author Jed Davis <jld@mozilla.com>
Wed, 27 Feb 2019 20:14:54 +0000
changeset 519405 493b443954fe15f7b542ba14671f25e5f8531dff
parent 97003 42c372c2f7493b79f79c58150b5531d23e74ca61
permissions -rw-r--r--
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525

<html class="reftest-wait">
	<title>bug 536421</title>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
input { border:1px solid blue; }
<body onload="doTest()">
  <input value="test" id="textbox" onfocus="triggerBug();" type="text">
  <script type="text/javascript">
    function finishTest()
    function triggerBug()
      var t = document.getElementById("textbox");
      t.style.display = "none";
      t.style.display = "";
    function doTest()
      var t = document.getElementById("textbox");