[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] Allow MADV_FREE in the firefox seccomp profile.



commit cc3ef2d64be2b7a99b4bfcbc44f6eb64c079bf1b
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Sat Dec 10 10:15:23 2016 +0000

    Allow MADV_FREE in the firefox seccomp profile.
    
    The content process sandbox allows this.  Fairly sure the system Tor
    Browser is being built on, doesn't have it so this *should* just be
    forward thinking.
---
 src/cmd/gen-seccomp/seccomp_firefox.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go
index 03ed1fb..b47e35b 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -244,7 +244,7 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error {
 		return err
 	}
 
-	if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed); err != nil {
+	if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed, madvFree); err != nil {
 		return err
 	}
 	if err = allowCmpEq(f, "ioctl", 1, fionread, tcgets, tiocgpgrp); err != nil {

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits