зеркало из https://github.com/mozilla/gecko-dev.git
cc6e7ab133
This commit also allows `memfd_create` in the seccomp-bpf policy for all process types. `memfd_create` is an API added in Linux 3.17 (and adopted by FreeBSD for the upcoming version 13) for creating anonymous shared memory not connected to any filesystem. Supporting it means that sandboxed child processes on Linux can create shared memory directly instead of messaging a broker, which is unavoidably slower, and it should avoid the problems we'd been seeing with overly small `/dev/shm` in container environments (which were causing serious problems for using Firefox for automated testing of frontend projects). `memfd_create` also introduces the related operation of file seals: irrevocably preventing types of modifications to a file. Unfortunately, the most useful one, `F_SEAL_WRITE`, can't be relied on; see the large comment in `SharedMemory:ReadOnlyCopy` for details. So we still use the applicable seals as defense in depth, but read-only copies are implemented on Linux by using procfs (and see the comments on the `ReadOnlyCopy` function in `shared_memory_posix.cc` for the subtleties there). There's also a FreeBSD implementation, using `cap_rights_limit` for read-only copies, if the build host is new enough to have the `memfd_create` function. The support code for Android, which doesn't support shm_open and can't use the memfd backend because of issues with its SELinux policy (see bug 1670277), has been reorganized to reflect that we'll always use its own API, ashmem, in that case. Differential Revision: https://phabricator.services.mozilla.com/D90605 |
||
|---|---|---|
| .. | ||
| base | ||
| build | ||
| chrome/common | ||
| third_party | ||
| LICENSE | ||