Hi Nicholas, I think you've fallen into a mozilla-central pit: some options are not > valid for some products [1]. > > Fennec does not use a multi-process architecture. Therefore, there is no > main process distinct from content processes, and it doesn't make sense to > lock down a content process sandbox. > > I am at the Mozilla all hands right now and have heard talk of making > Fennec multi-process, but I doubt that will happen quickly. Folks more > familiar with the plans, please correct me if I'm wrong about sandboxing > and the future direction >
Interesting, I don't suppose the talk will be put online? It might be an interesting watch! Am I to assume that the reason android is referenced is due to B2G / FirefoxOS? Myself, not being all that familiar with the build system / source code it isn't entirely obvious. Anyway, I hope that Fennec becoming multi-process / using seccomp-bpf becomes standard. As of Android N, new devices should all have seccomp-bpf available via linux-3.10 && AFAIK seccomp will be used in some spots, for example: http://www.tomshardware.com/news/android-n-stagefright-sanitization-sandboxing,31745.html I think it definitely makes sense to get Fennec to join the club ;) [1] Part of the motivation for the configure -> moz.configure rewrite > tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1247781 is to > make options like --enable-content-sandbox per-product. > Ah, I had a look and followed some of the links. thanks! Well, I guess I will have to wait then for that support to appear in some form. Side note: It has still been worthwhile compiling Fennec though. I was able to build it with -fstack-protector-strong, enabled the rust code in the build and removed google play integration (and some other bits) + I am a big fan of the new media player interface (now if we could only switch video quality!). anyway, thanks for the information and if anyone else has anything to add, I would be interested! Jordan
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
