[tor-commits] [sandboxed-tor-browser/master] On second thought, SysV shm needs to be allowed.
yawning at torproject.org
yawning at torproject.org
Tue Dec 6 19:32:52 UTC 2016
commit ca358583844a1689b21a5cc2b419cd7172431756
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Tue Dec 6 19:31:32 2016 +0000
On second thought, SysV shm needs to be allowed.
Firefox works without this, but it's probably unhappy under the hood.
If Firefox on Ubuntu uses MIT-SHM without querying the X server to see
if the extension is supported, it's Firefox/Ubuntu's problem, not mine.
---
src/cmd/gen-seccomp/seccomp_firefox.go | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/cmd/gen-seccomp/seccomp_firefox.go b/src/cmd/gen-seccomp/seccomp_firefox.go
index 33a3048..a1a9f0a 100644
--- a/src/cmd/gen-seccomp/seccomp_firefox.go
+++ b/src/cmd/gen-seccomp/seccomp_firefox.go
@@ -121,14 +121,10 @@ func compileTorBrowserSeccompProfile(fd *os.File, is386 bool) error {
"mremap",
"munmap",
- // `MIT-SHM` doesn't work, and there's workarounds to try
- // to prevent firefox from making such calls. It doesn't appear
- // to always ask (noticed on Ubuntu), so fail the calls entirely.
- //
- // "shmdt",
- // "shmat",
- // "shmctl",
- // "shmget",
+ "shmdt",
+ "shmat",
+ "shmctl",
+ "shmget",
"alarm",
"execve",
More information about the tor-commits
mailing list