140069 – [GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled

Bug 140069 - [GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled

Summary: [GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Michael Catanzaro

URL:
Keywords:

Depends on:	142978
Blocks:	110014
	Show dependency tree / graph

Reported:	2015-01-04 20:00 PST by Michael Catanzaro
Modified:	2015-03-23 13:25 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (2.86 KB, patch) 2015-01-04 20:05 PST, Michael Catanzaro	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2015-01-04 20:00:21 PST

If seccomp filters are enabled, any child processes we create are doomed if they try to use a trapped syscall: the child will receive SIGSYS and dump core. There appears to be no way around this.

Fortunately, the gstreamer developers had mad prescience and provided us with a way to move plugin scanning in-process, so we don't need the helper binary at all.

Comment 1 Michael Catanzaro 2015-01-04 20:05:48 PST

Created attachment 243957 [details]
Patch

Comment 2 WebKit Commit Bot 2015-01-05 01:23:09 PST

Comment on attachment 243957 [details]
Patch

Clearing flags on attachment: 243957

Committed r177896: <http://trac.webkit.org/changeset/177896>

Comment 3 WebKit Commit Bot 2015-01-05 01:23:13 PST

All reviewed patches have been landed.  Closing bug.

Comment 4 Sebastian Dröge (slomo) 2015-01-06 03:47:28 PST

Note that putting the plugin scanning in-process has two huge disadvantages though. You will dlopen() all (changed) plugins, which in turn loads all dependent libraries... and they will never be unloaded again for this process. And if any plugin crashes during initialization, it will just take your application process with it.

Disabling the plugin scanner can't be the right solution for this approach, and if there's no other way I would say that seccomp is currently broken by design.

Comment 5 Michael Catanzaro 2015-01-06 10:52:00 PST

(In reply to comment #4)
> Disabling the plugin scanner can't be the right solution for this approach,
> and if there's no other way I would say that seccomp is currently broken by
> design.

I'm glad I CCed you. Let's discuss this in bug #140131.

Comment 6 WebKit Commit Bot 2015-03-23 13:24:09 PDT

Re-opened since this is blocked by bug 142978

Comment 7 Michael Catanzaro 2015-03-23 13:25:35 PDT

Go away bug, we'll use bug #140131 for this.