Bug 237560 - [macOS][WP] Add required syscall to sandbox
Summary: [macOS][WP] Add required syscall to sandbox
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-03-07 14:58 PST by Per Arne Vollan
Modified: 2022-03-10 16:01 PST (History)
5 users (show)

See Also:

Attachments
Patch (1.43 KB, patch)
2022-03-07 15:07 PST, Per Arne Vollan 		ggaren: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2022-03-07 14:58:56 PST 
Add required syscall to the WebContent process' sandbox on macOS.
Comment 1 Per Arne Vollan 2022-03-07 14:59:25 PST 
<rdar://89854039>
Comment 2 Per Arne Vollan 2022-03-07 15:07:24 PST 
Created attachment 454039 [details]
Patch
Comment 3 Geoffrey Garen 2022-03-07 15:13:22 PST 
Comment on attachment 454039 [details]
Patch

r=me

Kinda sad that we do need filesystem access in WebContent still.
Comment 4 Per Arne Vollan 2022-03-07 15:54:21 PST 
(In reply to Geoffrey Garen from comment #3)
> Comment on attachment 454039 [details]
> Patch
> 
> r=me
> 
> Kinda sad that we do need filesystem access in WebContent still.

Yes, that is a good point. In CF prefs direct mode we should not access the filesystem for any preference tasks.

Thanks for reviewing!
Comment 5 Per Arne Vollan 2022-03-07 15:57:18 PST 
(In reply to Per Arne Vollan from comment #4)
> (In reply to Geoffrey Garen from comment #3)
> > Comment on attachment 454039 [details]
> > Patch
> > 
> > r=me
> > 
> > Kinda sad that we do need filesystem access in WebContent still.
> 
> Yes, that is a good point. In CF prefs direct mode we should not access the
> filesystem for any preference tasks.

We still need to be able to read preference files, but write operations should not happen.

> 
> Thanks for reviewing!
Comment 6 Per Arne Vollan 2022-03-10 16:01:00 PST 
We are fixing this by avoiding use of the sys call.