Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -376,16 +376,19 @@ void SandboxFilterImplGMP::Build() {
#if SYSCALL_EXISTS(set_robust_list)
Allow(SYSCALL(set_robust_list));
#endif
// NSPR can call this when creating a thread, but it will accept a
// polite "no".
Deny(EACCES, SYSCALL(getpriority));
+ // But if thread creation races with sandbox startup, that call
+ // could succeed, and then we get one of these:
+ Deny(EACCES, SYSCALL(setpriority));
// Stack bounds are obtained via pthread_getattr_np, which calls
// this but doesn't actually need it:
Deny(ENOSYS, SYSCALL(sched_getaffinity));
#ifdef MOZ_ASAN
Allow(SYSCALL(sigaltstack));
#endif