Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp

Guest sessions on Ubuntu (and maybe other distributions that use LightDM?) apply an AppArmor policy that allows CLONE_NEWUSER but doesn't allow using any of the capabilities it grants, or even configuring the new user namespace. This patch causes those environments to be detected as not supporting unprivileged user namespaces, because for all practical purposes they don't. MozReview-Commit-ID: HVkoBakRwaA --HG-- extra : rebase_source : 4028eff177de30acc58f7f0c32989265dfcad9fd
2018-02-08 17:46:42 -07:00 · 2018-02-08 17:46:42 -07:00 · db9ae514d1
--- a/security/sandbox/linux/SandboxInfo.cpp
+++ b/security/sandbox/linux/SandboxInfo.cpp
@ -137,7 +137,11 @@ CanCreateUserNamespace()
    return cached[0] > '0';
  }

-  pid_t pid = syscall(__NR_clone, SIGCHLD | CLONE_NEWUSER,
+  // Bug 1434528: In addition to CLONE_NEWUSER, do something that uses
+  // the new capabilities (in this case, cloning another namespace) to
+  // detect AppArmor policies that allow CLONE_NEWUSER but don't allow
+  // doing anything useful with it.
+  pid_t pid = syscall(__NR_clone, SIGCHLD | CLONE_NEWUSER | CLONE_NEWPID,
                      nullptr, nullptr, nullptr, nullptr);
  if (pid == 0) {
    // In the child.  Do as little as possible.