[tor-commits] [sandboxed-tor-browser/master] Remove the SysV SHM calls from the seccomp whtielist.
yawning at torproject.org
yawning at torproject.org
Tue Dec 6 19:15:09 UTC 2016
commit 6e8ba8170dc0580c2da2f3e779ea652c2a58ff3c
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Tue Dec 6 19:14:27 2016 +0000
Remove the SysV SHM calls from the seccomp whtielist.
---
src/cmd/gen-seccomp/seccomp_firefox.go | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go
index 1606d76..33a3048 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -121,11 +121,14 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error {
"mremap",
"munmap",
- // XXX: Remove these?
- "shmdt",
- "shmat",
- "shmctl",
- "shmget",
+ // `MIT-SHM` doesn't work, and there's workarounds to try
+ // to prevent firefox from making such calls. It doesn't appear
+ // to always ask (noticed on Ubuntu), so fail the calls entirely.
+ //
+ // "shmdt",
+ // "shmat",
+ // "shmctl",
+ // "shmget",
"alarm",
"execve",
More information about the tor-commits
mailing list