зеркало из https://github.com/mozilla/gecko-dev.git
4be220d5f3
There are a few things that use SysV IPC, which we discovered the last time we tried to do this, which need to be accomodated: 1. The ALSA dmix plugin; if the build has ALSA support (off by default) and if audio remoting is disabled, SysV IPC is allowed. 2. ATI/AMD's old proprietary graphics driver (fglrx), which is obsolete and doesn't support newer hardware, but still has users; if it's detected, SysV IPC is allowed. 3. Graphics libraries trying to use the MIT-SHM extension; this is already turned off for other reasons (see bug 1271100), but that shim seems to not load early enough in some cases, so it's copied into libmozsandbox, which is preloaded before anything else in LD_PRELOAD. Also, msgget is now blocked in all cases; the only case it was known to be used involved ESET antivirus, which is now handled specially (bug 1362601). In any case, the seccomp-bpf policy has never allowed actually *using* message queues, so creating them is not very useful. MozReview-Commit-ID: 5bOOQcXFd9U --HG-- extra : rebase_source : ea79c0a7e31f58f056be15b551c57dde974dfae2 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| manager | ||
| nss | ||
| pkix | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||