Wed, 2 May 2018 07:15:45 +0200 Landry Breuil <lan...@openbsd.org>
> On Wed, May 02, 2018 at 04:07:51AM +0300, li...@wrant.com wrote:
> >
> > Hi Landry,
> >
> > With the snapshot Build date: 1525207106 - Tue May 1 20:38:26 UTC 2018
> > firefox-60.0beta16 from https://packages.rhaalovely.net/snapshots/amd64
> > it progresses a bit further and aborts with pledge "fattr", syscall 124
> > using promises: 'stdio rpath wpath cpath inet proc exec prot_exec flock
> > ps sendfd recvfd dns vminfo tty drm' results: Abort trap (core dumped).
>
> main process needs fattr & unix to save files here; i added them in
> https://cgit.rhaalovely.net/mozilla-firefox/commit/?h=pledge&id=11f3f89db4c5cf973205c7a7d332ac52c9d70911
>
> For a useful report; reproduce with ktrace -di, and mention/quote the
> end of the trace (ie the syscall that triggers the abord should relate
> to the file it was trying to act upon)
>
Hi Landry,
Succeeds on stat & open places.sqlite, stat places.sqlite-wal & at it
68642 firefox CALL fchmod(37,0644<S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH>)
68642 firefox PLDG fchmod, "fattr", errno 1 Operation not permitted
68642 firefox PSIG SIGABRT SIG_DFL
68642 firefox NAMI "firefox.core"
Patched locally as per your suggestion in the cgit diff the file here
in /usr/local/lib/firefox/browser/defaults/preferences/all-openbsd.js
-pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec
prot_exec flock ps sendfd recvfd dns vminfo tty drm");
+pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec
prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr");
and continuing further testing, thank you very much for the feedback.
Kind regards,
Anton Lazarov
