Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Thu, 17 Aug 2017 16:59:41 +0200
changeset 425006 afdd35ed8902c1a6d670a56996673e91e30979f7
parent 425005 fc4e3d36bf0c6bb79dfe8a9ded58655449f87fc5
child 425007 0d0513f1bb4537c86577c9b05fd9e786efe03204
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1384804
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1384804 - Allow libnuma to read /proc/self/status, block get_mempolicy. r=jld MozReview-Commit-ID: EHPVoFQ6jVZ
security/sandbox/linux/SandboxFilter.cpp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -806,19 +806,16 @@ public:
 #ifdef __NR_fadvise64_64
     case __NR_fadvise64_64:
       return Allow();
 #endif
 
     case __NR_fallocate:
       return Allow();
 
-    case __NR_get_mempolicy:
-      return Allow();
-
 #endif // DESKTOP
 
 #ifdef __NR_getrandom
     case __NR_getrandom:
       return Allow();
 #endif
 
       // nsSystemInfo uses uname (and we cache an instance, so
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -224,17 +224,19 @@ SandboxBrokerPolicyFactory::SandboxBroke
 #endif
 }
 
 #ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy>
 SandboxBrokerPolicyFactory::GetContentPolicy(int aPid, bool aFileProcess)
 {
   // Policy entries that vary per-process (currently the only reason
-  // that can happen is because they contain the pid) are added here.
+  // that can happen is because they contain the pid) are added here,
+  // as well as entries that depend on preferences or paths not available
+  // in early startup.
 
   MOZ_ASSERT(NS_IsMainThread());
   // File broker usage is controlled through a pref.
   if (GetEffectiveContentSandboxLevel() <= 1) {
     return nullptr;
   }
 
   MOZ_ASSERT(mCommonContentPolicy);
@@ -264,16 +266,21 @@ SandboxBrokerPolicyFactory::GetContentPo
 
   // Bug 1198550: the profiler's replacement for dl_iterate_phdr
   policy->AddPath(rdonly, nsPrintfCString("/proc/%d/maps", aPid).get());
 
   // Bug 1198552: memory reporting.
   policy->AddPath(rdonly, nsPrintfCString("/proc/%d/statm", aPid).get());
   policy->AddPath(rdonly, nsPrintfCString("/proc/%d/smaps", aPid).get());
 
+  // Bug 1384804, notably comment 15
+  // Used by libnuma, included by x265/ffmpeg, who falls back
+  // to get_mempolicy if this fails
+  policy->AddPath(rdonly, nsPrintfCString("/proc/%d/status", aPid).get());
+
   // userContent.css and the extensions dir sit in the profile, which is
   // normally blocked and we can't get the profile dir earlier in startup,
   // so this must happen here.
   nsCOMPtr<nsIFile> profileDir;
   nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
                                        getter_AddRefs(profileDir));
   if (NS_SUCCEEDED(rv)) {
       nsCOMPtr<nsIFile> workDir;