Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang
authorJed Davis <jld@mozilla.com>
Thu, 17 Apr 2014 16:23:23 -0400
changeset 197699 dc0586595f8039894a875654a18e54c85e88df1c
parent 197698 55b4ac7353fdede62f8d423fe9d15284929eff53
child 197700 9f9e83390b460fa1ded4aa746bec47c3e9ff47dc
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang
bugs997409
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -91,16 +91,19 @@ static struct sock_filter seccomp_filter
    * argument filtering */
   ALLOW_SYSCALL(ioctl),
   ALLOW_SYSCALL(close),
   ALLOW_SYSCALL(munmap),
   ALLOW_SYSCALL(mprotect),
   ALLOW_SYSCALL(writev),
   ALLOW_SYSCALL(clone),
   ALLOW_SYSCALL(brk),
+#if SYSCALL_EXISTS(set_thread_area)
+  ALLOW_SYSCALL(set_thread_area),
+#endif
 
   ALLOW_SYSCALL(getpid),
   ALLOW_SYSCALL(gettid),
   ALLOW_SYSCALL(getrusage),
   ALLOW_SYSCALL(madvise),
   ALLOW_SYSCALL(dup),
   ALLOW_SYSCALL(nanosleep),
   ALLOW_SYSCALL(poll),