security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
fbe717b9a66443bdefa742be1875fa58de04a309
created 2017-10-26 18:57 +0200
pushed 2018-01-11 21:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
14f1fbe5263af6decbe78afd47e13030ea6aae5e
created 2018-01-09 16:29 +0100
pushed 2018-01-11 21:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik,jld
0dc0af730b77e5e15f8d40b9577021d35588a8b0
created 2017-11-17 15:23 +0100
pushed 2018-01-11 21:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
b9124906c30d9568620362f98193f0891b8a7d8a
created 2017-11-17 15:45 +0100
pushed 2018-01-11 21:05 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
993f57169829ffce97249fba7e02787e723dd8a9
created 2017-06-01 10:38 -0400
pushed 2017-11-11 14:08 +0000
Alex Gaynor Alex Gaynor - Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
1be6d94e801583f8c38964a90d6130741decab17
created 2017-11-10 19:23 +0200
pushed 2017-11-10 21:18 +0000
shindli shindli - Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE
00edc1ac58f9e9eb7c2773013b95a6a87d1fcc3e
created 2017-06-01 10:38 -0400
pushed 2017-11-10 21:18 +0000
Alex Gaynor Alex Gaynor - Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
1aa6d3251c7039e8b0e8c94374ddde3f886b40eb
created 2017-11-03 20:28 +0100
pushed 2017-11-04 17:45 +0000
Sebastian Hengst Sebastian Hengst - Backed out 6 changesets (bug 1386404) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE
c80acdea24c1c7954c4560c05d4625776ac09134
created 2017-11-03 13:18 +0100
pushed 2017-11-04 17:45 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik
eac6eb517096e96693a19504843a81adea9af0af
created 2017-10-26 17:50 +0200
pushed 2017-11-04 17:45 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
802a00ea50e785d2fccce7d3035b84dcdfa6cadb
created 2017-10-26 18:57 +0200
pushed 2017-11-04 17:45 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
d7f697bac6efc9a3c64d76137eb653aab9601b8b
created 2017-10-12 11:18 +0200
pushed 2017-11-04 17:45 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
27a4ccb808ea959aba8837a13ef89bcfffd19598
created 2017-10-30 19:10 +0100
pushed 2017-11-02 16:33 +0000
Sebastian Hengst Sebastian Hengst - Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
b136f90dc49f8c34b44246d8e3e4916bc5c5c24a
created 2017-10-26 17:50 +0200
pushed 2017-11-02 16:33 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
4600c2d575f9fdd3168942edde1bc01d2874c460
created 2017-10-26 18:57 +0200
pushed 2017-11-02 16:33 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
c2c40e4d9815fb3ab65543071a2d891dcd142bc9
created 2017-10-12 11:18 +0200
pushed 2017-11-02 16:33 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
67487a0a224b6ca0a487d4ad517927fc4a993157
created 2017-10-06 12:35 +0200
pushed 2017-11-02 16:33 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld
656e8186307b112ec71e081031f29da1cdf7cfb7
created 2017-10-09 09:29 +0200
pushed 2017-11-02 16:33 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp
9fc84ba52f31cb8640dd3077585fdd8fc53f7385
created 2017-10-05 18:10 -0600
pushed 2017-11-02 16:33 +0000
Jed Davis Jed Davis - Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp
2e2d6d3b8421f843ba7eba79658fe2367426acae
created 2017-10-04 10:50 -0700
pushed 2017-11-02 16:33 +0000
Haik Aftandilian Haik Aftandilian - Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
531f3dcfbbfc4d7d6f36c0489ded0af79e7a13b8
created 2017-10-05 00:20 +0200
pushed 2017-11-02 16:33 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 1ba3220d84fa (bug 1393805)
1ba3220d84fa149de42ea996dac0472292069538
created 2017-10-04 10:50 -0700
pushed 2017-11-02 16:33 +0000
Haik Aftandilian Haik Aftandilian - Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
031933e4a8dcb61c5189bcff2e2cf2d937faad15
created 2017-10-04 10:50 -0700
pushed 2017-10-12 18:26 +0000
Haik Aftandilian Haik Aftandilian - Bug 1393805 - Part 4: Add Linux whitelisted directory for system extensions development. r=gcp, a=ritu
142a0743821ce1aba3aa0ecf3e3de3f16b614691
created 2017-10-09 09:29 +0200
pushed 2017-10-11 17:47 +0000
Sylvestre Ledru Sylvestre Ledru - Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir. r=gcp, a=ritu
a6373996bfa6c22cbf5a7895cf35cd036f4c9ea1
created 2017-10-05 18:10 -0600
pushed 2017-10-11 17:47 +0000
Jed Davis Jed Davis - Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp, a=ritu
fad5c108c84a9af12b9126101bdbe2772bdc59aa
created 2017-10-03 20:35 -0600
pushed 2017-10-11 17:47 +0000
Jed Davis Jed Davis - Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp, a=ritu
4a1a1eab35ce97053558e791745a02b616983c66
created 2017-09-28 16:19 +0200
pushed 2017-10-05 00:26 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld, a=ritu
0d4f0c6d3fd205d5da5d1d53079ea5cdd638d521
created 2017-09-19 19:54 -0600
pushed 2017-09-22 16:55 +0000
Jed Davis Jed Davis - Bug 1396542 - Let sandboxed content processes read /var/lib/dbus/machine-id. r=gcp, a=sledru
d5dc76a1482891edaced2f77d2ee86d58b55b29c
created 2017-09-13 15:55 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1399392 - Don't hardcode .config, use XDG_* environment vars. r=jld
ec5526fce679a088d91baf146d3d9507253dd3e7
created 2017-09-13 13:41 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1396733 - Add flatpak font dirs to the sandbox whitelist. r=jld
4ffacd080dc6030453c08549f8c65a94fccb94be
created 2017-08-24 15:02 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Backed out 3 changesets (bug 1380701, bug 1384804)
7894c44fbcb6407831a809608d23a24d2c42f0bf
created 2017-08-10 19:02 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Adjust sandbox policy for dconf's `mkdir -p` behavior. r=gcp
2f541b1c207d17b998596bc807672a8e956b5adb
created 2017-08-10 21:38 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Prevent sandbox file broker rules from removing rights granted by more general rules. r=gcp
0d0513f1bb4537c86577c9b05fd9e786efe03204
created 2017-08-17 17:53 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1387742 - Whitelist default dynamic linker paths, including /lib64. r=jld
afdd35ed8902c1a6d670a56996673e91e30979f7
created 2017-08-17 16:59 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld
babbce26f79b577209f11e953e1332baff93dea3
created 2017-08-08 16:17 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1388545 - Fix PulseAudio breakage caused by read restrictions. r=gcp
0dd9cbe575fe8d630c0c7f974d4a7f780b6c6061
created 2017-08-03 12:31 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld
55b494574257d233fe1fac3a25049777b8e96ac2
created 2017-08-04 09:48 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385891 - Whitelist things in the extension dir, not just the dir itself. r=jld
9724d06abb63a43d0d775ce1d1871247e6a51b3c
created 2017-08-02 12:02 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385715 - Add support for WebGL on NVIDIA PRIME. r=jld
9a01a7a8bb4ed0b568b34dbed9bf2ede5577f274
created 2017-08-02 11:51 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385253 - Whitelist main NixOS data store directory. r=jld
6f1914a4f241b8ac62953de069296397b7645cd1
created 2017-08-02 17:11 -0700
pushed 2017-09-15 00:19 +0000
Wes Kocher Wes Kocher - Merge inbound to central, a=merge
7cf51237c6cf93221675e5f6303b147f377dc447
created 2017-07-31 18:19 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1385891 - Whitelist extensions dir in the profile. r=jld
29fd2ffa843b288e06e34caf11e580549bd8252b
created 2017-07-31 17:58 +0200
pushed 2017-09-15 00:19 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1384483 - Allow reading userContent.css in the sandbox. r=jld
a3ced6b85bda58605e9270ff8ecf2b9cff2fc12d
created 2017-08-01 18:17 -0700
pushed 2017-09-15 00:19 +0000
Wes Kocher Wes Kocher - Backed out 2 changesets (bug 1384986) for failures in browser_content_sandbox_fs.js a=backout
23dae62b5ece5d72b39b5db0c3ae8c10dd2bdef1
created 2017-07-27 12:41 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Fix PulseAudio breakage caused by read restrictions. r=gcp
60408af056d9784f91e84cc58e4d0ae6174521f5
created 2017-07-27 11:32 -0600
pushed 2017-09-15 00:19 +0000
Jed Davis Jed Davis - Bug 1384986 - Fix DConf breakage caused by read restrictions. r=gcp
7f9c0489c233d437b23f2810c80b383f59106de5
created 2017-08-03 12:31 +0200
pushed 2017-08-09 20:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld, a=lizzard
2b347fb55a9965acec727f6e40671ba859636603
created 2017-07-31 14:28 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
00167e9fe0c0fc573801eb8a905eb3822290c2da
created 2017-07-29 13:05 -0400
pushed 2017-08-02 08:25 +0000
Thomas Daede Thomas Daede - Bug 1384718 - Add sandbox rules for Mesa 17.1 driver loader. r=gcp
88e14ba4308e1ca878548a2b1616276c7b543c39
created 2017-07-28 10:29 +0200
pushed 2017-08-02 08:25 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset ef5feef07bed (bug 1384835)
ef5feef07bed07583c52e434dbc5e4b9a2545deb
created 2017-07-27 16:45 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1384835 (part 3) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
167f91f87172c3fd4ca7ac8f8e1f6bd6a2bf2dc1
created 2017-07-24 16:32 +0200
pushed 2017-08-02 08:25 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308400 - Support file process, whitelist path prefs. r=jld
5202dd1a9e218f133380a7fd4b1257d8a99f9c55
created 2017-07-21 10:45 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1382099 - Remove MOZ_WIDGET_GONK from security/. r=jld.
6352096eb0de303cba9440092279e4254a1ec586
created 2017-06-20 19:19 +1000
pushed 2017-08-02 08:25 +0000
Nicholas Nethercote Nicholas Nethercote - Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
0d5ae200e069f348555b175c339ea0f1443eec7c
created 2017-05-30 07:10 -0600
pushed 2017-06-12 13:08 +0000
Jed Davis Jed Davis - Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
39941ecd60960ab28f5839eb0dabae669c1ab391
created 2017-05-12 17:04 -0400
pushed 2017-06-12 13:08 +0000
Alex Gaynor Alex Gaynor - Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
8c82d1ad582f2362076dbcb06312ff4606cce8ef
created 2017-05-31 21:34 +0200
pushed 2017-06-12 13:08 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
4e283b54baa60ff2dadff62b264f971224efca52
created 2017-05-12 17:04 -0400
pushed 2017-06-12 13:08 +0000
Alex Gaynor Alex Gaynor - Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
50ff055b70fe829d26c01342a906d53c1d41e645
created 2017-01-26 19:59 +0100
pushed 2017-04-18 12:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
2633df8bf5d3969230f0627eda9c01e239f1091d
created 2017-01-27 20:59 +0100
pushed 2017-04-18 12:07 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset e87ae43ca443 (bug 1330326)
less more (0) -60 tip