Security/Sandbox/2015-02-19

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Bob still on PTO.

Linux/B2G

  • Content Sandboxing
    • no change on bug 1129492 X11 connection in content sandbox
  • GMP/EME Sandboxing
    • Working locally: network namespace and chroot isolation for media plugins (requiring unprivileged user namespaces) without the unsafe syscall proxy patch. Needs: comments, tests, cleanup, etc. Chroot part should be reusable for B2G content when it's ready.
  • Other Linux work
    • Upstreaming PR_DuplicateEnvironment to NSPR (prereq for using pid namespaces) in progress.

Mac

  • Content Sandboxing
    • fixed printing on 10.10
    • open pdf in preview still broken in 10.10 (works in previous oses), but no msg in logs, so may be harder to fix
    • set default setting of "security.sandbox.macos.content.moreStrict" to 1
    • We decided that the content process sandbox shouldn't follow the trains, at least for now. e10s doesn't either.