All,
We have now enabled seccomp on emulator builds. Seccomp is a security mechanism
which works by enforcing a whitelist of allowable system calls on a per-process
basis. This will mainly be of interest for developers working on Gecko, as
Seccomp will currently enforce a whitelist of allowable system calls for b2g
child processes. See [1] for the current whitelist, but note that work is
underway to further tighten this list in future releases (on a per syscall
basis as indicated in this file) to make it an effective security control.
There has been extensive testing on devices and emulator to avoid seccomp
related regressions. That said, its possible that existing tests miss edge
cases, and future code may inadvertently cause seccomp errors. Seccomp
(sandbox) errors are clearly marked in logcat like this:
E/Sandbox ( 2013): seccomp sandbox violation: pid 2013, syscall 157, args
0 0 1 0 5 10000. Killing process.
If you see any errors like this, please raise a bug that blocks bug 929277.
Further details on seccomp can be found see [2].
Any questions, either ask here, or come join #boxing on irc.mozilla.org.
Thanks,
Paul
Paul Theriault
Security Manager, Firefox OS
[1]
http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/seccomp_filter.h
[2] https://wiki.mozilla.org/Security/Sandbox/Seccomp
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
