Add required syscall to the WebContent process' sandbox on macOS.
<rdar://89072361>
Created attachment 452362 [details] Patch
Created attachment 452364 [details] Patch
Thanks for reviewing!
Comment on attachment 452364 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=452364&action=review > Source/WebKit/ChangeLog:11 > + Add required syscall to the WebContent process' sandbox on macOS. This patch also adds back a set of > + syscalls that were removed in https://commits.webkit.org/r286778 for current and previous versions > + of macOS. These syscalls will be denied going forward. It would be nice to describe why these syscalls are needed. And when you say they will be denied going forward… when? how? Do you have a bug for that?
(In reply to Dean Jackson from comment #5) > Comment on attachment 452364 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=452364&action=review > > > Source/WebKit/ChangeLog:11 > > + Add required syscall to the WebContent process' sandbox on macOS. This patch also adds back a set of > > + syscalls that were removed in https://commits.webkit.org/r286778 for current and previous versions > > + of macOS. These syscalls will be denied going forward. > > It would be nice to describe why these syscalls are needed. And when you say > they will be denied going forward… when? how? Do you have a bug for that? Based on telemetry, these syscalls are actually not believed to be required (except for one). They are added back here, since their removal in r286778 was mainly intended for the next macOS major version. Their inclusion is guarded by __MAC_OS_X_VERSION_MIN_REQUIRED < 130000. Thanks for reviewing!
Created attachment 452388 [details] Patch
Committed r290066 (?): <https://commits.webkit.org/r290066>