From 28c259722cabab1a9a933302070b99b9709d42bc Mon Sep 17 00:00:00 2001
From: Alexandre Lissy <lissyx+mozillians@lissyx.dyndns.org>
Date: Wed, 29 May 2024 06:28:55 +0000
Subject: [PATCH] Bug 1867898 - Use more clone() flags for Utility r=gcp

Differential Revision: https://phabricator.services.mozilla.com/D195847
---
 security/sandbox/linux/launch/SandboxLaunch.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp
index 6617ff475dcd..9e2a7c45247c 100644
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -319,6 +319,13 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind,
         flags |= CLONE_NEWNET;
       }
       break;
+    case GeckoProcessType_Utility:
+      if (level >= 1) {
+        canChroot = true;
+        flags |= CLONE_NEWIPC;
+        flags |= CLONE_NEWNET;
+      }
+      break;
     case GeckoProcessType_Content:
       if (level >= 4) {
         canChroot = true;