Hi everybody, during the last couple of month, the sandboxing team worked on getting our seccomp whitelist to a state that allowed us to enable seccomp on nightly for Linux desktop users.
Our current sandboxing efforts can be tracked through the wiki at: https://wiki.mozilla.org/Security/Sandbox https://wiki.mozilla.org/Security/Sandbox/Milestones Yesterday, the last bug was resolved which blocked us from enabling it. I am writing to this mailing list to let you know that we will enable seccomp on nightly for Linux desktop today or tomorrow. (Bug 742434, patches are currently on inbound) We performed a lot of tests throughout the last couple of month to keep the breakage to a minimum, however, we can't test all possible edge cases and hope to find out more about possible breakage by enabling it on nightly. It is important to keep in mind that the current sandbox state is only a very minor improvement, the whitelist contains a lot of potentially dangerous system calls (for example sys_open). But before we start to work on tightening the whitelist we first need to see if it even works in the current state without crashing Firefox. If you encounter a crash that may be due to seccomp, please file a bug in bugzilla and block Bug 1280415, we use it to track issues experienced on nightly. While we work on fixing the issue, it is also possible to disable seccomp again by setting security.sandbox.content.level = 0 in about:config. This way everything should be back to normal. You can also join #boxing on IRC if you have any questions. Thanks Julian _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
