Hi Ehsan, If we want to dig deeper, let's fork off another thread, but it sounds like there's two action items here:
1) Fix https://bugzilla.mozilla.org/show_bug.cgi?id=1345046 2) Better document how to disable the sandbox for debugging -- where would you expect to find docs on this, https://wiki.mozilla.org/Security/Sandbox, somewhere else? Cheers, Alex On Tue, May 9, 2017 at 10:49 AM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: > Hi Alex, > > Apologies for hijacking the thread, but since you asked, right now > debugging mochitest that you want to get some logging out of with a > sandboxed content process is super painful. I last hit it when I was > debugging a memory leak which typically requires getting refcount leak logs > and it took me quite a while to find the wiki page that describes the pref > that I needed to set in order to turn off the sandbox so that any logging > in the content process would be able to write to a log file (and I couldn't > even find it again to include a link to the wiki page here once again!). > > I thought I'd mention it since you were asking about stuff that can be > painful when debugging test failures with sandboxed content processes. :-) > > Thanks, > > Ehsan > > > > On 05/08/2017 01:26 PM, Alex Gaynor wrote: > >> Hi dev-platform, >> >> Top-line question: Do you rely on being able to run mochitests from a >> packaged build (`--appname`)? >> >> Context: >> >> The sandboxing team has been hard at work making the content process >> sandbox as restrictive as possible. Our latest focus is removing file >> read >> permissions from content processes -- the sandbox's value is pretty >> limited >> if a compromised content process can ship all your files off by itself! >> >> One of the things we've discovered in the process of developing these >> patches is that they break running mochitest on packaged firefox builds >> (this is the `--appname` flag to mochitest)! `try` doesn't appear to use >> this, and none of us use it in our development workflows, but we wanted to >> check in with dev-platform and see if we were going to be breaking >> people's >> development flows! While these restrictions are not on by default yet, >> once >> they are you'd only be able to run tests on packaged builds by disabling >> the sandbox. If this is a fundamental part of lots of folks' workflows >> we'll dig into whether there's a way to keep this working. >> >> Happy Monday! >> Alex >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
