Bug 1377522 - let the macOS level 3 content sandbox ride the trains! r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Fri, 21 Jul 2017 13:16:27 -0400
changeset 420193 1a8f5aaf69d171588076995d12a8388b58ddfb9a
parent 420192 2646388a3a8f68a0959428b94c04944d6e33fe9d
child 420194 000f58399e4f434bdb8ab0c4c3c8a1f384902332
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1377522
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1377522 - let the macOS level 3 content sandbox ride the trains! r=haik MozReview-Commit-ID: DiP82tDSBmD
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1088,21 +1088,17 @@ pref("security.sandbox.gpu.level", 0);
 //       write access to home directory is prevented, read and write access
 //       to ~/Library and profile directories are prevented (excluding
 //       $PROFILE/{extensions,chrome})"
 // 3 -> "no global read/write access, read access permitted to
 //       $PROFILE/{extensions,chrome}"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
-#if defined(NIGHTLY_BUILD)
 pref("security.sandbox.content.level", 3);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
 #endif
 
 #if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "content sandbox using seccomp-bpf when available"
 // 2 -> "seccomp-bpf + write file broker"