Security/Sandbox/2015-02-26
From MozillaWiki
« previous week | index | next week »
Standup/Status
Windows
- Content Sandboxing
- bug 1136238 - started looking at changing the moreStrict prefs to an int "level" pref. I'll probably change the Mac one at the same time.
- GMP/EME Sandboxing
- EME is being uplifted to Beta 37 for testing. Are there any sandboxing patches that need to be uplifted, too?
- Bob will uplift some process mitigations in 38 to 37.
- EME is being uplifted to Beta 37 for testing. Are there any sandboxing patches that need to be uplifted, too?
Linux/B2G
- Content Sandboxing
- JARs: replacing nsDownloader by downloading to memory works, and has been (mostly) reviewed, and needs some more work but the approach seems to be okay.
- Other Linux work
- Namespace/chroot: feature detection out for review, actual patches mostly presentable.
- gfx team plans to remove dependency on xrender, but not glx.
Mac
- Content Sandboxing
- bug 1136407 - Tighter sandboxing rules broke mochitests on OS X 10.9 and 10.10
- Does Release Engineering have plans to add 10.9 or 10.10 test machines?
- bug 1083344 - lots of feedback yesterday about breaking mochitests on 10.9 and 10.10, which resulted in enough info to write a few more rules which should fix the failures, new patch ready for review.
- it would help to have ppl testing with level=1 so i get more feedback after the patch is applied, then switch back level default to 1 (backout https://hg.mozilla.org/mozilla-central/rev/3ed19dfc6443)
- bug 1136407 - Tighter sandboxing rules broke mochitests on OS X 10.9 and 10.10
- GMP/EME Sandboxing
- Started work on bug 1110911 ("Move Mac sandboxing code into plugin-container"). Have removed all XUL dependencies from Mac sandbox code.
- Other Mac work
- 10.10 testing deployment
https://bugzilla.mozilla.org/show_bug.cgi?id=1118183
Chromium
- bug 1136040 - Update to chromium in bug 1102195, broke building with gcc-4.6. It was already broken by a couple of other bugs but they would be easy to fix. In contact with some Linux Firefox packagers and it may be that dropping 4.6 will not be too painful.
- bug 1135051 - need to add licence for SuperFastHash for update in bug 1102195. I have an r+ just waiting to see what happens with bug 1136040.
Actions
- blassey to find someone on Rel Eng or A-Team to update Treeherder machines from OS X 10.8 to 10.10.
- jld to file bug inquiring about newer kernels on Linux test machines