Bug 140069

Summary: [GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebCore Misc.Assignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: cgarcia, commit-queue, mcatanzaro, pnormand, slomo, tmpsantos
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on: 142978    
Bug Blocks: 110014    
Attachments:
Description Flags
Patch none

Michael Catanzaro
Reported 2015-01-04 20:00:21 PST
If seccomp filters are enabled, any child processes we create are doomed if they try to use a trapped syscall: the child will receive SIGSYS and dump core. There appears to be no way around this. Fortunately, the gstreamer developers had mad prescience and provided us with a way to move plugin scanning in-process, so we don't need the helper binary at all.
Attachments
Patch (2.86 KB, patch)
2015-01-04 20:05 PST, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2015-01-04 20:05:48 PST
Created attachment 243957 [details] Patch
WebKit Commit Bot
Comment 2 2015-01-05 01:23:09 PST
Comment on attachment 243957 [details] Patch Clearing flags on attachment: 243957 Committed r177896: <http://trac.webkit.org/changeset/177896>
WebKit Commit Bot
Comment 3 2015-01-05 01:23:13 PST
All reviewed patches have been landed. Closing bug.
Sebastian Dröge (slomo)
Comment 4 2015-01-06 03:47:28 PST
Note that putting the plugin scanning in-process has two huge disadvantages though. You will dlopen() all (changed) plugins, which in turn loads all dependent libraries... and they will never be unloaded again for this process. And if any plugin crashes during initialization, it will just take your application process with it. Disabling the plugin scanner can't be the right solution for this approach, and if there's no other way I would say that seccomp is currently broken by design.
Michael Catanzaro
Comment 5 2015-01-06 10:52:00 PST
(In reply to comment #4) > Disabling the plugin scanner can't be the right solution for this approach, > and if there's no other way I would say that seccomp is currently broken by > design. I'm glad I CCed you. Let's discuss this in bug #140131.
WebKit Commit Bot
Comment 6 2015-03-23 13:24:09 PDT
Re-opened since this is blocked by bug 142978
Michael Catanzaro
Comment 7 2015-03-23 13:25:35 PDT
Go away bug, we'll use bug #140131 for this.
Note You need to log in before you can comment on or make changes to this bug.