1 From: meissner@suse.com, cgrobertson@suse.com |
|
2 Subject: allow Firefox to access addtional process information |
|
3 References: |
|
4 http://bugzilla.suse.com/show_bug.cgi?id=1167132 |
|
5 bsc#1174284 - Firefox tab just crashed in FIPS mode |
|
6 |
|
7 Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp |
|
8 =================================================================== |
|
9 --- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp |
|
10 +++ firefox-93.0/security/sandbox/linux/Sandbox.cpp |
|
11 @@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a |
|
12 auto files = new SandboxOpenedFiles(); |
|
13 files->Add(std::move(plugin)); |
|
14 files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES); |
|
15 + files->Add("/dev/random", SandboxOpenedFile::Dup::YES); |
|
16 files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey. |
|
17 files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz"); |
|
18 files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"); |
|
19 Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp |
|
20 =================================================================== |
|
21 --- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp |
|
22 +++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp |
|
23 @@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon |
|
24 |
|
25 // Read permissions |
|
26 policy->AddPath(rdonly, "/dev/urandom"); |
|
27 + policy->AddPath(rdonly, "/dev/random"); |
|
28 + policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); |
|
29 policy->AddPath(rdonly, "/proc/cpuinfo"); |
|
30 policy->AddPath(rdonly, "/proc/meminfo"); |
|
31 policy->AddDir(rdonly, "/sys/devices/cpu"); |
|
32 @@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro |
|
33 auto policy = MakeUnique<SandboxBroker::Policy>(); |
|
34 |
|
35 policy->AddPath(rdonly, "/dev/urandom"); |
|
36 + policy->AddPath(rdonly, "/dev/random"); |
|
37 + policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); |
|
38 policy->AddPath(rdonly, "/proc/cpuinfo"); |
|
39 policy->AddPath(rdonly, "/proc/meminfo"); |
|
40 policy->AddDir(rdonly, "/sys/devices/cpu"); |
|