RESOLVED INVALID 237560
[macOS][WP] Add required syscall to sandbox 
https://bugs.webkit.org/show_bug.cgi?id=237560
Summary [macOS][WP] Add required syscall to sandbox
Per Arne Vollan
Reported 2022-03-07 14:58:56 PST
Add required syscall to the WebContent process' sandbox on macOS.
Attachments
Patch (1.43 KB, patch)
2022-03-07 15:07 PST, Per Arne Vollan 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2022-03-07 14:59:25 PST
<rdar://89854039>
Per Arne Vollan
Comment 2 2022-03-07 15:07:24 PST
Created attachment 454039 [details] Patch
Geoffrey Garen
Comment 3 2022-03-07 15:13:22 PST
Comment on attachment 454039 [details] Patch r=me Kinda sad that we do need filesystem access in WebContent still.
Per Arne Vollan
Comment 4 2022-03-07 15:54:21 PST
(In reply to Geoffrey Garen from comment #3) > Comment on attachment 454039 [details] > Patch > > r=me > > Kinda sad that we do need filesystem access in WebContent still. Yes, that is a good point. In CF prefs direct mode we should not access the filesystem for any preference tasks. Thanks for reviewing!
Per Arne Vollan
Comment 5 2022-03-07 15:57:18 PST
(In reply to Per Arne Vollan from comment #4) > (In reply to Geoffrey Garen from comment #3) > > Comment on attachment 454039 [details] > > Patch > > > > r=me > > > > Kinda sad that we do need filesystem access in WebContent still. > > Yes, that is a good point. In CF prefs direct mode we should not access the > filesystem for any preference tasks. We still need to be able to read preference files, but write operations should not happen. > > Thanks for reviewing!
Per Arne Vollan
Comment 6 2022-03-10 16:01:00 PST
We are fixing this by avoiding use of the sys call.
Note You need to log in before you can comment on or make changes to this bug.