security/sandbox/linux/SandboxFilter.cpp
48431f63d84227177951f65c9c828548d9a8bbb2
created 2019-02-23 00:44 +0000
pushed 2019-03-11 13:01 +0000
Jed Davis Jed Davis - Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp
56f39977c72c62e0fdff0e5f68e72d6091b221db
created 2019-02-27 15:23 +0000
pushed 2019-03-11 13:01 +0000
Jed Davis Jed Davis - Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp
5f4630838d46dd81dadb13220a4af0da9e23a619
created 2019-01-18 10:16 +0100
pushed 2019-01-21 13:03 +0000
Ehsan Akhgari Ehsan Akhgari - Bug 1521000 - Part 2: Adjust our clang-format rules to include spaces after the hash for nested preprocessor directives r=sylvestre
6f3709b3878117466168c40affa7bca0b60cf75b
created 2018-11-30 11:46 +0100
pushed 2018-12-03 16:23 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
026130a68e7c9a54d0995a485cd941aad9a3c30c
created 2018-09-17 16:43 +0000
pushed 2018-10-15 21:07 +0000
Jed Davis Jed Davis - Bug 1489735 - Quietly deny sched_setaffinity in content process sandbox r=gcp
b54db66223586b4e04f5cb926fccdacf8a176b91
created 2018-05-30 21:15 +0200
pushed 2018-06-18 21:43 +0000
Emilio Cobos Álvarez Emilio Cobos Álvarez - Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj
c74eb9a24c8b44f90d3fadaef6c48b4b4043aa61
created 2018-05-18 17:36 -0600
pushed 2018-06-18 21:43 +0000
Jed Davis Jed Davis - Bug 1462640 - Allow content processes to mincore() individual pages. r=gcp
0b8d58958178006790e77995487d947d4dfc86e6
created 2018-03-12 20:21 -0600
pushed 2018-04-26 21:04 +0000
Jed Davis Jed Davis - Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work. r=gcp
792ab44dd9ec02732ae1d964c1726967e05b598f
created 2018-03-09 19:31 -0700
pushed 2018-03-12 14:54 +0000
Jed Davis Jed Davis - Bug 1440206 - Allow brokered access to a subset of connect() in the Linux content sandbox. r=gcp
936b73ae6e3ce7a98e596b0422b2776db349e85d
created 2018-02-27 21:30 -0700
pushed 2018-03-02 22:13 +0000
Jed Davis Jed Davis - Bug 1438401 - Quietly fail shmget() in sandboxed content processes. r=gcp
d853ce9b3dd3e2d4ac66c6e12b6ed2425513b91a
created 2018-02-15 16:10 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp
4e2bf17f806d4451e4390dc5f6bd83daeca1b8ce
created 2018-01-29 17:36 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp
74b5e036363f6123db0a96e31355b4aa88058c28
created 2018-01-26 19:43 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1376910 - Remove SysV IPC access from Linux content sandbox when possible. r=gcp
af41b725ff915e0bca46a43175fc20c8a0785b86
created 2018-01-23 22:37 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp
ff1469e834940ae28709a94c14ea02e0428e1cc5
created 2018-01-23 22:37 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1386019 - At sandbox level 4, remove syscalls used only by PulseAudio. r=gcp
35083f8586e713ecf393435c63ed2a93bc7c5803
created 2018-01-23 22:35 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1126437 - Add Linux content sandbox level 4 for blocking socket APIs. r=gcp
bb5e75c2d0c8473678517965ad6e6d0ff3c323fb
created 2018-01-23 22:35 -0700
pushed 2018-03-01 16:46 +0000
Jed Davis Jed Davis - Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp
3b11a0bf7ae7a7fe0ed508583cf07441b68bab78
created 2017-11-20 10:47 -0700
pushed 2018-01-11 21:05 +0000
Jed Davis Jed Davis - Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp
e056256f34337a7d20eff986b69e4791135f10b3
created 2017-12-07 22:17 +0200
pushed 2018-01-11 21:05 +0000
Noemi Erli Noemi Erli - Backed out 2 changesets (bug 1409895) for crashes in Linux talos jobs r=backout on a CLOSED TREE
bc8fbf503fea22d3db9d44a2e79e440c6c86490a
created 2017-11-20 10:47 -0700
pushed 2018-01-11 21:05 +0000
Jed Davis Jed Davis - Bug 1409895 - Disallow getcwd in Linux content process sandbox. r=gcp
4ccd1fbb5ea660f79c573f5b95d15188de3b8a94
created 2017-10-31 18:12 -0600
pushed 2017-11-07 22:38 +0000
Jed Davis Jed Davis - Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp
67cb7ca658a7a2e9a4aaebb0801a3f93c50deba7
created 2017-10-30 19:45 -0600
pushed 2017-11-07 22:38 +0000
Jed Davis Jed Davis - Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
eeb1aae7683bac5303976c8ebd425f632ecb0b9b
created 2017-10-27 19:51 -0600
pushed 2017-11-07 22:38 +0000
Jed Davis Jed Davis - Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
48b83b14ff3d1c47481980b5ec0b091d26d3d4c9
created 2017-10-27 20:51 -0600
pushed 2017-11-07 22:38 +0000
Jed Davis Jed Davis - Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
d1e920ac2d7c1f6c03face443dc839bb26ad6f17
created 2017-10-27 18:05 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp
862de4b756405c181a1db886a16a603ffe2f20df
created 2017-10-27 19:32 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
9f9c7289c55b64d0faba947f16162e178eab1a19
created 2017-10-25 12:43 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
ae49d4a5762264ded3aae4006baddc2203b79b94
created 2017-10-27 16:15 +0300
pushed 2017-11-02 16:33 +0000
Attila Craciun Attila Craciun - Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout.
4381412e49e32985fa68868c30134fa70102e8a4
created 2017-10-25 13:35 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp
83296a355dd49b2822a52b08d0df89e029ea56bc
created 2017-10-25 13:08 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
072007f834314978acf0dc15efd3c3b935b2957e
created 2017-10-25 12:43 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
671e6d994ecb598ad15bb3329e78d1d0135345cc
created 2017-10-25 16:38 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp
2d3fafd808dd999750e2284e9d0a5ccdd746c5b5
created 2017-10-25 11:04 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp
ff9088972319ed49297b6cbd134e1d3fb121ed64
created 2017-07-24 17:33 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp
0d9c6250f99dc4b6aa1a94f5260737d046c52b1e
created 2017-10-17 11:45 +0200
pushed 2017-11-02 16:33 +0000
Sebastian Hengst Sebastian Hengst - merge mozilla-inbound to mozilla-central. r=merge a=merge
6a25d8a48554255bd8991850ae3d030077e7f7f0
created 2017-10-16 14:54 +1300
pushed 2017-11-02 16:33 +0000
Matthew Gregan Matthew Gregan - Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
c006ddf45ea82e700275ebdd848eae34d3f67d85
created 2017-04-12 18:41 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp
56d157b594af5241751a887a1dca643cd970384a
created 2017-10-13 14:34 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1408493 - Don't restrict ioctl() in sandboxed content if ALSA might be used. r=gcp
17d6725388ef99862a37076b528395278549d4d3
created 2017-10-13 14:32 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1408498 - Allow FIONREAD in sandboxed content processes, for libgio. r=gcp
fb637352a959581a2c7e3fc02b4801e27518761b
created 2017-10-05 19:53 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1405891 - Block tty-related ioctl()s in sandboxed content processes. r=gcp
40e071f08bf6a3c4f97f77f02fc83ba93dda06e6
created 2017-09-07 08:29 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1397753 - Disallow kill() in sandboxed content processes. r=gcp
2e6bfbf7e58e0f691bc03fdb5d1fad17f946ccf8
created 2017-09-07 08:27 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r=gcp
59db725def8282e1d77e83f002d247c7d0f95237
created 2017-07-27 17:22 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink(). r=gcp
4ffacd080dc6030453c08549f8c65a94fccb94be
created 2017-08-24 15:02 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Backed out 3 changesets (bug 1380701, bug 1384804)
afdd35ed8902c1a6d670a56996673e91e30979f7
created 2017-08-17 16:59 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld
0d56979a6efae4883ab2bd015dae79271b832725
created 2017-07-20 13:43 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1380701 - Remove brokering for link, unlink, and rename. r=gcp
bb2e59766bada3c9528e48c70b60ee0681c3db1e
created 2017-08-16 09:46 -0700
pushed 2017-09-15 00:19 +0000
Wes Kocher Wes Kocher - Backed out 2 changesets (bug 1380701) for bustage in SandboxBroker a=backout
4456ebfe5657fa3ab3d0e83f8d3494122588cb06
created 2017-07-20 13:43 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1380701 - Remove brokering for link, unlink, and rename. r=gcp
7ea87b92669121e030c14df64b4d1edcdcc044bc
created 2017-07-27 15:27 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384306 - Allow SOCK_CLOEXEC in socketpair(). r=gcp
1efacc8c49ba68b524de18c6b30153cb78e524d2
created 2017-07-26 12:50 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Backed out 3 changesets (bug 1383007, bug 1376910)
394b3d22db1988839462c9832f4ef309aef556a1
created 2017-07-21 23:28 +0200
pushed 2017-08-02 08:25 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1383007 - Move the declaration in the #ifdef declaration to silent a warning r=jld
d11cd5c3fc6f5e1ec439e6d15e3f911f3e967e3c
created 2017-06-28 06:33 -0700
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1376910 - Block syscalls for SysV IPC in content processes. r=gcp
9b5bb669d1283995fd8d01fe779bd8646cb2cd92
created 2017-07-11 16:59 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1376653 - Unconditionalize the tkill() polyfill. r=gcp
a8f06d32af317f7db813252afbaae05a13d8863a
created 2017-07-11 14:23 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1376653 - Loosen restrictions on clone flags for musl. r=gcp
52e1b27c1cb085997440183cf28686c36f5591b3
created 2017-07-07 08:58 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp
9d96ca099f2106d59bf65c0e0b77d0422f2dd51b
created 2017-07-07 08:58 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1372428 - Deal with fcntl() in media plugins. r=gcp
ca32657a32377a20f127d9f01eb5e4cbb8c2cee1
created 2017-07-07 08:58 -0600
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1372428 - Deal with uname() in media plugins. r=gcp
f551e82578c1e0537ed829dab8e71c0614c80e2b
created 2017-06-27 17:57 +0200
pushed 2017-08-02 08:25 +0000
Jan Keromnes Jan Keromnes - Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp
2fe9bcd421fffb0c90abf3cb616844bc69f04c53
created 2017-06-27 14:52 -0700
pushed 2017-08-02 08:25 +0000
Jed Davis Jed Davis - Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp
5bbdb7d36ee3c136a0ed03be9d5b012d05dfd08e
created 2017-06-13 01:54 -0400
pushed 2017-08-02 08:25 +0000
Randell Jesup Randell Jesup - Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld
less more (0) -100 -60 tip