security/sandbox/linux/SandboxFilter.cpp
7a9b07064c28ac88d837c14e3cc85e95a8597aa9
created 2017-02-24 13:18 +0100
pushed 2017-06-05 19:31 +0000
Benjamin Bouvier Benjamin Bouvier - Bug 1342385: Allow mremap on linux32 for wasm; r=jld
f73368ed36cf12bf18f7d66f370d5cd6b8a5e8db
created 2017-01-30 18:49 -0700
pushed 2017-06-05 19:31 +0000
Jed Davis Jed Davis - Bug 1286865 - Step 1: Gather syscall info from SIGSYS handlers into the parent process. r=gcp
50ff055b70fe829d26c01342a906d53c1d41e645
created 2017-01-26 19:59 +0100
pushed 2017-06-05 19:31 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
2633df8bf5d3969230f0627eda9c01e239f1091d
created 2017-01-27 20:59 +0100
pushed 2017-06-05 19:31 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset e87ae43ca443 (bug 1330326)
e87ae43ca44332a0bf30a4151b57cbb9b8e369ac
created 2017-01-26 19:59 +0100
pushed 2017-06-05 19:31 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1330326 - Make sandboxing policy more configurable via preferences. r=jld
26025c7f0d298872c5fe88739c9897254da6fc75
created 2016-12-06 12:38 -1000
pushed 2017-04-10 20:44 +0000
Jed Davis Jed Davis - Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd r=gcp
c021b68fc7dfbc9890e225db9d98e4763d7f08b6
created 2016-11-28 12:05 -0700
pushed 2017-04-10 20:44 +0000
Jed Davis Jed Davis - Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
52318ef46d8b447b41d71900d7428c03b3a593e3
created 2016-12-06 12:38 -1000
pushed 2017-02-27 14:59 +0000
Jed Davis Jed Davis - Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd, r=gcp, a=jcristau
b54a7014e03d92571b341b9ce82772305685a58d
created 2016-12-12 11:49 +0100
pushed 2017-02-27 14:59 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 3a761e5cc19c (bug 1257361) for bustage
3a761e5cc19c38782cfc0da0bba68954bd06cd27
created 2016-12-06 12:38 -1000
pushed 2017-02-27 14:59 +0000
Jed Davis Jed Davis - Bug 1257361 - Simplify detecting threads that already have seccomp-bpf applied. r=tedd r=gcp a=gchang
15775247c226598e8b00a5229c4f2c20a35b2c3a
created 2016-10-25 20:43 +0200
pushed 2017-02-27 14:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld
61aed24ee7e7d856f0a3bee895dc85b443f69d91
created 2016-10-07 23:22 -0400
pushed 2017-02-27 14:59 +0000
Ryan VanderMeulen Ryan VanderMeulen - Merge m-c to autoland. a=merge
d3f56ee6993a1ec8e4529a583a93342b2cdf9c47
created 2016-10-07 22:07 +0200
pushed 2017-02-27 14:59 +0000
Sebastian Hengst Sebastian Hengst - Backed out changeset 9887bfe1f8fa (bug 1308568) on request of its developer. r=backout
9887bfe1f8fa7a7ae5ce58a68acb5a1f6c3dccd0
created 2016-10-07 20:58 +0200
pushed 2017-02-27 14:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
099e8386665bce6331b79a9e0568075037f00b86
created 2016-10-07 22:09 +0200
pushed 2017-02-27 14:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1308568 - Add missing filesystem calls to Allow in case broker is disabled. r=haik
c838d2546cadd65bf8d5579db20a268c8b6e4b87
created 2016-10-06 13:25 +0200
pushed 2017-02-27 14:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Clean up stat/stat64 wrapper. Deal with non-default TMPDIR. r=jld
a79ec9afac7b7cbed2802c7ffa9db47313b1f445
created 2016-09-27 17:25 +0200
pushed 2017-02-27 14:59 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1289718 - Extend sandbox file broker to handle paths, support more syscalls. r=jld,tedd
11a470398b1f22a7be23b4a02d42fcb3fbf343da
created 2016-09-26 16:10 -0400
pushed 2017-02-27 14:59 +0000
Jed Davis Jed Davis - Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp
17592aa0049962153db68fb10e4893b99116b8f2
created 2016-09-26 16:32 -0400
pushed 2017-02-27 14:59 +0000
Jed Davis Jed Davis - Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp
a738538c802e5162c1088487117179f5a4d39be3
created 2016-09-26 16:32 -0400
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp, a=ritu
d3af65afc4c8a3abfb07f294dcb92ec52d58cbca
created 2016-09-26 16:10 -0400
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp, a=ritu
a46f0e32289bb8975eef7f87d14cbd71c9c10582
created 2016-09-06 08:57 +0100
pushed 2017-01-16 13:07 +0000
Bob Owen Bob Owen - Bug 1287426 Part 3: Update security/sandbox/chromium/ to commit 4ec79b7f2379a60cdc15599e93255c0fa417f1ed. r=aklotz, r=jld
0fab4436ad09df818b87d4dba3e11b15b5a804d9
created 2016-08-30 18:15 -0700
pushed 2017-01-16 13:07 +0000
Wes Kocher Wes Kocher - Merge m-c to autoland, a=merge
b8771e81cc6ee8c95ba3e6f251ca94a732eef5ad
created 2016-08-22 15:51 +0200
pushed 2017-01-16 13:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1295190 - Add sys_flock to seccomp whitelist. r=jld
1a6361b000fcb97f941e4091001e88be0e46927f
created 2016-08-30 16:59 +0200
pushed 2017-01-16 13:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd
7239d050d65fbc4dbe4387c59d07cd68649e35c3
created 2016-08-18 16:56 +0200
pushed 2017-01-16 13:07 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd
f416db46e66e9b89ecf3767f3a2b08f26504cabb
created 2016-08-08 14:59 -0700
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
847bef59265f604cc2fca1aaf5d4b731afb20851
created 2016-08-01 13:10 +0200
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
fa84c3fbfbad99169d6db2e47dd85b748a5bedff
created 2016-08-01 15:47 +0200
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp
0143eed9088443d8b09238cab3dde6ab793be261
created 2016-08-01 15:44 +0200
pushed 2017-01-16 13:07 +0000
Jed Davis Jed Davis - Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd
eadaa06966fefa5ea284da51a8d58ef2423edf47
created 2016-08-01 08:49 +0100
pushed 2017-01-16 13:07 +0000
L. David Baron L. David Baron - Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector
a2b93143108f572f21721ac682ff4487da07a2a5
created 2016-09-26 16:32 -0400
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1304220 - Allow media plugins to use the times(2) syscall. r=gcp, a=ritu
c97ea049e8f4d5159af2d33280f58b82037e121c
created 2016-09-26 16:10 -0400
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1303813 - Allow media plugins to call madvise with MADV_FREE. r=gcp, a=ritu
c2bf357a1c14e4474ba711d0e1717498381e4bbd
created 2016-08-01 15:44 +0200
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd,a=ritu
f96ead8d21170bc8b83bb4b1456bce7ff17f7fd6
created 2016-08-01 15:47 +0200
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp,a=ritu
c843e9dbdbbc61f9f97484cfeaf60d680ffecab2
created 2016-08-01 13:10 +0200
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd,a=ritu
e3f85c717e6578a66bb6f3a82d72ce609e33ed7c
created 2016-07-27 15:45 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp
c941e8a139541661f1ca69c673959345e76f20bf
created 2016-07-25 19:37 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp
7107f6c515422d297e25e9028f37d29efcbba0ec
created 2016-07-23 17:13 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp
250943418f3a43c46de84797ad58a22f724caf58
created 2016-07-12 18:24 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp
b83fcff9edd2e930eaf518d0a337eb53b75ec9f1
created 2016-07-20 06:36 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
414ef1361cd25cbf734e413b08be9538de551229
created 2016-07-10 22:06 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp
59d21113b4619c117c178b86ec8c7fd5d7fb5807
created 2016-07-15 17:57 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp
4f3556a9addc454d21d1f874f270eddc8f41577e
created 2016-07-15 17:34 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp
7b3f1cc706bdfc764bc7f4f808afc84c4c873c23
created 2016-07-14 15:00 -0400
pushed 2016-10-31 18:13 +0000
Jed Davis Jed Davis - Bug 1286324 - Make fork() non-fatal in Linux content sandbox. r=jhector
9e2b738c7966e0aea677de546a34f9764df2fdac
created 2016-07-13 01:18 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286413 - Add CASES_FOR_fchown and use it. r=gcp
5789d5804cae470433d96cd92f9f411af2400202
created 2016-07-14 13:51 +0200
pushed 2016-10-31 18:13 +0000
Carsten "Tomcat" Book Carsten "Tomcat" Book - Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber
9dc4452707f853444127bc272c77a9b3c168ebd1
created 2016-07-13 15:03 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp
535e23baec4a471bb74a7035492bd93938d5967d
created 2016-07-13 01:18 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp
dfd94f28c5734d3b404232b310b82617040cce9d
created 2016-07-12 04:42 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1286033 - Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp
baf618eb5988a658afc6631b667c03e38e419d78
created 2016-07-11 18:51 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285946 - Add sys_readv to seccomp whitelist. r=gcp
7fc03ac81fa12c8adc427f69bef0068e2839507f
created 2016-07-11 19:38 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285827 - Add sys_link to seccomp whitelist. r=gcp
e9c1b7bf955f87d43ba755c5a80e720a2fae3693
created 2016-07-11 00:12 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285816 - Add sys_accept4 to seccomp whitelist. r=gcp
52763f9aca69d0df49368a8e0096ee7033034372
created 2016-07-11 19:32 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285771 - Add sys_mlock to seccomp whitelist. r=gcp
e82b92329a054213e85b31b31e70ed2797b08a36
created 2016-07-11 10:54 +0200
pushed 2016-10-31 18:13 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd
4b46c6dcd1ea8bc355da21bf19bf212a9a7842e0
created 2016-07-11 10:15 +0200
pushed 2016-10-31 18:13 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd
516786c7c7b8d74e4fda556c5edb6e96b20a09bd
created 2016-07-08 17:59 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp
a22656e76df720def44b182a645f9ba78dc085d6
created 2016-07-08 17:12 +0200
pushed 2016-10-31 18:13 +0000
Gian-Carlo Pascutto Gian-Carlo Pascutto - Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector
279d7b204e96ae99bd010a730930310d174eaf32
created 2016-07-05 03:07 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
bd4db3e235a49de1eaf59e67620220fc7b0ae702
created 2016-07-05 13:51 +0200
pushed 2016-10-31 18:13 +0000
Julian Hector Julian Hector - Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp
less more (0) -100 -60 tip