commit cc3ef2d64be2b7a99b4bfcbc44f6eb64c079bf1b Author: Yawning Angel yawning@schwanenlied.me Date: Sat Dec 10 10:15:23 2016 +0000

Allow MADV_FREE in the firefox seccomp profile.

The content process sandbox allows this. Fairly sure the system Tor Browser is being built on, doesn't have it so this *should* just be forward thinking. --- src/cmd/gen-seccomp/seccomp_firefox.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go index 03ed1fb..b47e35b 100644 --- a/src/cmd/gen-seccomp/seccomp_firefox.go +++ b/src/cmd/gen-seccomp/seccomp_firefox.go @@ -244,7 +244,7 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error { return err }

- if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed); err != nil { + if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed, madvFree); err != nil { return err } if err = allowCmpEq(f, "ioctl", 1, fionread, tcgets, tiocgpgrp); err != nil {