Bug 1370438 - The MOZ_DISABLE_CONTENT_SANDBOX environment variable now works on macOS and is used in the xpcshell tests; r=haik
authorAlex Gaynor <agaynor@mozilla.com>
Wed, 07 Jun 2017 15:30:09 -0400
changeset 413519 a5a453664f8f51302e3fcccabf3f2020e74bbf6e
parent 413518 352b0d009f78a90c9ea7565ee7afba8270947104
child 413520 f776e85cbb5881ef6f97fce55a4dc7d78a8c8583
push id1490
push usermtabara@mozilla.com
push dateMon, 31 Jul 2017 14:08:16 +0000
treeherdermozilla-release@70e32e6bf15e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1370438, 1358223
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1370438 - The MOZ_DISABLE_CONTENT_SANDBOX environment variable now works on macOS and is used in the xpcshell tests; r=haik This environment variable works on both Windows and Linux for force-disabling the content sandbox, and now does so on macOS as well. The xpcshell tests force disable the sandbox because they do things like bind() sockets, which is not compatible with the content sandbox. This is needed now because bug 1358223 was force upgrading the sandbox from level 0 (disabled) to level 1 on beta channel, which caused breakage. MozReview-Commit-ID: 5DGxtoDLp0C
dom/ipc/ContentParent.cpp
testing/xpcshell/runxpcshelltests.py
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -2372,25 +2372,25 @@ ContentParent::InitInternal(ProcessPrior
       SerializeURI(sheet->GetSheetURI(), uri);
       Unused << SendLoadAndRegisterSheet(uri, nsIStyleSheetService::AUTHOR_SHEET);
     }
   }
 
 #ifdef MOZ_CONTENT_SANDBOX
   bool shouldSandbox = true;
   MaybeFileDesc brokerFd = void_t();
-#ifdef XP_LINUX
   // XXX: Checking the pref here makes it possible to enable/disable sandboxing
   // during an active session. Currently the pref is only used for testing
   // purpose. If the decision is made to permanently rely on the pref, this
   // should be changed so that it is required to restart firefox for the change
   // of value to take effect.
   shouldSandbox = (GetEffectiveContentSandboxLevel() > 0) &&
     !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");
 
+#ifdef XP_LINUX
   if (shouldSandbox) {
     MOZ_ASSERT(!mSandboxBroker);
     UniquePtr<SandboxBroker::Policy> policy =
       sSandboxBrokerPolicyFactory->GetContentPolicy(Pid());
     if (policy) {
       brokerFd = FileDescriptor();
       mSandboxBroker = SandboxBroker::Create(Move(policy), Pid(), brokerFd);
       if (!mSandboxBroker) {
--- a/testing/xpcshell/runxpcshelltests.py
+++ b/testing/xpcshell/runxpcshelltests.py
@@ -919,16 +919,21 @@ class XPCShellTests(object):
         # Don't permit remote connections by default.
         # MOZ_DISABLE_NONLOCAL_CONNECTIONS can be set to "0" to temporarily
         # enable non-local connections for the purposes of local testing.
         # Don't override the user's choice here.  See bug 1049688.
         self.env.setdefault('MOZ_DISABLE_NONLOCAL_CONNECTIONS', '1')
         if self.mozInfo.get("topsrcdir") is not None:
             self.env["MOZ_DEVELOPER_REPO_DIR"] = self.mozInfo["topsrcdir"].encode()
 
+        # Disable the content process sandbox for the xpcshell tests. They
+        # currently attempt to do things like bind() sockets, which is not
+        # compatible with the sandbox.
+        self.env["MOZ_DISABLE_CONTENT_SANDBOX"] = "1"
+
     def buildEnvironment(self):
         """
           Create and returns a dictionary of self.env to include all the appropriate env variables and values.
           On a remote system, we overload this to set different values and are missing things like os.environ and PATH.
         """
         self.env = dict(os.environ)
         self.buildCoreEnvironment()
         if sys.platform == 'win32':