0140dd29f1ae
created 2014-11-06 11:04 -0800
pushed 2014-11-07 23:35 +0000
Jed Davis Jed Davis - Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang
8bcaa2c7dab7df62ef08306059a8409077430736
created 2014-08-15 15:00 -0400
pushed 2014-10-29 02:45 +0000
Jed Davis Jed Davis - Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup, r=kang, a=sledru
90e489c8fc4b9e2373ba1651629e3caf024fc795
created 2014-08-15 15:00 -0400
pushed 2014-10-29 02:45 +0000
Jed Davis Jed Davis - Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang, r=ted, a=sledru
6fdd170cc4093c579d1fc884364bf1c34d0e0f94
created 2014-08-15 15:00 -0400
pushed 2014-10-29 02:45 +0000
Jed Davis Jed Davis - Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang, a=sledru
05c9d0a949bc005e2636fcf8d2d3de03324f8794
created 2014-07-16 13:33 -0700
pushed 2014-10-29 02:45 +0000
Jed Davis Jed Davis - Bug 1038900 - Dynamically allocate signal number for sandbox startup. r=kang a=2.0+
c2f036dd38b4adf30e260b2f91fbb6da4b551697
created 2014-10-21 11:18 +0200
pushed 2014-10-29 00:55 +0000
Jed Davis Jed Davis - Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
ee14fb2a1053fff9b4a5cb5f0dd0486ddbe3ceb1
created 2014-08-26 13:54 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1054616 - Clean up logging-related shims for Linux sandboxing. r=kang
2f9d0821e08cdf73a7c6e32e9bc2ecf440960197
created 2014-08-26 13:54 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1041886 - Separate Linux sandbox code into its own shared library. r=kang r=glandium
b3dcb5b33f780a0266be0c9261e297fe43e3b1a8
created 2014-08-26 13:54 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang
740e7cc973862f86e2a68b5908f3f22e0c663259
created 2014-08-14 15:39 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang
20dbe115d6285b6d618f7af8f0acd0a50413caeb
created 2014-08-12 21:28 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang
b60e4395f1413e062b19e22dd16da68983719219
created 2014-08-04 15:11 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang r=ted
d78784f732eb181c05e0c8759fe959e2bcf7ff49
created 2014-08-04 15:11 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang
99e1f3c50a12775a3f59843cc60b9febc3e0785e
created 2014-07-30 16:49 +0100
pushed 2014-10-20 17:29 +0000
Ed Morley Ed Morley - Backed out changeset d50d7e88f35e (bug 1012951) for LSan failures
d50d7e88f35eecb6c657467a179f64a47cd0c3c6
created 2014-07-29 15:31 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1012951 - Sandbox GMP plugins on Linux using seccomp-bpf. r=kang r=ted
5342871fa1ccc62f858c3cfd97bec694301c751e
created 2014-07-24 11:36 +0200
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1017393 - Record rejected syscall number in crash dump. r=kang
c361be2aeb66ec71289f34a5edfcc7a2527afbf8
created 2014-07-17 14:57 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted
cfca2c09feee0610092a1e6007f259b2addc901c
created 2014-07-16 13:37 +0200
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 1038900 - Dynamically allocate signal number for sandbox startup. r=kang
9362c573937919669e4a7464666e2d45e65498f3
created 2014-07-08 05:53 +0100
pushed 2014-10-20 17:29 +0000
jvoisin jvoisin - Bug 1035786 - Fix namespace bug in Linux sandbox LOG_ERROR macro. r=jld
a2dde11f99061e3c0956069bdd09200056afa22c
created 2014-07-09 12:32 +0100
pushed 2014-10-20 17:29 +0000
Bob Owen Bob Owen - Bug 1035786 - Fix member variable initialisation order in LogMessage stub in Linux Sandbox.cpp. r=jld
63538074b343a05d39453e11356f057e6dade811
created 2014-07-02 11:28 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
466138f414d86a654b32203eb2b3e710ddcd626f
created 2014-07-02 15:03 -0700
pushed 2014-10-20 17:29 +0000
Wes Kocher Wes Kocher - Backed out 3 changesets (bug 956961) for non-unified build bustage
f1be89cb58b92f458c14f5fe5b3670d56cb6ea6e
created 2014-07-02 11:28 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang
b56d5602d0cdcc7f06a82538e52fde16aa0d84a3
created 2014-05-20 18:37 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang
5e3f28be55560f59efb33279bc37d06bf092cab6
created 2014-04-12 00:38 -0400
pushed 2014-10-20 17:29 +0000
Boris Zbarsky Boris Zbarsky - Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE
d0137753c9d652505263aff752b048db5c11a868
created 2014-04-09 15:23 +0200
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang
1e4e7d7e184bc86c7781f42b6bed69228333d8c0
created 2014-03-20 10:19 -0400
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang
4dc79f490573a8990b3fc00ec26a860c3c221b17
created 2014-03-20 09:27 -0400
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang
602a61ed044801e993b1c5c5afed8473139906b3
created 2014-03-12 15:48 -0700
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 977859 - Drop uid 0 in all content processes immediately after fork. r=bent r=kang
9a83a9b580ab2b452d2f95e8a5d4bc0aa4746441
created 2014-03-06 12:23 -0800
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 979686 - Fix the non-(ARM|x86|x86_64) desktop build. r=kang
e304d624f1f783c39392fa52e68df1a602deaa83
created 2014-03-04 18:27 -0800
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 946407 - Disable sandbox when DMDing. r=njn r=kang
c1a0493fa09e6838ce24c6af316ff7b6f63d7682
created 2014-02-27 13:18 -0800
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 970676 - Turn on sandboxing on all relevant threads. r=dhylands r=bent f=kang
a82beb76bbd4ef842267c42c59bb488945a7161f
created 2014-02-13 16:26 -0800
pushed 2014-10-20 17:29 +0000
Guillaume Destuynder Guillaume Destuynder - bug 948620 - Add env variable MOZ_DISABLE_CONTENT_SANDBOX to disable sandbox at runtime. r=jld
5ea08da71f1bd3da944db9a21db7705bb941c3ed
created 2014-02-07 10:46 -0500
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 945504 - Include JS stack in sandbox reporter logs. r=kang
eb80025840686e9723dfc24d66a83b3d1464cc46
created 2014-02-06 16:11 -0800
pushed 2014-10-20 17:29 +0000
Eric Rahm Eric Rahm - Bug 969126 - Fix sandbox build for b2g on OS X. r=kang
e2a5bb78e8a533dffada6760fb63b978b3a42bb4
created 2014-02-05 13:29 -0500
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 945498 - Use breakpad to report seccomp violations as crashes. r=ted, r=kang
0a3f3bfcc7126506d4e7e086765ab571a003673a
created 2014-01-10 08:22 -0500
pushed 2014-10-20 17:29 +0000
Jed Davis Jed Davis - Bug 945330 - Reword and slightly improve sandbox violation log message. r=kang
e0776db3b102510504fdcf57b7f65dfa1da3b46d
created 2013-12-08 21:52 -0500
pushed 2014-10-20 17:29 +0000
Birunthan Mohanathas Birunthan Mohanathas - Bug 713082 - Part 2: Rename Util.h to ArrayUtils.h. r=Waldo
less more (0) tip