security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
142a0743821ce1aba3aa0ecf3e3de3f16b614691
created 2017-10-09 09:29 +0200
pushed 2017-10-11 17:47 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir. r=gcp, a=ritu
a6373996bfa6c22cbf5a7895cf35cd036f4c9ea1
created 2017-10-05 18:10 -0600
pushed 2017-10-11 17:47 +0000
Jed Davis Jed Davis - Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp, a=ritu
fad5c108c84a9af12b9126101bdbe2772bdc59aa
created 2017-10-03 20:35 -0600
pushed 2017-10-11 17:47 +0000
Jed Davis Jed Davis - Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp, a=ritu
4a1a1eab35ce97053558e791745a02b616983c66
created 2017-09-28 16:19 +0200
pushed 2017-10-05 00:26 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld, a=ritu
0d4f0c6d3fd205d5da5d1d53079ea5cdd638d521
created 2017-09-19 19:54 -0600
pushed 2017-09-22 16:55 +0000
Jed Davis Jed Davis - Bug 1396542 - Let sandboxed content processes read /var/lib/dbus/machine-id. r=gcp, a=sledru
d5dc76a1482891edaced2f77d2ee86d58b55b29c
created 2017-09-13 15:55 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r=jld
ec5526fce679a088d91baf146d3d9507253dd3e7
created 2017-09-13 13:41 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r=jld
4ffacd080dc6030453c08549f8c65a94fccb94be
created 2017-08-24 15:02 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Backed out 3 changesets (bug 1380701, bug 1384804)
7894c44fbcb6407831a809608d23a24d2c42f0bf
created 2017-08-10 19:02 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Adjust sandbox policy for dconf's `mkdir -p` behavior. r=gcp
2f541b1c207d17b998596bc807672a8e956b5adb
created 2017-08-10 21:38 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Prevent sandbox file broker rules from removing rights granted by more general rules. r=gcp
0d0513f1bb4537c86577c9b05fd9e786efe03204
created 2017-08-17 17:53 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1387742 - Whitelist default dynamic linker paths, including /lib64. r=jld
afdd35ed8902c1a6d670a56996673e91e30979f7
created 2017-08-17 16:59 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld
babbce26f79b577209f11e953e1332baff93dea3
created 2017-08-08 16:17 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1388545 - Fix PulseAudio breakage caused by read restrictions. r=gcp
0dd9cbe575fe8d630c0c7f974d4a7f780b6c6061
created 2017-08-03 12:31 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld
55b494574257d233fe1fac3a25049777b8e96ac2
created 2017-08-04 09:48 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385891 - Whitelist things in the extension dir, not just the dir itself. r=jld
9724d06abb63a43d0d775ce1d1871247e6a51b3c
created 2017-08-02 12:02 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385715 - Add support for WebGL on NVIDIA PRIME. r=jld
9a01a7a8bb4ed0b568b34dbed9bf2ede5577f274
created 2017-08-02 11:51 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385253 - Whitelist main NixOS data store directory. r=jld
6f1914a4f241b8ac62953de069296397b7645cd1
created 2017-08-02 17:11 -0700
pushed 2017-09-15 00:19 +0000
Wes Kocher Wes Kocher - Merge inbound to central, a=merge
7cf51237c6cf93221675e5f6303b147f377dc447
created 2017-07-31 18:19 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385891 - Whitelist extensions dir in the profile. r=jld
29fd2ffa843b288e06e34caf11e580549bd8252b
created 2017-07-31 17:58 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384483 - Allow reading userContent.css in the sandbox. r=jld
a3ced6b85bda58605e9270ff8ecf2b9cff2fc12d
created 2017-08-01 18:17 -0700
pushed 2017-09-15 00:19 +0000
Wes Kocher Wes Kocher - Backed out 2 changesets (bug 1384986) for failures in browser_content_sandbox_fs.js a=backout
23dae62b5ece5d72b39b5db0c3ae8c10dd2bdef1
created 2017-07-27 12:41 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Fix PulseAudio breakage caused by read restrictions. r=gcp
60408af056d9784f91e84cc58e4d0ae6174521f5
created 2017-07-27 11:32 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Fix DConf breakage caused by read restrictions. r=gcp
7f9c0489c233d437b23f2810c80b383f59106de5
created 2017-08-03 12:31 +0200
pushed 2017-08-09 20:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld, a=lizzard
2b347fb55a9965acec727f6e40671ba859636603
created 2017-07-31 14:28 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
00167e9fe0c0fc573801eb8a905eb3822290c2da
created 2017-07-29 13:05 -0400
pushed 2017-08-02 08:25 +0000
Thomas Daede Thomas Daede - Bug 1384718 - Add sandbox rules for Mesa 17.1 driver loader. r=gcp
88e14ba4308e1ca878548a2b1616276c7b543c39
created 2017-07-28 10:29 +0200
pushed 2017-08-02 08:25 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset ef5feef07bed (bug 1384835)
ef5feef07bed07583c52e434dbc5e4b9a2545deb
created 2017-07-27 16:45 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
167f91f87172c3fd4ca7ac8f8e1f6bd6a2bf2dc1
created 2017-07-24 16:32 +0200
pushed 2017-08-02 08:25 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308400 - Support file process, whitelist path prefs. r=jld
5202dd1a9e218f133380a7fd4b1257d8a99f9c55
created 2017-07-21 10:45 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1382099 - Remove MOZ_WIDGET_GONK from security/. r=jld.
6352096eb0de303cba9440092279e4254a1ec586
created 2017-06-20 19:19 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
0d5ae200e069f348555b175c339ea0f1443eec7c
created 2017-05-30 07:10 -0600
pushed 2017-06-12 13:08 +0000
Jed Davis Jed Davis - Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
39941ecd60960ab28f5839eb0dabae669c1ab391
created 2017-05-12 17:04 -0400
pushed 2017-06-12 13:08 +0000
Alex Gaynor Alex Gaynor - Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
8c82d1ad582f2362076dbcb06312ff4606cce8ef
created 2017-05-31 21:34 +0200
pushed 2017-06-12 13:08 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
4e283b54baa60ff2dadff62b264f971224efca52
created 2017-05-12 17:04 -0400
pushed 2017-06-12 13:08 +0000
Alex Gaynor Alex Gaynor - Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
50ff055b70fe829d26c01342a906d53c1d41e645
created 2017-01-26 19:59 +0100
pushed 2017-04-18 12:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
2633df8bf5d3969230f0627eda9c01e239f1091d
created 2017-01-27 20:59 +0100
pushed 2017-04-18 12:07 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset e87ae43ca443 (bug 1330326)
e87ae43ca44332a0bf30a4151b57cbb9b8e369ac
created 2017-01-26 19:59 +0100
pushed 2017-04-18 12:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
5ae2260e20e758d04e80427d29cf8aa1d2cd2890
created 2016-10-11 16:35 +0200
pushed 2017-03-06 20:48 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1309098 - Add ALSA devices to filesystem policy whitelist. r=glandium
f9e1ac58390649526fd81d27968cc90e350afbe6
created 2016-11-02 20:02 +0100
pushed 2017-01-23 14:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1312678 - Whitelist DRI drivers in the content sandbox, for WebGL. r=jld
510cf5f0eccabf5c96385a9a11d6f460f8afb227
created 2016-10-10 20:51 +0200
pushed 2017-01-23 14:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308851 - Open up devices for NVIDIA proprietary driver in the sandbox. r=jld
c838d2546cadd65bf8d5579db20a268c8b6e4b87
created 2016-10-06 13:25 +0200
pushed 2017-01-23 14:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Clean up stat/stat64 wrapper. Deal with non-default TMPDIR. r=jld
a79ec9afac7b7cbed2802c7ffa9db47313b1f445
created 2016-09-27 17:25 +0200
pushed 2017-01-23 14:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Extend sandbox file broker to handle paths, support more syscalls. r=jld,tedd
efc191826274fb7bda23efa6ce3233fdf0da5dc1
created 2016-06-16 12:39 +0200
pushed 2016-09-19 13:38 +0000
Julian Hector Julian Hector - Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
23f49057b4aab6dbe89337799e408c746c3f9308
created 2016-07-05 12:25 +0200
pushed 2016-09-19 13:38 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 730fcdccb26e (bug 742434)
730fcdccb26e389fa7bad04dfe5903eeb5796ea3
created 2016-06-16 12:39 +0200
pushed 2016-09-19 13:38 +0000
Julian Hector Julian Hector - Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
ca64f3dba55e967a08644ee3ce643a584dd4e7d4
created 2016-07-04 18:00 +0200
pushed 2016-09-19 13:38 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Backed out 2 changesets (bug 742434)
66a937c6ca0e6264068a1b1426b0983e76f7d9c6
created 2016-06-16 12:39 +0200
pushed 2016-09-19 13:38 +0000
Julian Hector Julian Hector - Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld
d8b6ab130caa9b9d1ec974aa9b0c86a4fec8683c
created 2015-11-13 12:29 +0000
pushed 2016-01-25 13:55 +0000
Julian Hector Julian Hector - Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld
c50fbae3d1a3bfd8c185db4634368c278a660b6d
created 2015-10-07 22:13 -0700
pushed 2015-12-14 20:08 +0000
Jed Davis Jed Davis - Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang
less more (0) tip