Security/Sandbox: Difference between revisions

Security/Sandbox (view source)

564 bytes added , 26 July 2017

Update Linux sandboxing info

Confirmed users

333

edits

@@ Line 62: / Line 62: @@
 |-
 | [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]
-|style='text-align:center;' colspan="2"|Level 2
+|style='text-align:center;' colspan="2"|Level 3
 |style='text-align:center;' colspan="1"|Level 2
 |style='text-align:center;' colspan="1"| Fx54
@@ Line 247: / Line 247: @@
 ! Job Level !! What's Blocked by the Sandbox?
 |-
-| Level 1 [1] ||
+| Level 1 ||
 * write access to most of the filesystem
 * inbound/outbound network I/O
@@ Line 281: / Line 281: @@
 == Linux ==
-=== Content ===
+=== Content Levels ===
+{| class="wikitable"
+|-
+! Job Level !! What's Blocked by the Sandbox?
+|-
+| Level 1 [1] ||
+* Many syscalls, including process creation
+|-
+| Level 2 ||
+* Many syscalls, including process creation
+* Write access to the filesystem
+** Excludes shared memory, tempdir, video hardware
+|-
+| Level 3 ||
+* Many syscalls, including process creation
+* Write access to the filesystem
+** Excludes shared memory, tempdir, video hardware
+* Read access to most of the filesystem
+** Excludes themes/GTK configuration, fonts, shared data and libraries
+|}
+=== Content Rules ===
 [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]