7.0.7 and later fails to work without `SECCOMP_FILTER_FLAG_TSYNC`.

Closed Issue created 7 years ago by Yawning Angel

2017/10/20 03:16:42 firefox: Sandbox: opendir /proc/self/task: No such file or directory
2017/10/20 03:16:42 firefox: [Parent 3] WARNING: pipe error (59): Connection reset by peer: file /home/debian/build/tor-browser/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
2017/10/20 03:16:42 firefox: [Parent 3] WARNING: pipe error (57): Connection reset by peer: file /home/debian/build/tor-browser/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
2017/10/20 03:16:42 firefox: ###!!! [Parent][RunMessage] Error: Channel error: cannot send/recv
2017/10/20 03:16:42 firefox: ###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0086,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

This only affects systems running kernels that pre-date 3.17, which annoyingly enough currently includes Debian oldstable. It's an artifact of "the sandbox doesn't mount /proc", and "firefox wants to use /proc/self/task to see if a process has threads or not". The need for the latter goes away with the seccomp() flag, which is why I never saw the issue.

7.0.7 and later fails to work without `SECCOMP_FILTER_FLAG_TSYNC`.

Linked items ... 0

Activity