# HG changeset patch # User Julien Cristau # Date 1599423639 0 # Node ID 8ecb82a2f65cf6082d50d1e00453fbeba97633fb # Parent 0ce38d3c2aa2357df4a8fcc5fd39d3af05fce7e1 Bug 1660901 - ignore AT_NO_AUTOMOUNT in fstatat system call. r=jld, a=RyanVM Per the manpage "Both stat() and lstat() act as though AT_NO_AUTOMOUNT was set.", so don't bail if it's set in a call to fstatat. Differential Revision: https://phabricator.services.mozilla.com/D89121 diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -249,19 +249,20 @@ class SandboxPolicyCommon : public Sandb return ConvertError(fstatsyscall(fd, buf)); } if (fd != AT_FDCWD && path[0] != '/') { SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)", fd, path, buf, flags); return BlockedSyscallTrap(aArgs, nullptr); } - if ((flags & ~AT_SYMLINK_NOFOLLOW) != 0) { + if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)) != 0) { SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)", - (flags & ~AT_SYMLINK_NOFOLLOW), fd, path, buf, flags); + (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)), fd, + path, buf, flags); return BlockedSyscallTrap(aArgs, nullptr); } return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf) : broker->LStat(path, buf); } static intptr_t ChmodTrap(ArgsRef aArgs, void* aux) { auto broker = static_cast(aux);