Bug 1370438 - The MOZ_DISABLE_CONTENT_SANDBOX environment variable now works on macOS and is used in the xpcshell tests; r=haik

This environment variable works on both Windows and Linux for force-disabling the content sandbox, and now does so on macOS as well. The xpcshell tests force disable the sandbox because they do things like bind() sockets, which is not compatible with the content sandbox. This is needed now because bug 1358223 was force upgrading the sandbox from level 0 (disabled) to level 1 on beta channel, which caused breakage. MozReview-Commit-ID: 5DGxtoDLp0C --HG-- extra : rebase_source : 87edd138e8b711eace5cb8103c67feae0361e148
2017-06-07 15:30:09 -04:00 · 2017-06-07 15:30:09 -04:00 · fb7715626d
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -2377,7 +2377,6 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
 #ifdef MOZ_CONTENT_SANDBOX
  bool shouldSandbox = true;
  MaybeFileDesc brokerFd = void_t();
-#ifdef XP_LINUX
  // XXX: Checking the pref here makes it possible to enable/disable sandboxing
  // during an active session. Currently the pref is only used for testing
  // purpose. If the decision is made to permanently rely on the pref, this
@ -2386,6 +2385,7 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
  shouldSandbox = (GetEffectiveContentSandboxLevel() > 0) &&
    !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");

+#ifdef XP_LINUX
  if (shouldSandbox) {
    MOZ_ASSERT(!mSandboxBroker);
    UniquePtr<SandboxBroker::Policy> policy =
--- a/testing/xpcshell/runxpcshelltests.py
+++ b/testing/xpcshell/runxpcshelltests.py
@ -924,6 +924,11 @@ class XPCShellTests(object):
        if self.mozInfo.get("topsrcdir") is not None:
            self.env["MOZ_DEVELOPER_REPO_DIR"] = self.mozInfo["topsrcdir"].encode()

+        # Disable the content process sandbox for the xpcshell tests. They
+        # currently attempt to do things like bind() sockets, which is not
+        # compatible with the sandbox.
+        self.env["MOZ_DISABLE_CONTENT_SANDBOX"] = "1"
+
    def buildEnvironment(self):
        """
          Create and returns a dictionary of self.env to include all the appropriate env variables and values.