I have just landed a patch which changes the "level 1" Windows content process sandbox policy to one which runs the process at a low integrity level from the start. This will hopefully make it into tomorrow's Nightly. (pref: security.sandbox.content.level=1)
Running at low integrity for the whole lifetime of the process wasn't possible before a recent bug fix. It turned out that doing this (instead of dropping to low integrity later in the process) seemed to fix the major blocker to using low integrity. Low is the same integrity level at which Internet Explorer's Protected Mode sandbox runs. I would be grateful if anyone testing e10s on Windows, would also take some time to test with this stronger sandbox policy. Just set the above pref and then restart Firefox, so that the new policy is applied to the content process. If you find any issues caused by this, please file them to block bug 1151767. You can turn on limited sandbox logging to the browser console with the pref: security.sandbox.windows.log This doesn't log all the things that the sandbox might block, but it should log things that we might be able to fix by adding new policy rules. You can filter the output with "Process Sandbox". Please copy (or attach) anything that looks like it might be relevant into the bug. You can also get a stack trace in the log entry with: security.sandbox.windows.log.stackTraceDepth The logging requires a restart, but changing the stack trace depth should not. I hope to change this policy to the default one later this month. Thanks, Bob _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform