Mac sandboxing uses a white list policy for all process types. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Mac content processes use sandbox level 3. OSX Content Levels for Web and File Content Processes Remote Data Decoder (RDD) Sandbox Feature Windows Feature Header Gecko Media Plugin (GMP) Sandbox Feature Lower level values indicate a less restrictive sandbox. Sandbox security related setting are grouped together and associated with a security level. Level 1 available but disabled due to various regressions with scrolling, see bug 1347710. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. See the Platform Specifics section below for more information.Ī 'level' value reflects unique sandbox security settings for each platform and process.
The security aspects of a sandboxed child process are implemented on a per-platform basis. For more information see the Electrolysis wiki page, and its sucessor, Project Fission. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. Security Sandboxing makes use of child processes as a security boundary. 5.2.1 Setting a custom environment in Windows.2.2.1 Content Levels for Web and File Content Processes.
0 kommentar(er)
