From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »



  • Content Sandboxing
    • bug 1103946 - Changed mach / mochitest option for new more strict policy pref
    • Started looking at virtual cameras for testing capture
    • Spoke to jmaher at the airport over mochitests, looks like we could use subsuite functionality that already exists to run some tests in a separate job with the weaker policy
  • GMP/EME Sandboxing
    • Tested latest version of CDM and seemed to work with sandbox on Windows 7, no need for access to KsecDD
    • CDM gtests don't use WMF; edwin has a patch to use WMF for testing next week.
      • Use WMF on Windows mochitests
      • Use ClearKey (decrypting, non-decoding) CDM on non-Windows mochitests
    • Adobe delivered another CDM build last week. Uses OP.
    • chromium sandbox's DLL unloading list is specified in chrome process, so CDM sandbox can't dynamically unload all non-whitelisted DLLs.
  • Other Windows work


  • Content Sandboxing
    • Experiments with brokering open() et al. for FxOS 2.2
      • Current blocker: breaks on Flame because graphics drivers don't like being passed between processes; will try de-lazifying EGL initialization.
  • GMP/EME Sandboxing
    • No change.
  • Other Linux work
    • Header cleanup and seccomp program building cleanup (JoinInstructions) landed
      • These were two of the blockers for updating security/sandbox/chromium


  • Content Sandboxing
    • adding camera and mic related rules
    • found that there are defined variables which I can use in the sandbox rules scripts, notably the "container" and "home" paths, this should make the rules more elegant than writing those at runtime as we currently do
    • 3–4 weeks to wrap up
    • concerns about the need to access files in write mode from content process, even though they are in "temp" directories: if I block those write accesses, the content process crashes
    • e10s should make more resources accessed by the main process, so the content process can be more tightly restricted
  • GMP/EME Sandboxing
    • bug 1083284: Landed addtional sandox rules to accomodate Adobe's code fragment. Still need to incorporate a version of the code fragment into automated tests.

Round Table