[tor-commits] [sandboxed-tor-browser/master] Add `prlimit64` to the firefox system call whitelist.

yawning at torproject.org yawning at torproject.org
Wed Apr 12 22:22:06 UTC 2017


commit 161de9f58ff7c8783cb019e7c806047976a45eb7
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Wed Apr 12 22:21:09 2017 +0000

    Add `prlimit64` to the firefox system call whitelist.
    
    ESR52 calls it, and I don't have the time to check every instance to see
    if returning ENOSYS is acceptable.
---
 ChangeLog                     | 1 +
 data/torbrowser-amd64.seccomp | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 1007ae3..92ce6c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 Changes in version 0.0.5 - UNRELEASED:
  * Fix e10s Web Content crash on systems with grsec kernels.
+ * Add `prlimit64` to the firefox system call whitelist.
 
 Changes in version 0.0.4 - 2017-04-12:
  * Bug 21928: Force a reinstall if an existing hardened bundle is present.
diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp
index 11e42e5..17be3d7 100644
--- a/data/torbrowser-amd64.seccomp
+++ b/data/torbrowser-amd64.seccomp
@@ -151,6 +151,7 @@ getuid: 1
 geteuid: 1
 getgid: 1
 getegid: 1
+prlimit64: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1



More information about the tor-commits mailing list