diff options
Diffstat (limited to 'mozilla-sandbox-fips.patch')
-rw-r--r-- | mozilla-sandbox-fips.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/mozilla-sandbox-fips.patch b/mozilla-sandbox-fips.patch new file mode 100644 index 000000000000..8894666dba9a --- /dev/null +++ b/mozilla-sandbox-fips.patch @@ -0,0 +1,40 @@ +From: meissner@suse.com, cgrobertson@suse.com +Subject: allow Firefox to access addtional process information +References: +http://bugzilla.suse.com/show_bug.cgi?id=1167132 +bsc#1174284 - Firefox tab just crashed in FIPS mode + +Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp +=================================================================== +--- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp ++++ firefox-93.0/security/sandbox/linux/Sandbox.cpp +@@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a + auto files = new SandboxOpenedFiles(); + files->Add(std::move(plugin)); + files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES); ++ files->Add("/dev/random", SandboxOpenedFile::Dup::YES); + files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey. + files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz"); + files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"); +Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +=================================================================== +--- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp ++++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +@@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon + + // Read permissions + policy->AddPath(rdonly, "/dev/urandom"); ++ policy->AddPath(rdonly, "/dev/random"); ++ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); + policy->AddPath(rdonly, "/proc/cpuinfo"); + policy->AddPath(rdonly, "/proc/meminfo"); + policy->AddDir(rdonly, "/sys/devices/cpu"); +@@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro + auto policy = MakeUnique<SandboxBroker::Policy>(); + + policy->AddPath(rdonly, "/dev/urandom"); ++ policy->AddPath(rdonly, "/dev/random"); ++ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled"); + policy->AddPath(rdonly, "/proc/cpuinfo"); + policy->AddPath(rdonly, "/proc/meminfo"); + policy->AddDir(rdonly, "/sys/devices/cpu"); |