Landry Breuil <lan...@openbsd.org> writes: > On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote: > > <snip> > >> These patches are being tracked upstream and landry@ will help to >> get them integrated once they are stable, although this review >> process may take a while and it will probably take a while before >> they reach a mainline release: >> >> - sandbox GPU process on OpenBSD with pledge(): >> https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268 >> >> - enhance sandbox on OpenBSD with unveil(): >> https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271 >> >> As for testing, please try all of your normal Firefox usage as >> everything should still work. I've tested all of these things: >> >> - Launching with an existing profile or letting it create a new one >> in ~/.mozilla >> - Basic multi-tabbed and multi-window browsing >> - Add-ons (Bitwarden, uBlock Origin, Tunnelbear VPN, etc.) >> - Playing a YouTube video with sound >> - Webcam access >> - Accelerated graphics with MOZ_ACCELERATED=3D1 (verifying >> about:support shows HW_COMPOSITING enabled and detailed GPU #1 >> info), viewing some WebGL benchmark sites >> - File->Open, can only view ~/Downloads (this is the main process) >> - When a file is selected, it is able to be opened as a file:// >> URL (this is a content process reading it) >> - When uploading a file, only ~/Downloads can be seen (or a >> read-only directory like ~/Photos specifically added to the >> security.sandbox.unveil.main list) >> - Executing a 3rd party app via GIO/XDG such as mupdf for opening >> PDFs >> - Executing a 3rd party app from ~/.mailcap such as xpdf for PDFs >> - Printing via CUPS > > Everyone using firefox should definitely add its own usecases on top and > test this. The idea is to refine the paths list until we have something > we're confident with, then defaults will be pushed upstream. In the > meantime, we'll work with upstream to get the plumbing/logic commited, > as it can be done independentely from the paths list. > > If ppl have a hard time building with the patches, my beta pkgs for 70 > available as usual at https://packages.rhaalovely.net/snapshots/amd64/ > have some variation of the patches built from this git branch: > https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil > I will keep this git branch updated with the patches posted upstream at > https://bugzilla.mozilla.org/show_bug.cgi?id=1580268 & > https://bugzilla.mozilla.org/show_bug.cgi?id=1580271 > > Many thanks jcs@ for working on this, and i hope to get them > tested/polished enough by november so that it can get commited around > p2k19. > > Landry
Firefox fails to start after replacing the "stock version": firefox[22060]: pledge "tty", syscall 54 tmy@asteroid tmy $ firefox IPDL protocol error: main: unveil($XDG_CACHE_HOME/dconf, rwc) failed: 2 Segmentation fault (core dumped) tmy@asteroid tmy $ echo $XDG_CACHE_HOME tmy@asteroid tmy $ timo