Security/Sandbox/Standups

From MozillaWiki
Jump to: navigation, search


7 August 2014

Standup/status

  • Windows sandboxing
    • GMP/EME
      • Talked with cpearce. He'd like me to make the patch in bug Bug 1027902 work with his EME changes, so I've started doing that (updated patch available). Fixed the `CreateEvent` issue but now we're getting "access denied" when trying to load the plugin DLL, even though we add a policy exception for that file path.
    • Logging
      • Bug 1018966 - Warn only sandbox - patches uploaded, waiting for reviews from bsmedberg.
  • Linux/B2G
    • Jed at defcon
  • Mac
    • Very close to having a landable patch. Andre's sandbox ruleset is much better, so we've decided to use that. Hopefully will be able to start the review process later today, and land on trunk today or tomorrow. The rules are tight, and EME plugins are likely to break against them. But we currently have no EME plugins to test with, so we'll wait for the various vendors to exercise due diligence and contact us with problems.

Round table

  • Do we know what security requirements we have for the GMP sandbox? What types of patches will we need to uplift? Which ones can wait and ride the trains? What about EME?

Actions


31 July 2014

Standup/status

  • Windows sandboxing
    • OpenH264
      • Patch for lowering permissions on GMP sandbox has r+ (with comments). Will address comments by EOW. :cpearce is working through issues that this patch causes for EME, but he's supportive of the changes since they represent much better security for plugins
      • Test failures for other apps (SeaMonkey - bug 1040939, Thunderbird, Firefox OS Simulator on Windows - bug 1045533) caused by patch in bug 985252 resolved by their respective engineers
    • Logging
      • Bug 1018966 - Warn only sandbox - failing on Windows XP, because it was trying to load dbghelp.dll and couldn't resolve SymGetSearchPathW, so adding DELAYLOAD_DLLS for dbghelp.dll to the sandboxbroker.dll and plugin-container.exe seems to fix this.
  • Linux/B2G
    • GMP sandboxing got backed out for bustage on LSan builds. Investigating.
      • Bugs: 1046538, 1046539, 1046541
    • Seccomp on the last of the B2G KitKats to not have it: have patches.
      • Bug: 1046525
    • Yet more B2G 2.0 bustage from our friends at Qualcomm QA. Patch out for review.
      • Bug: 1046210
    • Also someone reported breakage on Flame (mremap, apparently) but didn't file a bug yet.
  • Mac sandboxing
    • Steven has updated his patch to current trunk. Andre is working on tightening up its sandboxing rules.
    • Steven tried but failed to increase the number of testcases available (by updating Josh Aas's patch from bug 957928 comment #32). Chris Pearce and others are working on a GMP plugin that could be used to test EME code, but that won't be ready for a while. In the meantime, Brad suggested, why don't we just land what we have? Steven will try to get this done.
    • How about EME plugins? Brad suggested that they will need more access than the OpenH264 plugin (for example to uniquely identify the particular machine they're running on). For the Mac, we'll probably have to loosen our rules, which are already quite restrictive.

Round table

Actions

  • Tim to follow up with :cpearce to see if I can help out with EME sandboxing on Windows

24 July 2014

Standup/status

  • Windows sandboxing
    • OpenH264
      • Worked on lowering permissions for GMP sandbox: Made a patch that restricts all file access except for allowing read-only access to whichever plugin DLL the gmp process needs to load, uses USER_RESTRICTED_SAME_ACCESS token while initializing process but then switches to USER_LOCKDOWN, and sets process integrity to low before initializing the process (which enables UIPI) instead of waiting until we call `LowerToken`
    • Logging
      • Bug 1018966 - Warn only sandbox - made changes after bug 985252, tests failing on WIndows XP on try when run without --enable-content-sandbox, haven't got to the bottom of it yet.
      • Bug 1040059 - Registry access reporting not working - it appears to be the NtOpenKey(Ex) intercepts that cause the crash in ntdll.dll. If I comment those out the NtCreateKey one works fine. Can't see any obvious differences with Chromium code, so I've built Chromium and initially it looks like the intercepts work.
    • Content processes
      • Bug 1018988 - Temp directory - I'll upload the list of temp files used during the mochitests after the meeting - here we go Bug 1043470.
      • New bug 1042735 - for the registry access in test_dataChannel_basicAudio.htm - gcp is looking at it.
  • Linux/B2G
    • Good news: est. 5% of Linux desktop users don't have seccomp-bpf
      • And ⅓-½ of those are on unsupported distro versions
      • So that might be enough coverage to require it?
    • Also: 60% (as of Fx 30) have user namespaces → can use setuid sandbox w/o actual setuid root executable.
    • OpenH264 sandboxing just needs build peer review.
    • Have patches to separate sandbox into its own .so, to be able to import more Chromium code.
      • e.g., the file open broker, unsafe warn-only mode, setuid sandbox, …
  • Mac sandboxing
    • Steven is working on starting the sandbox from GMPChild::OnChannelConnected(), instead of from GMPChild:Init(), as we're doing on other platforms. This way IPC setup is guaranteed to be finished. He has a working patch, but it needs refinement and testing.

Round table

  • what signal gets sent when we violate the sandbox (the idea is we want to crash on sandbox violations, and have Breakpad produce stack traces).
    • Linux/B2G: SIGSYS, and crash reporter integration is already there
    • Mac: It's not SIGSYS. As best I can tell, we receive no notification at all.

Actions

17 July 2014

Standup/status

  • Windows sandboxing
    • OpenH264
      • Landed bug 985252 - sandboxing is now enabled for GMP processes. Next step is to ratchet down permissions so that sandbox is more effective
    • Logging
      • Bug 1018966 - Warn only sandbox progressing. r+s from Tim, waiting for approval of the chromium changes from someone with context from earlier in the sandboxing project. Might need a bit of re-work now that bug 985252 has landed.
      • Bug 1040059 - Registry access reporting not working, that appears to be the problem for mochitest-3. It's trying to access keys like HKLM\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager.
    • Content processes
      • Bug 1018988 - Temp directory, has moved forward. As hoped mochitests 2, 4 and 5 pass for win 7 and 8. Moved the getting of the temporary directory into the directory service. Also thinking of adding a guid suffix to the directory name?
    • Bug 1035275 -Imported Chromium code under security/sandbox that is not being compiled - landed.
  • Mac sandboxing
    • With Andre's first (very simple) patch, the sandbox process dies shortly after creation. We'll need to figure out why. It took us a while to realize this because we didn't have adequate instructions on how to use our only testcase.
  • Linux/B2G sandboxing
    • Problem: can we depend on having seccomp-bpf on desktop Linux? https://bugzilla.mozilla.org/show_bug.cgi?id=1039819
    • OpenH264 is mostly done but should be tested on an older distribution.
      • Q: Is there a test case that I can run in a camera-less VM?
    • Good news, maybe: buildbot tests apparently use Ubuntu 12.04, so seccomp-bpf works there.
    • Desktop content process sandboxing is somewhat less broken — it will build and not immediately fail.

Round table

Actions

  • Tim to enumerate what is possible and what is restricted given current GMP sandbox on Windows; provide info to mreavy,blassey so they can decide whether further ratcheting down of permissions should be uplifted or just ride the trains
  • Bob to get a list of temporary files being created by the mochitests.
  • Steven to investigate cpearce's and josh's test cases
  • Jed to email {blassey, gal, jjensen, johnath} about metrics for bug 1039819


10 July 2014

  • Windows sandboxing
    • Tim was out Fri-Wed (today is first day back)
    • OpenH264
      • No review comments received yet on the new patch in bug 985252 (will ping :bent today)
    • Logging
      • Bug 1018966 Warn Only Sandbox: r- due to changes to Chromium code. I have worked around some of these and have an r+ on the first patch. There are still some changes to Chromium code to add the logging statements, but I have isolated those into their own patch and uploaded a backout patch as well.
    • Content process
      • Bug 1018988 Low integrity temp directory: I have a very rough patch that gets the AppData\LocalLow directory appends MozTemp to it and replaces the cached directory in the Directory Service. Tests passing locally that create temporary files in this location. Try push running.
    • Bug 1035275 -Imported Chromium code under security/sandbox that is not being compiled.
  • Mac sandboxing
  • Linux/B2G sandboxing

Round table

Testing OpenH264:

Content process sandboxing starts here:

  • Can we move this to be a sub-heading of the OS headings up above?

Actions


3 July 2014

  • Windows sandboxing
    • Implementing review comments for bug 985252 (Windows gmp/OpenH264 sandbox). Running into issues with process shutdown when the GMP process has already terminated
    • Logging
      • Warn only sandbox - Fixed linking problem to get round the fact that sandbox_s library is linked in twice. Going to seek reviews.
    • Content process
      • Started looking at Bug 1018988 - to set temporary dir after lowering the token.
  • Mac sandboxing
    • Scoped out mac sandboxing
    • Hoping André will do most of the actual work and smichaud will help when needed
    • Seems more appropriate to use BSD style sandboxing
  • Linux/B2G sandboxing

Round table

  • Where are we with sandboxing for OpenH264 on each platform?
    • Windows: 85% confident in Fx33
    • Mac: unknown
    • Linux: need bent's review for jesup's shared memory patch
    • B2G: N/A

Testing OpenH264:


Content process sandboxing starts here:

Actions

  • blassey to get a sandboxing component and module
  • jld to verify that the Linux plugin can just be downloaded now

26 June 2014

  • Windows sandboxing
    • Landed patch for bug 1014002: Caused tests to fail when sandboxing enabled on Windows. Blocked both gmp/OpenH264 and content process sandboxing
    • Implementing review comments for bug 985252 (Windows gmp/OpenH264 sandbox). Should have updated patch for review by EOW
    • Continuing to investigate follow-up issues (ratcheting down permissions)
    • Logging
      • Warn only sandbox now compiling (using callbacks instead of linking) and running on Try. Unfortunately still using a pretty nasty hack to get the function pointers for the callbacks into the interception code.
      • Bug 1018966
  • Mac sandboxing
  • Linux/B2G sandboxing

19 June 2014

OpenH264:

  • Windows sandboxing
    • Got review comments today for bug 985252 (Windows gmp sandbox); will implement and re-request review
    • No comment from reviewer in bug 1014002 (blocks gmp sandboxing on Windows); requested June 9th, pinged June 18th
    • Continuing to investigate follow-up issues (ratcheting down permissions)
    • Logging
      • bob having problem with linking sandboxing dll
      • blassey suggests talking to randall barker in #mobile or glandium/gps
  • Mac sandboxing
    • Still waiting on a promise from rstrong about who can run point on this
      • rstrong responded (though he's still out sick) -- we have Andre starting Tuesday with smichaud helping with design and review
    • FYI - rstrong is out with the flu (you probably already knew that) (no, thanks! explains why I didn't hear back when I expected. Hope he feels better soon!)
  • Linux/B2G sandboxing
    • The Chromium open broker was hacked into sort-of-working on B2G; many content-process open()s were filed as bugs. See https://bugzilla.mozilla.org/show_bug.cgi?id=930258
      • Basic functionality was working without whitelisting any syscalls that take pathnames.
    • Question: is anyone looking into building an ioctl whitelist?
      • As in the "cmd" argument. It's been an array-overflow vector in the past, and it can prevent access to vulnerable driver functionality that's not needed (especially if we can't filter open()).
    • B2G IPC doc (incomplete) https://wiki.mozilla.org/User:Tedd/ipc-doc-preview
      • It's an overview of how it generally works
      • next, we will add documentation about how to enforce security settings
      • what are the current security enforcements

12 June 2014

OpenH264:

  • Windows sandboxing
    • Patch posted for bug 1014002 (blocks gmp sandboxing on Windows)
    • Patch in bug 985252 (Windows gmp sandbox) to receive second review
    • Currently investigating follow-up issues (ratcheting down permissions)
    • Logging
      • Bob Owen working on this; working to get it into automation
  • Mac sandboxing
    • Maire and Sid still looking for an owner
  • Linux sandboxing

Not OpenH264:

  • Linux/B2G:
    • Open (parallel approach to the broker solution): working to implement it in seccomp (loading a whitelist, mprotecting it, hooking open calls)
    • Kernel support landed for Flame; waiting on upstream for Dolphin
    • The Chromium open() broker compiles, but hasn't been glued in yet; if it works, it could take care of the known non-Gecko cases.
    • Looking at selinux for quicker fix if we can't get what we need in seccomp right away

Google meeting summary

  • Lots of people (19 or so)
  • discussed open problem, they used the broker but are looking into the mprotect hack and are happy to collaborate with us on our approach
  • for media plugins they want to use NaCl, wanted us to implement NaCl too.  :(
  • IPC: google does ipc a bit differently. Julien (intern) is looking into it. We have races in the IPC mechanism, it is slow and complicated. We are interested to see what they have improved in chromium
  • plan to do a quarterly meeting like this for more collaboration (and they're interested in e10s)


29 may 2014

OpenH264:

  • Windows sandboxing
    • Posted to dev-platform about building sandboxing code. No issues raised so far.
    • Updated patch for bug 985252 awaiting review
      • Build test failures (intermittent orange turned permaorange) no longer occur with newest patch
      • Newest patch implements env variable for disabling sandboxing of GMP processes
    • To do
      • Investigate/fix bug 1014002 which blocks bug 985252
      • After landing bug 985252, file and implement followup bugs for ratcheting down security of gmp process sandbox (might use bug 1011491 as tracking bug for GMP and content process sandbox policies)
    • Logging:
      • Bobowen is still working on getting violation logging set up for TBPL (and then during local runs without needing procmon)
  • Mac sandboxing
    • Maybe smichaud?
  • Linux sandboxing
    • Still looking for someone to own this. Maybe jld?
    • Maire will ask cpearce what the eme extension needs (permissions-wise) for the linux sandbox

B2G:

  • Julian Hector (:tedd) Firefox OS Security intern (hi!)
  • Status with open() on B2G (again)
    • Kang reaching out to google folks to learn how they do OPEN locking-down
    • arroway on PTO, no update (need to figure out where to go with this)
  • Coming soon: seccomp on N4/N5
  • (Flame seccomp depends on Flame kernel/boot.img build, which is still waiting on a bunch of reviews & questions of how to keep our Gonk from diverging from T2M's.)
    • …although the boot.img is redistributable. (Bug: 1004195)
  • We put GL proxying/remoting aside for a while because it is a huge task. But we still want it.
  • Filed bug 1017393: Identify system call rejected by seccomp sandbox more clearly in crash report.

22 may 2014

OpenH264:

  • Windows sandboxing - patch got f+, working on review comments. To do: 1) Investigate build test failures with gmp-sandbox patch. 2) Post to dev-platform about building sandboxing code. 3) Implement some combination of build flags and prefs that make sense for enabling/disabling sandboxing of content and gmp processes. 4) (after landing initial patch) Followup bugs for ratcheting down security of gmp process sandbox
  • Mac sandboxing - New bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1012949 Smichaud is taking the lead on investigation thus far. Good discussions happening there.
  • Linux sandboxing - New bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1012951 No discussion yet. Karlt may be available for this soon - Maire is confirming. In the meantime, will be looking to Ekr to get the initial work jumpstarted.
  • Hoping the same guys can then work on EME sandboxing. New bugs for EME work will be opening soon; initially they will just be placeholders until folks are available to start this work (after OpenH264 sandboxing).
  • GMP = Gecko Media Plugins : https://bugzilla.mozilla.org/show_bug.cgi?id=957928 More info: https://wiki.mozilla.org/GeckoMediaPlugins

Linux/B2G:

OPEN:

  • not very far yet
  • another library skia in gecko makes use of open() and we can't modify it
    • What does Chromium do, since they use the same code?
      • Reach out to Google to find out (Sid to follow up? - Maire will ping him)
      • NOTE: Chromium makes calls to GL in a separate process which is a win from a security perspective but can hurt performance -- This may affect how much we can model what Chromium does (its the GL proxy)


15 may 2014

Linux:

  • Maire is going to try and find some more help for LInux and Mac
  • We need good measurements about perf implications of ipdl
  • We need a file access story (OPEN).

Windows

  • Tim is queued up for this after the h264 stuff

OpenH264

  • (fx32/33 targetted for support of h264 on desktop for all major desktop platforms)
  • File access on linux may be more complicated due to the difference in framework
  • On windows, very close. Intermittent orange that goes permaorange with tim's patch
  • [tim] Also (forgot to mention) we're setting security token to USER_RESTRICTED_SAME_ACCESS but we should be able to lock down even further (USER_LOCKDOWN). We'll land as is but as a follow-up should investigate why anything lower than USER_RESTRICTED_SAME_ACCESS causes problems with IPC

B2G:

  • still working on the OPEN problem
    • Will need a good solution here for desktop linux for EME etc. (Good file access controls where we can whitelist specfic files)
  • open performance issues with libgenlock and remoting https://bugzilla.mozilla.org/show_bug.cgi?id=980924


8 May 2014 B2G:


1 May 2014 Windows:

  • gm plugin sandboxing on windows is posted (job restricted, integrity untrusted, alternate desktop and diff windows station)
    • But required user-interactive token due to IPC.
    • This token requirement could be fixed later
    • gm plugin is creating a ton of threads. (with h264 plugin)
  • Next: enable sandboxing for other platforms

B2G

  • Updated chromium-sandbox to new version
  • arroway is out
  • still working on direction for the open stuff.. binders?
    • waiting for update from arroway


24 April 2014 B2G

  • jld: patch to get gclogging sandbox clean, making a bit of progress
  • binder use: see dev-sandbox
    • gets us speed (faster than IPDL)
    • only usable in B2G (due to it being only in android)
    • kang suggests we use a lightweight socket (improving IPDL is also an option, IMO)
    • (arroway) will keep trying to figure out what to use for low-level IPC that's not IPDL
    • (pauljt) will bring it up with B2G leadership to see if there's any previous thought on this)
    • For trying to make IPC faster: file bug, needinfo?(:bent)


Windows:

  • Tim is out

Extra:

  • jld has x86 kitkat emulator working in sandbox for tests, ready for when there's x86 B2G TBPL runs
  • pauljt: seccomp not enabled for jellybean, but the current plan is to put gecko 1.4 and 2.0 onto jellybean (no sandbox). kang and pauljt trying to figure out how to change that.

Action items:

  • [vidyo, inc]: fix your broken client


17 April 2014

B2G

  • open stuff is still complicated
    • The chromium sandbox doesn't filter open (probably for the same reasons that we are finding it complicated)
  • we are wondering what we can do to make IPDL faster (we may make heavy use of it in sandbox)
  • libgenlock is using the open syscall frequently, if we turn off open it becomes an issue (this is perf critical)
  • may have to use binder to lock down open, but may be more error prone
    • If so… how is binder different from `SCM_RIGHTS`?

Windows (openh264)

  • Tim spent a lot of the week trying to get it to build
    • Looks like it will be pretty simple to get the sandbox applied to the process for openh264
    • expects a patch by the end of next week for this
  • Integrity levels: we've started to use "low" instead of untrusted
    • you can't create D3D device connections from untrusted processes
    • Chrome proxies GPU stuff through a GPU process that's got a higher level than the content process
    • IE just uses "low"

Extra:

  • jld got seccomp working on x86 kitkat emulator (will be on TBPL)


10 April 2014

B2G

  • arroway has been doing work to remove calls to open https://bugzilla.mozilla.org/show_bug.cgi?id=980924
    • but there are some problems with third party libraries
    • perhaps may need the policy compiler to make things more specific
    • there are some gecko calls to open - need to remote them (bugs are open)
  • QC graphics drivers run a network server in debug mode (983976)

Windows

  • bobowen adjusted the rights level so we don't break graphics code
    • to lower the integrity back where it was (lower than low), what can we do?
    • tabraldes will find out what's required.
  • spohl might be able to help with platform integration
  • tabraldes is going to start trying to sandbox a test plugin or the openh264 working code (from ekr)

Linux Mac OS

  • sid will talk to josh

Accessibility

  • dbolter spoke with tabraldes about how they can get accessiblity stuff working with e10s/sandboixng

jld is working on gc/cc logging enabled for e10s (FYI)


27 March 2014 B2G

  • issue with sandbox on 1.3 (web RTC violating it)
  • arroway started looking at OPEN calls in layout (graphic buffer that uses QC HW library)
    • We can't just whitelist this called based on the arguments in the seccomp whitelist list
    • Remoting this thing (non-gecko code), so we can intercept the syscalls in the parent
    • This is perf sensitive, so remoting it is not ideal (IPDL slows us down)
    • the guy who did smth similar with binder https://phonebook.mozilla.org/#search/sikeda
    • libgenlock is not used in every device (at least on keon, buri, flame)
  • getUserMedia doesn't work on seccomp-enabled devices in 1.3

Windows

  • bbondy wrote up some docs about the windows sandbox
  • tabraldes has been reading docs and getting up to speed
    • next piece is sandbox openh264 stuff - [tabraldes] this will pick up once the openh264 stuff is in a state that can be worked on (Josh mentioned that it won't be there until next week or so)
    • on x64 win builds, sandbox building is failing -- tim files bugs

Linux:

  • jld is working on changing how we build the sandbox like chromium to check args passed to ioctl etc.

20 March 2014 B2g/Desktop

  • whitelist cleaned up (thanks, jld) (bug 985227)

WINDOWS

    • next: post to dev-planning to try to enable windows by default (not yet, but soon)

LINUX:

  • Seccomp unbroken (jld fixed it) (bug 975273)
  • For next quarter: need to work on making removing OPEN stable
    • On desktop, fonts may be tough (billm's scan showed fonts were the main problem) and some stuff at startup. arroway made progress, will report back next week.


13 March 2014

  • Windows
    • No updates
  • B2G
    • No updates
  • billm says desktop e10s tests should be ready fairly soon
    • Social API and tab thumbnail service and about:memory tests use remote browsers
  • need more testing before tying in sandbox enabling when remote tabs is enabled
  • Open h.264 will need to be sandboxed (talk to ekr about particulars)
  • b2g open syscall https://bugzilla.mozilla.org/show_bug.cgi?id=930s258
    • on it atm, arroway (jld?)
  • Can we find a way to shim the OPEN syscall to log where the calls are? Or use strace?

Action Items;

6 March 2014

  • Windows
    • Fixed building the Chromium sandbox without the Win8 SDK (bug 941110)
    • Investigating turning the Chromium sandbox on Windows on by default with e10s (bug 928044)
  • B2G?
    • arroway: working on open() (B2G 1.5)
    • jld: camera privileges
    • jld: drop uid0 right after fork
  • Linux?
    • *No one currently working on it
  • Needs:
    • e10s test harness passing help?

27 Feb 2014

  • Windows
    • Two process integrity tokens you can set when you start the process, for some reason one of the tokens is stopping things from working
    • FS & Pipe locked down
  • B2G
    • TBPL tests working - jld did most of the work there
    • After branch, will work on 1.5 stuff like removing OPEN
      • Will make a new planning bug for 1.5 and have things block it that we think we'll get done.
  • Linux?
    • TBD
  • Needs:
    • Could use help with the e10s test harness
    • SID: Find someone to lead desktop linux sandboxing


14 Feb 2014

  • windows
  • B2G
    • gaia-ui-tests - imoroved but wifi problems
      • Same camera issue noted on buri (was only on nexus before)
    • webrtc
      • Is there a solution we can patch and test?
    • is b2g desktop OOP -> unlikely but need to chec

2013-Dec-12:

Cancelled: few could attend.


9 Jan 2014

  • Minimal attendance due to workweeks, postponed for next week.

16 jan 2014

  • bug 936320
  • https://wiki.mozilla.org/Security/Sandbox
  • sandbox linux:
    • need to find a good start point
  • Sandbox b2g
    • current priority: fix testing builds
  • sandbox window
    • landed, behind a define (not defined by default)
    • Once you enable the define, there's a pref to selectively enable or disable it
    • Problem building w/ the define on some subset of our supported SDKs and compilers (pending more investigation)
    • Next step disabling pipe access except for the e10s pipe
    • bbondy will be spending most of next week on Sandbox related stuff


23 jan 2014

  • clarify which bugs are for fixing which call in the whitelist (kang)
  • check with nuwa team how much we can collaborate for the preloaded process (w/ cervantes)
    • this should help with bugs like the ipv6 bug
    • this should help with starting the sandbox properly on linux desktop
  • bbondy had to make some build system changes to get the chromium sandbox shim working again, set back progress about a week
  • If anyone is at jst's workweek next week, Wednesday at 13:00 PST we'll be discussing sandboxing/e10s at a high level to get folks testing with these features enabled.

30 jan 2014

  • have patches ready to trigger test runs in sandboxing for TBPL
  • (pauljt) get discussions going with releng
  • kang working on blocker bug for seccomp on b2g 1.4
    • testing working (runtime sandbox enabling) bug number?
    • arroway working on removing open syscall on linux
    • kang is adding documentation to the Sandbox wiki page, please tell kang
  • starting point for sandbox on linux - still not clear exactly when to start it (race condition when initializing the sandbox)
    • Nice to have: Nuwa for startup, but that seems to be at least a year out

6 Feb 2014

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/Standups&oldid=1028027"