Security/Sandbox/2015-02-19
From MozillaWiki
« previous week | index | next week »
Contents
Standup/Status
Windows
- Bob still on PTO.
Linux/B2G
- Content Sandboxing
- no change on bug 1129492 X11 connection in content sandbox
- GMP/EME Sandboxing
- Working locally: network namespace and chroot isolation for media plugins (requiring unprivileged user namespaces) without the unsafe syscall proxy patch. Needs: comments, tests, cleanup, etc. Chroot part should be reusable for B2G content when it's ready.
- Other Linux work
- Upstreaming PR_DuplicateEnvironment to NSPR (prereq for using pid namespaces) in progress.
Mac
- Content Sandboxing
- fixed printing on 10.10
- open pdf in preview still broken in 10.10 (works in previous oses), but no msg in logs, so may be harder to fix
- set default setting of "security.sandbox.macos.content.moreStrict" to 1
- We decided that the content process sandbox shouldn't follow the trains, at least for now. e10s doesn't either.