Bug 1575985 part 2 - Allow RW access to /dev/null in content sandbox r=gcp

This is needed by lucet to run WASM sandboxed libraries.

Differential Revision: https://phabricator.services.mozilla.com/D46108

--HG--
extra : moz-landing-system : lando

security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

@@ -270,6 +270,9 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory() {
   // Bug 1312678: radeonsi/Intel with DRI when using WebGL
   policy->AddDir(rdwr, "/dev/dri");
 
+  // Bug 1575985: WASM library sandbox needs RW access to /dev/null
+  policy->AddPath(rdwr, "/dev/null");
+
   // Read permissions
   policy->AddPath(rdonly, "/dev/urandom");
   policy->AddPath(rdonly, "/proc/cpuinfo");