Security/Sandbox/2015-01-29

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Please use MediaWiki formatting because these etherpad notes will be republished on our public wiki: https://wiki.mozilla.org/Sandbox#Meeting_Notes ______________________________________________________________________________

Standup/Status

Windows

  • Content Sandboxing
    • bug 1104616 - looks like gcp is getting close to having video camera access from the chrome process.
  • GMP/EME Sandboxing
    • bug 1094370 - Landed - GMP processes now using the USER_LOCKDOWN access token level.
    • FYI: EME not going to be fast tracked to 37, so no need to uplift EME patches.
  • NPAPI Sandboxing
    • bug 1123245 - Landed - NPAPI sandbox just using the USER_NON_ADMIN access level token.
    • bug 1126402 - Landed - added a pref to enable a more strict version of this sandbox. Going to change this to integer prefs to allow more levels instead of the boolean ones (bug 1127230).
  • Other Windows work
    • bug 1125865 - Landed - fix to prevent an extra WARNING being logged with each sandbox violation log. This was happening when logging to console wasn't available (GMP / NPAPI).

Linux/B2G

  • Content Sandboxing
    • An “open sandbox” mostly passes try and works locally; need to:
      • Test with different GPUs, maybe (and maybe accelerated layers?)
      • Preferably make xpcshell tests stop running an HTTP server in the child. (Or, failing that, start it earlier.)
      • (Side note: content process audio is difficult.)
    • Did some fact-finding re getting an actual sandbox on desktop, w.r.t. things that access files directly.
  • GMP/EME Sandboxing
    • bug 1120045 landed and old Linuxes no longer have OpenH264.
      • TODO: consider uplift
  • Other Linux work
    • <input type="file"> patch landed.
    • jar:http: has run aground on a shoal of bikesheds; could disable tests for B2G.


Mac

  • Other Mac work
    • Mic access was not working in e10s with the sources I used, a few days ago pulled again from m-c and it works in e10s, but not when enabling the sandbox. Nothing appears in logs related to a denied access to a resource, so investigation on this is a bit harder than others.
    • take into account different levels of sandbox. 0 should allow mic to work.


Chromium

  • bug 1102195 - update to chromium code - just started looking at this.

Round Table

  • blassey on PTO next week.
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2015-01-29&oldid=1057437"