Security/Sandbox/2017-04-06

bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess
- Happening because of chromium update and patch to chromium sandbox for other bug.
- Problem with update process that sometimes means the old firefox binary is running with new libraries.
bug 1329294 - Windows content temp dir not in LocalLow for parent on new profile
- Realised this was to do with new profile and the GPU process on related bug.
- Fix backed out as my assertion was triggered in browser refresh test.
- Waiting for advice from bsmedberg.
bug 1344465 - Can't submit form using post method form WebExtensions or file:// page
- Making progress on this trying to align our behaviour with chrome's a bit, as far as what pages load in the same process as the file:// URI page.

WONTFIXed a bunch of B2G stuff (and salvaged or at least commented on some of it)
Commented on some other bugs
Found the missing telemetry: “Don't Sanitize”
- Syscalls found:
  - Aurora/amd64: chdir, newfstatat, inotify_init
  - Aurora/i386: msgsnd (SysV message queues)
  - Nightly/amd64: utime, newfstatat, inotify_init
  - Nightly/i386: mknod (maybe mkfifo?)
- …I need to file some bugs.
- Stacks would help; bug 1209131 may be relevant.
- Volume seems to be low, but needs more investigation.

bug 1334550 - Proxy moz-extension protocol requests to the parent process
- Got green try run
- Found new problem need to resolve when new content processes startup

bug 1348269 - Improved logging if we fail to spawn a sandboxed process on Windows
bug 1353040 - Moved the macOS sandbox policy from using string interpolation to explicit parameters

roundtable