Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
authorJed Davis <jld@mozilla.com>
Thu, 19 Mar 2015 11:57:00 -0400
changeset 265423 5aaf90d7a1e3e9f2dfe27d4f82e5938bb10bbd70
parent 265422 c16ac2a8f47c3f245ad67a88088b0872767cd497
child 265424 bf229a2f6970b09715d01d9e6fdbf672df0076ec
push id830
push userraliiev@mozilla.com
push dateFri, 19 Jun 2015 19:24:37 +0000
treeherdermozilla-release@932614382a68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang
bugs1144514
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -149,16 +149,17 @@ SandboxFilterImplContent::Build() {
   /* ioctl() is for GL. Remove when GL proxy is implemented.
    * Additionally ioctl() might be a place where we want to have
    * argument filtering */
   Allow(SYSCALL(ioctl));
   Allow(SYSCALL(close));
   Allow(SYSCALL(munmap));
   Allow(SYSCALL(mprotect));
   Allow(SYSCALL(writev));
+  Allow(SYSCALL(pread64));
   AllowThreadClone();
   Allow(SYSCALL(brk));
 #if SYSCALL_EXISTS(set_thread_area)
   Allow(SYSCALL(set_thread_area));
 #endif
 
   Allow(SYSCALL(getpid));
   Allow(SYSCALL(gettid));