Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang
authorJed Davis <jld@mozilla.com>
Wed, 19 Feb 2014 15:55:42 -0500
changeset 169949 22d21b4e861839787b5f8439d033382fee23a437
parent 169948 10a99967ccec867a3079990e476521f56686165c
child 169950 d4b192312a89a5443722d6a56a1e702bbb60cb7e
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewerskang
bugs974227, 964455
milestone30.0a1
Bug 974227 - Allow readlink while sandboxed to work around bug 964455. r=kang
security/sandbox/linux/seccomp_filter.h
--- a/security/sandbox/linux/seccomp_filter.h
+++ b/security/sandbox/linux/seccomp_filter.h
@@ -243,16 +243,17 @@
   ALLOW_SYSCALL(dup), \
   ALLOW_SYSCALL(nanosleep), \
   SECCOMP_WHITELIST_ARCH_LOW \
   /* Must remove all of the following in the future, when no longer used */ \
   /* open() is for some legacy APIs such as font loading. */ \
   /* See bug 906996 for removing unlink(). */ \
   SECCOMP_WHITELIST_ARCH_TOREMOVE \
   ALLOW_SYSCALL(open), \
+  ALLOW_SYSCALL(readlink), /* Workaround for bug 964455 */ \
   ALLOW_SYSCALL(prctl), \
   ALLOW_SYSCALL(access), \
   ALLOW_SYSCALL(unlink), \
   ALLOW_SYSCALL(fsync), \
   ALLOW_SYSCALL(msync), \
   /* Should remove all of the following in the future, if possible */ \
   ALLOW_SYSCALL(getpriority), \
   ALLOW_SYSCALL(sched_get_priority_min), \