1 From: meissner@suse.com, cgrobertson@suse.com

     2 Subject: allow Firefox to access addtional process information

     3 References:

     4 http://bugzilla.suse.com/show_bug.cgi?id=1167132

     5 bsc#1174284 - Firefox tab just crashed in FIPS mode

     6 

     7 Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp

     8 ===================================================================

     9 --- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp

    10 +++ firefox-93.0/security/sandbox/linux/Sandbox.cpp

    11 @@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a

    12    auto files = new SandboxOpenedFiles();

    13    files->Add(std::move(plugin));

    14    files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);

    15 +  files->Add("/dev/random", SandboxOpenedFile::Dup::YES);

    16    files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.

    17    files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");

    18    files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");

    19 Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

    20 ===================================================================

    21 --- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

    22 +++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

    23 @@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon

    24  

    25    // Read permissions

    26    policy->AddPath(rdonly, "/dev/urandom");

    27 +  policy->AddPath(rdonly, "/dev/random");

    28 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");

    29    policy->AddPath(rdonly, "/proc/cpuinfo");

    30    policy->AddPath(rdonly, "/proc/meminfo");

    31    policy->AddDir(rdonly, "/sys/devices/cpu");

    32 @@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro

    33    auto policy = MakeUnique<SandboxBroker::Policy>();

    34  

    35    policy->AddPath(rdonly, "/dev/urandom");

    36 +  policy->AddPath(rdonly, "/dev/random");

    37 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");

    38    policy->AddPath(rdonly, "/proc/cpuinfo");

    39    policy->AddPath(rdonly, "/proc/meminfo");

    40    policy->AddDir(rdonly, "/sys/devices/cpu");