summarylogtreecommitdiffstats
path: root/mozilla-sandbox-fips.patch
diff options
context:
space:
mode:
Diffstat (limited to 'mozilla-sandbox-fips.patch')
-rw-r--r--mozilla-sandbox-fips.patch40
1 files changed, 40 insertions, 0 deletions
diff --git a/mozilla-sandbox-fips.patch b/mozilla-sandbox-fips.patch
new file mode 100644
index 000000000000..8894666dba9a
--- /dev/null
+++ b/mozilla-sandbox-fips.patch
@@ -0,0 +1,40 @@
+From: meissner@suse.com, cgrobertson@suse.com
+Subject: allow Firefox to access addtional process information
+References:
+http://bugzilla.suse.com/show_bug.cgi?id=1167132
+bsc#1174284 - Firefox tab just crashed in FIPS mode
+
+Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp
+===================================================================
+--- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp
++++ firefox-93.0/security/sandbox/linux/Sandbox.cpp
+@@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a
+ auto files = new SandboxOpenedFiles();
+ files->Add(std::move(plugin));
+ files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
++ files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
+ files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey.
+ files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
+ files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
+Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+===================================================================
+--- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
++++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+@@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon
+
+ // Read permissions
+ policy->AddPath(rdonly, "/dev/urandom");
++ policy->AddPath(rdonly, "/dev/random");
++ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
+ policy->AddPath(rdonly, "/proc/cpuinfo");
+ policy->AddPath(rdonly, "/proc/meminfo");
+ policy->AddDir(rdonly, "/sys/devices/cpu");
+@@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro
+ auto policy = MakeUnique<SandboxBroker::Policy>();
+
+ policy->AddPath(rdonly, "/dev/urandom");
++ policy->AddPath(rdonly, "/dev/random");
++ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
+ policy->AddPath(rdonly, "/proc/cpuinfo");
+ policy->AddPath(rdonly, "/proc/meminfo");
+ policy->AddDir(rdonly, "/sys/devices/cpu");