Changes

[http://en.wikipedia.org/wiki/Seccomp Seccomp] stands for secure computing mode. It's a simple sandboxing tool in the Linux kernel, available since Linux version 2.6.12. When enabling seccomp, the process turns into enters a "secure mode" where only some a very small number of system calls are available (exit(), read(), write(), sigreturn()). Writing code to work in this environment is difficult; for example, dynamic memory allocation (using brk() or mmap(), either directly or to implement malloc()) is not possible.

Seccomp-bpf BPF is a more recent extension to seccomp, which adds the support for allows filtering system calls with [http://en.wikipedia.org/wiki/Berkeley_Packet_Filter BPF (Berkely Berkeley Packet Filter)] filtersprograms.These filters can be used to allow or deny an arbitrary set of system calls, as well as filter on system call arguments (numeric values only; pointer arguments can't be dereferenced). Additionally, instead of simply terminating the process, the filter allow for can raise a more configurable list signal, which allows the signal handler to simulate the effect of a disallowed system calls that are allowed call (or denied within simply gather more information on the sandboxfailure for debugging purposes). Seccomp-bpf is available since Linux version 3.5 and is useable usable on the ARM architecture since Linux version 3.10. Several backports are available for earlier kernel versions.

We have backports for 3.0.x kernels, 3.4 kernels, and 2.6.29 kernels (see bug [https://bugzilla.mozilla.org/show_bug.cgi?id=790923 790923] and it's its children). No backport is necessary for kernels 3.10 and above.