- bug 742434 - [landed] enable seccomp on Linux desktop nightly - landed in mc today, this is the last bug of sblc1 milestone
- example crash report due to seccomp: https://crash-stats.mozilla.com/search/?product=Firefox&reason=~SIGSYS&_sort=-date&_facets=signat
- bug 1284912 - [new] performance regression in a single test due to seccomp
- bug 1284452 - [landed] add sys_getrandom to seccomp whitelist - added rust stuff uses getrandom() (thanks gcp)
- bug 1284458 - [new] nsPluginHost::GetPluginTempDir should return a sandbox writeable temp - looking into patches from haik in bug 1270018
- bug 1270018 - NS_APP_CONTENT_PROCESS_TEMP_DIR should only return the sandbox writeable temp - ready to land, sorting out test failure
- bug 1274540 - Record sandboxing status in crash reports - will have patch up today hopefully
- bug 1284291 - Add the 'com.apple.fonts' service to the sandbox profile. - working on getting macOS Sierra VM
- bug 1252877 - Add support for taking plugin window captures at the start of a scroll - patches pretty much ready for review
- bug 1280159 - Page Setup Margin Widths use Millimeters Instead of Inches (for paper Legal US e.g.) - landed and uplifted to beta
- bug 1273765 - Crash in mozilla::gfx::RecordedSetTransform::PlayEvent - being caused by an invalid cairo surface during print, need to find out why. Also possibly need to look into handling these sorts of problems instead of crashing.
- Landed seccompf enable
- bug 1284240 Telemetry for seccomp-bpf support looks faulty
- Module ownership/peer changes
- divide linux milestones into smaller chunks?
- sblc1: getting seccomp on nightly
- sblc2: remove/restrict read file system access
- sblc3: remove/restrict write file system access
- sblc4: remove/restrict socket access + X11
- slbc5: use chroot & user namespaces
- x11 restrictions milestone?
- sbmc1: added 1284588 OS X: Disable content process write access to user files in the home directory