Hi Jordan, On Wed, Jun 15, 2016 at 10:43 PM, Jordan Johnston <johnstonljor...@gmail.com > wrote:
> Hi, > > I am interesting in testing out firefox for android + seccomp-bpf > sandboxing. I'm running a custom rom which has seccomp-bpf support in the > kernel (backported to linux-3.4) and /system/lib/libseccomp.so (built as a > shared library for other reasons). My development environment should be > fine, as I can build AOSP/CM, android apps, have android-sdk and > android-ndks, android-studio, etc.. > > I have successfully built fennec-50.0 from source code, using the > instructions found here: > > > https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_for_Android_build > > I've tried both the bootstrap script and/or using my installed SDK/NDK and > have ended up with working builds of Fennec. (although, I prefer to use my > system installed android-ndk/sdk). > > Now the problem: When I try to build Fennec with the sandboxing enabled ( > --enable-content-sandbox ), the build fails. The sandbox enabled build > fails here: > I think you've fallen into a mozilla-central pit: some options are not valid for some products [1]. Fennec does not use a multi-process architecture. Therefore, there is no main process distinct from content processes, and it doesn't make sense to lock down a content process sandbox. I am at the Mozilla all hands right now and have heard talk of making Fennec multi-process, but I doubt that will happen quickly. Folks more familiar with the plans, please correct me if I'm wrong about sandboxing and the future direction. Best, Nick [1] Part of the motivation for the configure -> moz.configure rewrite tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1247781 is to make options like --enable-content-sandbox per-product.
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
