Confirmed users
333
edits
Security/Sandbox: Difference between revisions
Add info about about:config settings for distros
(Add info about MOZ_SANDBOX_VERBOSE on Linux) |
(Add info about about:config settings for distros) |
||
| Line 312: | Line 312: | ||
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset] | [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset] | ||
=== Customization Settings === | |||
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration. | |||
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios. | |||
security.sandbox.content.read_path_whitelist<br/> | |||
security.sandbox.content.write_path_whitelist | |||
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. | |||
security.sandbox.content.syscall_whitelist | |||
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter. | |||
= Preferences = | = Preferences = | ||