Bug 1377522 - let the macOS level 3 content sandbox ride the trains! r?haik draft
authorAlex Gaynor <agaynor@mozilla.com>
Fri, 21 Jul 2017 13:16:27 -0400
changeset 613118 7ea694eef30bd247337c0bf5ed5738d1aa8f69c6
parent 613116 e99e3e62cfa8bbc7d430f64d4fbdf77ffb81e979
child 638623 36961aa3705b4e08ada3228ccc2790893afaa7fc
push id69739
push userbmo:agaynor@mozilla.com
push dateFri, 21 Jul 2017 17:18:37 +0000
reviewershaik
bugs1377522
milestone56.0a1
Bug 1377522 - let the macOS level 3 content sandbox ride the trains! r?haik MozReview-Commit-ID: DiP82tDSBmD
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1088,21 +1088,17 @@ pref("security.sandbox.gpu.level", 0);
 //       write access to home directory is prevented, read and write access
 //       to ~/Library and profile directories are prevented (excluding
 //       $PROFILE/{extensions,chrome})"
 // 3 -> "no global read/write access, read access permitted to
 //       $PROFILE/{extensions,chrome}"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
-#if defined(NIGHTLY_BUILD)
 pref("security.sandbox.content.level", 3);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
 #endif
 
 #if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "content sandbox using seccomp-bpf when available"
 // 2 -> "seccomp-bpf + file broker"