Comment on attachment 9237836
Bug 1725828 - Preload dependencies for the Widevine CDM when sandboxing it on
Linux.
### ESR Uplift Approval Request
* **If this is not a sec:{high,crit} bug, please state case for ESR
consideration**: Widevine EME and H.264 WebRTC may be broken depending on how
Firefox is built.
* **User impact if declined**: This doesn't affect Mozilla's builds and
probably won't affect them for some time, but downstream builds (already on
some Linux distributions, and probably more and more in the future) won't be
able to use the Widevine plugin for EME or OpenH264 for WebRTC.
* **Fix Landed on Version**: 94
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: We just
preload some libraries which are normally already loaded; the patch is small
and should have no effect on builds that weren't affected by this bug (like
Mozilla's).
One alternative is to require downstream distributions to apply the patch
themselves if they intend to build ESR91 with a recent glibc, but as far as I
know there's no good way to communicate that to everyone who needs to hear it,
and failures are likely to result in more bug reports for us.
* **String or UUID changes made by this patch**: none
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1945100
Title:
Widevine violates the sandbox and crashes
Status in Mozilla Firefox:
Fix Released
Status in firefox package in Ubuntu:
Fix Released
Bug description:
I just updated for Impish Indri beta release but Firefox's Widevine
is always crashing. When I disable the GMP sandbox (setting the
environment variable MOZ_DISABLE_GMP_SANDBOX to 1) it works fine. I'm
using Firefox 92.0.1 installed via .deb package.
Here is some console logs showing the violations:
➜ firefox --ProfileManager
Gtk-Message: 09:58:02.539: Failed to load module "appmenu-gtk-module"
###!!! [Child][RunMessage] Error: Channel closing: too late to
send/recv, messages will be lost
Gtk-Message: 09:58:10.435: Failed to load module "appmenu-gtk-module"
Sandbox: attempt to open unexpected file /usr/lib/firefox/librt.so.1
Sandbox: attempt to open unexpected file /lib/x86_64-linux-gnu/librt.so.1
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/tls/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/tls/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/tls/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/x86_64-linux-gnu/tls/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/x86_64-linux-gnu/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/x86_64-linux-gnu/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/tls/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/tls/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/tls/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/tls/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/x86_64-linux-gnu/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/x86_64-linux-gnu/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/glibc-hwcaps/x86-64-v3/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/lib/glibc-hwcaps/x86-64-v2/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/tls/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/tls/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/tls/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/tls/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /lib/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/glibc-hwcaps/x86-64-v3/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/glibc-hwcaps/x86-64-v2/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file
/usr/lib/tls/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/tls/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/tls/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/tls/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/haswell/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/haswell/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/x86_64/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
Sandbox: attempt to open unexpected file /usr/lib/librt.so.1
Sandbox: seccomp sandbox violation: pid 24799, tid 24799, syscall 262, args
4294967196 140721817045120 140721817045312 0 4294967295 140721817045120.
###!!! [Parent][MessageChannel::Call] Error: Channel error: cannot
send/recv
###!!! [Parent][RunMessage] Error: Channel closing: too late to
send/recv, messages will be lost
Sandbox: Unexpected EOF, op 0 flags 00 path /proc/cpuinfo
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1945100/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
