[tor-commits] [sandboxed-tor-browser/master] Add `prlimit64` to the firefox system call whitelist.
yawning at torproject.org
yawning at torproject.org
Wed Apr 12 22:22:06 UTC 2017
commit 161de9f58ff7c8783cb019e7c806047976a45eb7
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Wed Apr 12 22:21:09 2017 +0000
Add `prlimit64` to the firefox system call whitelist.
ESR52 calls it, and I don't have the time to check every instance to see
if returning ENOSYS is acceptable.
---
ChangeLog | 1 +
data/torbrowser-amd64.seccomp | 1 +
2 files changed, 2 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 1007ae3..92ce6c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
Changes in version 0.0.5 - UNRELEASED:
* Fix e10s Web Content crash on systems with grsec kernels.
+ * Add `prlimit64` to the firefox system call whitelist.
Changes in version 0.0.4 - 2017-04-12:
* Bug 21928: Force a reinstall if an existing hardened bundle is present.
diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp
index 11e42e5..17be3d7 100644
--- a/data/torbrowser-amd64.seccomp
+++ b/data/torbrowser-amd64.seccomp
@@ -151,6 +151,7 @@ getuid: 1
geteuid: 1
getgid: 1
getegid: 1
+prlimit64: 1
rt_sigaction: 1
rt_sigprocmask: 1
rt_sigreturn: 1
More information about the tor-commits
mailing list