gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
Jed Davis	ba1cc023b7	Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang This needs more unit tests for the various pieces of what's going on here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but that's nontrivial due to needing a single-threaded process -- and currently they can't be run on Mozilla's CI anyway due to needing user namespaces, and local testing can just try using GMP and manually inspecting the child process. So that will be a followup.	2015-04-10 18:05:19 -07:00
Jed Davis	32cb9ee32d	Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent This means that B2G plugin-container must (dynamically) link against libmozsandbox in order to call into it before initializing Binder. (Desktop Linux plugin-container already contains the sandbox code.)	2015-04-10 18:05:19 -07:00

Автор

SHA1

Сообщение

Дата

Jed Davis

ba1cc023b7

Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang

This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process.  So that will be a followup.

2015-04-10 18:05:19 -07:00

Jed Davis

32cb9ee32d

Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent

This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)

2015-04-10 18:05:19 -07:00

2 Коммитов