Bug 1384718 - Add sandbox rules for Mesa 17.1 driver loader. r=gcp
authorThomas Daede <daede003@umn.edu>
Sat, 29 Jul 2017 13:05:55 -0400
changeset 420607 00167e9fe0c0fc573801eb8a905eb3822290c2da
parent 420606 806f15a5c0f20a84d2e40c84e4d4f0d48e99d54c
child 420608 15ace180cf033edf24a4849d16247fee9ebbef22
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1384718
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1384718 - Add sandbox rules for Mesa 17.1 driver loader. r=gcp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -105,16 +105,19 @@ SandboxBrokerPolicyFactory::SandboxBroke
   policy->AddDir(rdonly, "/usr/lib32");
   policy->AddDir(rdonly, "/usr/lib64");
   policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
   policy->AddDir(rdonly, "/usr/tmp");
   policy->AddDir(rdonly, "/var/tmp");
   policy->AddDir(rdonly, "/sys/devices/cpu");
   policy->AddDir(rdonly, "/sys/devices/system/cpu");
 
+  // Bug 1384178: mesa driver loader
+  policy->AddPrefix(rdonly, "/sys/dev/char/226:");
+
   // Configuration dirs in the homedir that we want to allow read
   // access to.
   mozilla::Array<const char*, 3> confDirs = {
     ".config",
     ".themes",
     ".fonts",
   };