Re: Linux content sandbox tightened

2016-10-11 Thread Gian-Carlo Pascutto
On 11-10-16 03:00, Gerald Squelart wrote: > It seems this tightening is now preventing us from using ALSA: > https://bugzilla.mozilla.org/show_bug.cgi?id=1247056#c167 > > Coincidentally, we have just disabled ALSA by default, but the code > is still there and can be enable in builds, so it'd be n

Re: Linux content sandbox tightened

2016-10-10 Thread Gerald Squelart
On Friday, October 7, 2016 at 6:49:53 PM UTC+11, Gian-Carlo Pascutto wrote: > Hi all, > > the next Nightly build will have a significantly tightened Linux > sandbox. Writes are no longer allowed except to shared memory (for IPC), > and to the system TMPDIR (and we're eventually going to get rid of

Re: Linux content sandbox tightened

2016-10-07 Thread Gian-Carlo Pascutto
On 07-10-16 20:47, Daniel Holbert wrote: > On 10/07/2016 12:49 AM, Gian-Carlo Pascutto wrote: >> This behavior can be controlled via a pref: >> pref("security.sandbox.content.level", 2); >> >> Reverting this to 1 goes back to the previous behavior > > Warning: don't actually try to revert this to

Re: Linux content sandbox tightened

2016-10-07 Thread Daniel Holbert
On 10/07/2016 12:49 AM, Gian-Carlo Pascutto wrote: > This behavior can be controlled via a pref: > pref("security.sandbox.content.level", 2); > > Reverting this to 1 goes back to the previous behavior Warning: don't actually try to revert this to 1, just yet -- at the moment, that triggers startu

Re: Linux content sandbox tightened

2016-10-07 Thread Jason Duell
Never mind--file:// only does reads. Haven't had my coffee yet this morning :) Jason On Fri, Oct 7, 2016 at 10:13 AM, Jason Duell wrote: > It sounds like this is going to break all file:// URI accesses until we > finish implementing e10s support for them: > > https://bugzilla.mozilla.org/sho

Re: Linux content sandbox tightened

2016-10-07 Thread Jason Duell
It sounds like this is going to break all file:// URI accesses until we finish implementing e10s support for them: https://bugzilla.mozilla.org/show_bug.cgi?id=922481 That may be more bustage on nightly than is acceptable? Jason On Fri, Oct 7, 2016 at 9:49 AM, Gian-Carlo Pascutto wrote: >

Linux content sandbox tightened

2016-10-07 Thread Gian-Carlo Pascutto
Hi all, the next Nightly build will have a significantly tightened Linux sandbox. Writes are no longer allowed except to shared memory (for IPC), and to the system TMPDIR (and we're eventually going to get rid of the latter, perhaps with an intermediate step to a Firefox-content-specific tmpdir).