MozillaWiki

Security/Sandbox/Seccomp: Difference between revisions

Page Discussion

Security/Sandbox/Seccomp (view source)

Revision as of 17:53, 6 February 2014

521 bytes added ,  6 February 2014
no edit summary
No edit summary
No edit summary
Line 69: Line 69:


   SetCurrentProcessSandbox(void)
   SetCurrentProcessSandbox(void)
=== Seccomp reporter ===
The reporter is an option which will log exactly which system call has been denied by seccomp. It is enabled by default in engineering builds ("eng" builds).
The option is --content-sandbox-reporter.
When seccomp denies a system call, it sends a signal (SIGSYS) which is caught by the reporter. The reporter then kills itself (and thus the content-process).
The report kill itself because the content process may not handle the denied system call properly and be in a non-working state anyway.


=== How do I check my processes are sandboxed by seccomp? ===
=== How do I check my processes are sandboxed by seccomp? ===
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/918879"