Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
authorJulian Hector <julian.r.hector@gmail.com>
Wed, 20 Jul 2016 06:36:00 +0200
changeset 331228 b83fcff9edd2e930eaf518d0a337eb53b75ec9f1
parent 331150 34fab997a0a18bc72da09d0811ff98357fe0eb5f
child 331229 250943418f3a43c46de84797ad58a22f724caf58
push id9858
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 14:37:10 +0000
treeherdermozilla-aurora@203106ef6cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp MozReview-Commit-ID: CkX1txdLAMg
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -664,16 +664,21 @@ public:
       // the child would inherit the seccomp-bpf policy and almost
       // certainly die from an unexpected SIGSYS.  We also can't have
       // fork() crash, currently, because there are too many system
       // libraries/plugins that try to run commands.  But they can
       // usually do something reasonable on error.
     case __NR_clone:
       return ClonePolicy(Error(EPERM));
+#ifdef __NR_fadvise64
+    case __NR_fadvise64:
+      return Allow();
 #endif // DESKTOP
 #ifdef __NR_getrandom
     case __NR_getrandom:
       return Allow();
       // nsSystemInfo uses uname (and we cache an instance, so