Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector

jprof is an in-tree profiling tool that runs on Linux. This fixes the error: Sandbox: seccomp sandbox violation: pid 29698, syscall 38, args 0 140731305513136 0 830 22509600 1. Killing process. Sandbox: crash reporter is disabled (or failed); trying stack trace: Sandbox: frame #1: __GI_setitimer (/build/glibc-GKVZIf/glibc-2.23/time/../sysdeps/unix/syscall-template.S:84) Sandbox: frame #2: startSignalCounter(unsigned long) (.../mozilla-central/mozilla/tools/jprof/stub/libmalloc.cpp:464) which occurs during shutdown when running with jprof enabled via the JPROF_FLAGS environment variable containing JP_DEFER without actually sending the signal to start jprof. It presumably occurs sooner if jprof is actually used either via JP_START or by senging a SIGPROF/SIGALRM. With the patch, these steps run to completion. MozReview-Commit-ID: Fx4tzEyqIj2 UltraBlame original commit: eadaa06966fefa5ea284da51a8d58ef2423edf47
marco-c · Sep 30, 2019 · a5a8817 · a5a8817
1 parent eb1f64b
commit a5a8817
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
@@ -700,6 +700,11 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
 #endif
       return Allow();
 
+#ifdef MOZ_JPROF
+    case __NR_setitimer:
+      return Allow();
+#endif 
+
     default:
       return SandboxPolicyCommon::EvaluateSyscall(sysno);
     }