Security/Sandbox/2014-11-06: Difference between revisions
Jump to navigation
Jump to search
(Created page with "<!-- Maybe don't screw with these links unless you've read this blog post: http://blog.johnath.com/2011/01/20/automatic-date-links-in-mediawiki/ Just copy them to new pages an...") |
m (Linkify bug numbers) |
||
| Line 9: | Line 9: | ||
===Windows=== | ===Windows=== | ||
* '''Content''' | * '''Content''' | ||
** Bug 928044 - Windows content sandbox on by default with open policy - r+ from tabraldes, awaiting review from bsmedberg | ** {{Bug|928044}} - Windows content sandbox on by default with open policy - r+ from tabraldes, awaiting review from bsmedberg | ||
** Bug 1094667 - follow-up to bug 928044 to set lockdown access token to USER_NON_ADMIN | ** {{Bug|1094667}} - follow-up to {{bug|928044}} to set lockdown access token to USER_NON_ADMIN | ||
* '''GMP/EME''' | * '''GMP/EME''' | ||
** Bug 1088130 - Windows Output Protection gtest - landed | ** {{Bug|1088130}} - Windows Output Protection gtest - landed | ||
** Bug 1094370 - Use USER_LOCKDOWN for GMP process - GeckoMediaPlugins gtests and clearkey plugin seem to be fine, mochitest try push running | ** {{Bug|1094370}} - Use USER_LOCKDOWN for GMP process - GeckoMediaPlugins gtests and clearkey plugin seem to be fine, mochitest try push running | ||
===Linux/B2G=== | ===Linux/B2G=== | ||
* '''General''' | * '''General''' | ||
| Line 25: | Line 25: | ||
===Mac=== | ===Mac=== | ||
* '''Content''' | * '''Content''' | ||
** | ** {{Bug|1094196}}, only start mac sandbox when the pref says so (parity with windows) | ||
** considering reimplementing 1076385 to match linux/windows way of doing. for now the implementation is derived from and consistent with openh264 sandboxing on mac. | ** considering reimplementing {{bug|1076385}} to match linux/windows way of doing. for now the implementation is derived from and consistent with openh264 sandboxing on mac. | ||
* '''GMP/EME''' | * '''GMP/EME''' | ||
** Need to review changes at bug 1088488, which move some sandbox functionality from XUL to plugin-container. | ** Need to review changes at {{bug|1088488}}, which move some sandbox functionality from XUL to plugin-container. | ||
=Round Table= | =Round Table= | ||
* Working on upstream merge from Chromium sandbox code. | * Working on upstream merge from Chromium sandbox code. | ||
Latest revision as of 19:38, 13 November 2014
« previous week | index | next week »
Standup/Status
Windows
- Content
- bug 928044 - Windows content sandbox on by default with open policy - r+ from tabraldes, awaiting review from bsmedberg
- bug 1094667 - follow-up to bug 928044 to set lockdown access token to USER_NON_ADMIN
- GMP/EME
- bug 1088130 - Windows Output Protection gtest - landed
- bug 1094370 - Use USER_LOCKDOWN for GMP process - GeckoMediaPlugins gtests and clearkey plugin seem to be fine, mochitest try push running
Linux/B2G
- General
- Sandboxing info in about:support, bug 1077057: basically ready.
- Improving multithreaded sandbox startup, bug 1088387: seems to work; needs more cleanup/commenting.
- Content
- (Nothing content-specific this week.)
- To do: consider enabling off-by-default content sandboxing (how much does this still break?) (no bug yet)
- GMP/EME
- Rearranging build for bug 1088488: know how it will work.
Mac
- Content
- bug 1094196, only start mac sandbox when the pref says so (parity with windows)
- considering reimplementing bug 1076385 to match linux/windows way of doing. for now the implementation is derived from and consistent with openh264 sandboxing on mac.
- GMP/EME
- Need to review changes at bug 1088488, which move some sandbox functionality from XUL to plugin-container.
Round Table
- Working on upstream merge from Chromium sandbox code.
- Related: bug 1093334 to move some Linux sandboxing headers from Chromium
- Chromium IPC code: cpeterson has been trying to get Google contact from dveditz/elsewhere
- e10s will be enabled on Nightly today or tomorrow!
- B2G EME
Actions
- ACTION: jld to also inquire about Chromium IPC bugs