diff --git a/dom/canvas/WebGLContext.cpp b/dom/canvas/WebGLContext.cpp index ba6c5935b8fd..cd4c5c107c33 100644 --- a/dom/canvas/WebGLContext.cpp +++ b/dom/canvas/WebGLContext.cpp @@ -248,16 +248,6 @@ bool WebGLContext::CreateAndInitGL( bool forceEnabled, std::vector* const out_failReasons) { const FuncScope funcScope(*this, ""); - // Can't use WebGL in headless mode. - if (gfxPlatform::IsHeadless()) { - FailureReason reason; - reason.info = - "Can't use WebGL in headless mode (https://bugzil.la/1375585)."; - out_failReasons->push_back(reason); - GenerateWarning("%s", reason.info.BeginReading()); - return false; - } - // WebGL2 is separately blocked: if (IsWebGL2() && !forceEnabled) { FailureReason reason; diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp index 666dee9135b1..11b1d8ecae3a 100644 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp @@ -523,13 +523,19 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() { policy->AddPath(SandboxBroker::MAY_CONNECT, bumblebeeSocket); #if defined(MOZ_WIDGET_GTK) && defined(MOZ_X11) - // Allow local X11 connections, for Primus and VirtualGL to contact - // the secondary X server. No exception for Wayland. - if (mozilla::widget::GdkIsX11Display()) { + // Allow local X11 connections, for several purposes: + // + // * for content processes to use WebGL when the browser is in headless + // mode, by opening the X display if/when needed + // + // * if Primus or VirtualGL is used, to contact the secondary X server + static const bool kIsX11 = + !mozilla::widget::GdkIsWaylandDisplay() && PR_GetEnv("DISPLAY"); + if (kIsX11) { policy->AddPrefix(SandboxBroker::MAY_CONNECT, "/tmp/.X11-unix/X"); - } - if (const auto xauth = PR_GetEnv("XAUTHORITY")) { - policy->AddPath(rdonly, xauth); + if (auto* const xauth = PR_GetEnv("XAUTHORITY")) { + policy->AddPath(rdonly, xauth); + } } #endif } diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp index 1efcd3846696..d55acbc1a57c 100644 --- a/security/sandbox/linux/launch/SandboxLaunch.cpp +++ b/security/sandbox/linux/launch/SandboxLaunch.cpp @@ -64,18 +64,25 @@ namespace mozilla { // // (Longer-term we intend to either proxy or remove X11 access from // content processes, at which point this will stop being an issue.) -static bool IsDisplayLocal() { +static bool IsGraphicsOkWithoutNetwork() { // For X11, check whether the parent's connection is a Unix-domain // socket. This is done instead of trying to parse the display name // because an empty hostname (e.g., ":0") will fall back to TCP in // case of failure to connect using Unix-domain sockets. #ifdef MOZ_X11 // First, ensure that the parent process's graphics are initialized. - Unused << gfxPlatform::GetPlatform(); + DebugOnly gfxPlatform = gfxPlatform::GetPlatform(); const auto display = gdk_display_get_default(); - if (NS_WARN_IF(display == nullptr)) { - return false; + if (!display) { + // In this case, the browser is headless, but WebGL could still + // try to use X11. However, WebGL isn't supported with remote + // X11, and in any case these connections are made after sandbox + // startup (lazily when WebGL is used), so they aren't being done + // directly by the process anyway. (For local X11, they're + // brokered.) + MOZ_ASSERT(gfxPlatform->IsHeadless()); + return true; } if (mozilla::widget::GdkIsX11Display(display)) { const int xSocketFd = ConnectionNumber(GDK_DISPLAY_XDISPLAY(display)); @@ -331,7 +338,8 @@ void SandboxLaunchPrepare(GeckoProcessType aType, // local-ness is cached because it won't change.) static const bool canCloneNet = StaticPrefs::security_sandbox_content_headless_AtStartup() || - (IsDisplayLocal() && !PR_GetEnv("RENDERDOC_CAPTUREOPTS")); + (IsGraphicsOkWithoutNetwork() && + !PR_GetEnv("RENDERDOC_CAPTUREOPTS")); if (canCloneNet) { flags |= CLONE_NEWNET;