[tor-commits] [sandboxed-tor-browser/master] Allow MADV_FREE in the firefox seccomp profile.
yawning at torproject.org
yawning at torproject.org
Sat Dec 10 10:17:19 UTC 2016
commit cc3ef2d64be2b7a99b4bfcbc44f6eb64c079bf1b
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Sat Dec 10 10:15:23 2016 +0000
Allow MADV_FREE in the firefox seccomp profile.
The content process sandbox allows this. Fairly sure the system Tor
Browser is being built on, doesn't have it so this *should* just be
forward thinking.
---
src/cmd/gen-seccomp/seccomp_firefox.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go
index 03ed1fb..b47e35b 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -244,7 +244,7 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error {
return err
}
- if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed); err != nil {
+ if err = allowCmpEq(f, "madvise", 2, madvNormal, madvDontneed, madvFree); err != nil {
return err
}
if err = allowCmpEq(f, "ioctl", 1, fionread, tcgets, tiocgpgrp); err != nil {
More information about the tor-commits
mailing list