Bug 1388046 - Disable sandbox read restrictions (level 3) on beta/release. r=jld, a=gchang
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 09 Aug 2017 18:51:51 +0200
changeset 421122 a1ac56679ed31c9b0160d72e216da9e46ea57c69
parent 421121 9924d1eaa5016331df8d779492dc8d01d2fb8d97
child 421123 6ea7b3eb8990bb0f7a16119f8545bcf429d88131
push id7606
push userryanvm@gmail.com
push dateFri, 11 Aug 2017 20:45:35 +0000
treeherdermozilla-beta@6ea7b3eb8990 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld, gchang
bugs1388046
milestone56.0
Bug 1388046 - Disable sandbox read restrictions (level 3) on beta/release. r=jld, a=gchang MozReview-Commit-ID: 3VQM545aqpL
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1101,17 +1101,21 @@ pref("security.sandbox.content.level", 3
 // to whitelist more system calls.
 //
 // So the purpose of this setting is to allow nightly users to disable the
 // sandbox while we fix their problems. This way, they won't have to wait for
 // another nightly release which disables seccomp-bpf again.
 //
 // This setting may not be required anymore once we decide to permanently
 // enable the content sandbox.
+#ifdef NIGHTLY_BUILD
 pref("security.sandbox.content.level", 3);
+#else
+pref("security.sandbox.content.level", 2);
+#endif
 pref("security.sandbox.content.write_path_whitelist", "");
 pref("security.sandbox.content.read_path_whitelist", "");
 pref("security.sandbox.content.syscall_whitelist", "");
 #endif
 
 #if defined(XP_MACOSX) || defined(XP_WIN)
 #if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a