jcs.org
/usr/ports/mystuff
firefox: remove inet pledge from content process
brynet informed me this is most likely not needed, but that there
may be something that still needs it. remove it for now and see
what breaks...
+15
+15
www/mozilla-firefox/patches/patch-02-content_no_inet
+15
www/mozilla-firefox/patches/patch-02-content_no_inet
···
1
+
$OpenBSD$
2
+
3
+
remove inet pledge from content process
4
+
5
+
--- browser/app/profile/firefox.js.orig Tue Sep 10 20:16:35 2019
6
+
+++ browser/app/profile/firefox.js Tue Sep 10 20:16:40 2019
7
+
@@ -1134,7 +1134,7 @@
8
+
// broad list for now, has to be refined over time
9
+
pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast");
10
+
pref("security.sandbox.content.level", 1);
11
+
-pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
12
+
+pref("security.sandbox.pledge.content", "stdio rpath wpath cpath recvfd sendfd prot_exec unix drm ps");
13
+
pref("security.sandbox.pledge.gpu", "stdio rpath wpath cpath ps sendfd recvfd drm dns unix prot_exec");
14
+
#endif
15
+