WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
236781
[macOS][WP] Add required syscall to sandbox
https://bugs.webkit.org/show_bug.cgi?id=236781
Summary
[macOS][WP] Add required syscall to sandbox
Per Arne Vollan
Reported
2022-02-17 06:55:47 PST
Add required syscall to the WebContent process' sandbox on macOS.
Attachments
Patch
(1.28 KB, patch)
2022-02-17 06:59 PST
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Patch
(3.45 KB, patch)
2022-02-17 07:39 PST
,
Per Arne Vollan
cdumez
: review+
Details
Formatted Diff
Diff
Patch
(3.55 KB, patch)
2022-02-17 10:51 PST
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Per Arne Vollan
Comment 1
2022-02-17 06:56:11 PST
<
rdar://89072361
>
Per Arne Vollan
Comment 2
2022-02-17 06:59:23 PST
Created
attachment 452362
[details]
Patch
Per Arne Vollan
Comment 3
2022-02-17 07:39:30 PST
Created
attachment 452364
[details]
Patch
Per Arne Vollan
Comment 4
2022-02-17 07:41:47 PST
Thanks for reviewing!
Dean Jackson
Comment 5
2022-02-17 07:45:10 PST
Comment on
attachment 452364
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=452364&action=review
> Source/WebKit/ChangeLog:11 > + Add required syscall to the WebContent process' sandbox on macOS. This patch also adds back a set of > + syscalls that were removed in
https://commits.webkit.org/r286778
for current and previous versions > + of macOS. These syscalls will be denied going forward.
It would be nice to describe why these syscalls are needed. And when you say they will be denied going forward… when? how? Do you have a bug for that?
Per Arne Vollan
Comment 6
2022-02-17 08:06:05 PST
(In reply to Dean Jackson from
comment #5
)
> Comment on
attachment 452364
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=452364&action=review
> > > Source/WebKit/ChangeLog:11 > > + Add required syscall to the WebContent process' sandbox on macOS. This patch also adds back a set of > > + syscalls that were removed in
https://commits.webkit.org/r286778
for current and previous versions > > + of macOS. These syscalls will be denied going forward. > > It would be nice to describe why these syscalls are needed. And when you say > they will be denied going forward… when? how? Do you have a bug for that?
Based on telemetry, these syscalls are actually not believed to be required (except for one). They are added back here, since their removal in
r286778
was mainly intended for the next macOS major version. Their inclusion is guarded by __MAC_OS_X_VERSION_MIN_REQUIRED < 130000. Thanks for reviewing!
Per Arne Vollan
Comment 7
2022-02-17 10:51:39 PST
Created
attachment 452388
[details]
Patch
Per Arne Vollan
Comment 8
2022-02-17 13:27:42 PST
Committed
r290066
(?): <
https://commits.webkit.org/r290066
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug