mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/sandbox
История
Jed Davis 3bfc3ec49f Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp 
This adds the boolean pref security.sandbox.content.headless (on Linux
only) which does two things:

1. Sets the MOZ_HEADLESS env var for content processes, so that they
don't initialize GTK and don't connect to the X server.

2. Disallows brokered access to parts of the filesystem used only for
graphics -- most critically connecting to the X11 socket itself, but
also opening GPU device nodes and the parts of sysfs used by Mesa, for
example.

This is experimental; use at your own risk.

Setting this pref will break native widgets, so it's also necessary to
set widget.disable-native-theme-for-content

Additionally, it breaks Flash and WebGL; see bug 1638466 for the latter.

Differential Revision: https://phabricator.services.mozilla.com/D81425
 		2020-07-01 21:10:36 +00:00
..
chromium Bug 1639030 - Part 3: Roll-up patch to apply remaining mozilla changes to chromium sandbox. r=bobowen 2020-07-08 12:54:35 +00:00
chromium-shim Bug 1639030 - Part 2: Roll-up of chromium sandbox update and patches to get a running browser. r=bobowen 2020-07-08 12:54:33 +00:00
common
linux Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp 2020-07-01 21:10:36 +00:00
mac Bug 1648838 - Remove OS-specific sandboxing code for unsupported macOS versions (up to 10.11 inclusive) r=spohl 2020-07-01 14:27:13 +00:00
test
win Bug 1639030 - Part 2: Roll-up of chromium sandbox update and patches to get a running browser. r=bobowen 2020-07-08 12:54:33 +00:00
moz.build Bug 1639030 - Part 2: Roll-up of chromium sandbox update and patches to get a running browser. r=bobowen 2020-07-08 12:54:33 +00:00