[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] On second thought, SysV shm needs to be allowed.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [sandboxed-tor-browser/master] On second thought, SysV shm needs to be allowed.
From: yawning@xxxxxxxxxxxxxx
Date: Tue, 6 Dec 2016 19:32:52 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Dec 2016 14:33:03 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit ca358583844a1689b21a5cc2b419cd7172431756
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Tue Dec 6 19:31:32 2016 +0000

    On second thought, SysV shm needs to be allowed.
    
    Firefox works without this, but it's probably unhappy under the hood.
    If Firefox on Ubuntu uses MIT-SHM without querying the X server to see
    if the extension is supported, it's Firefox/Ubuntu's problem, not mine.
---
 src/cmd/gen-seccomp/seccomp_firefox.go | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go
index 33a3048..a1a9f0a 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -121,14 +121,10 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error {
 		"mremap",
 		"munmap",
 
-		// `MIT-SHM` doesn't work, and there's workarounds to try
-		// to prevent firefox from making such calls.  It doesn't appear
-		// to always ask (noticed on Ubuntu), so fail the calls entirely.
-		//
-		// "shmdt",
-		// "shmat",
-		// "shmctl",
-		// "shmget",
+		"shmdt",
+		"shmat",
+		"shmctl",
+		"shmget",
 
 		"alarm",
 		"execve",

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [sandboxed-tor-browser/master] Don't use control ports that aren't on the loopback interface.
Next by Author: [tor-commits] [sandboxed-tor-browser/master] Recreate the Caches directory if missing.
Previous by thread: [tor-commits] [sandboxed-tor-browser/master] Remove the SysV SHM calls from the seccomp whtielist.
Next by thread: [tor-commits] [stem/master] Base files tests ignore on our .gitignore
Index(es):
- Author
- Thread