I am commiting this so that work can continue in tree because the diff
is starting to get really big. This commit includes several changes
required for unveil(2) described below:
- overhaul of the sandboxing code for pledge(2) to match what is being
done on other platforms
- avoid using /dev/urandom and switch to arc4random(3) or arc4random_buf(3)
- start using pledge(2) for the main browser process as well, disabled by
default for now as the list changes rapidly. The list of pledges are read
from the /etc/chromium/pledge.main file if available. When this is complete
the list of pledges will be hardcoded just as it is for the other process
types.
- add the --enable-unveil flag to use unveil(2) in all of the browser processes
by reading the list of unveil'd paths from files located in /etc/chromium,
e.g.: /etc/chromium/unveil.main or /etc/chromium/unveil.gpu.
These files are not included in the package by default as they are work in
progress. If you want to help please visit: https://github.com/rnagy/chromium
- if unveil(2) is used, chromium will not be able to access most of the filesystem
so for example if you would like to download or upload something, only the unveil'd
paths are going to be available, which is by default include ~/Downloads.
See https://www.mozilla.org/en-US/firefox/61.0/releasenotes/
Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
- build against bundled hunspell (#1460600), build against system
hunspell is unsupported
- build depend on python3 in addition to python2. sigh.
- improve pledge messages to show the process id, and put the debugging
ones behind MOZ_SANDBOX_LOGGING env var being set
- workaround content process 'proc' pledge violations by faking a
session dbus if one isnt running, see #1466593. idea from semarie@
- backport patch from #1467882 that improves sndio volume handling, from
ratchov@
Disable tests with python3, this requires an update to py-unittest2
(which hasnt been updated since 2010) which in turn requires traceback2
and linebreak2, and at that point i stopped looking.
