Bug 1457092 - Disable codepaths forbidden by pledge() when being sandboxed on OpenBSD. r=froydnj

--HG--
extra : rebase_source : 49ef652c8c36ded2f18ed635b361250214eec55b

widget/nsShmImage.cpp

@@ -67,6 +67,12 @@ nsShmImage::CreateShmSegment()
 {
   size_t size = SharedMemory::PageAlignedSize(mStride * mSize.height);
 
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  static mozilla::LazyLogModule sPledgeLog("SandboxPledge");
+  MOZ_LOG(sPledgeLog, mozilla::LogLevel::Debug,
+         ("%s called when pledged, returning false\n", __func__));
+  return false;
+#endif
   mShmId = shmget(IPC_PRIVATE, size, IPC_CREAT | 0600);
   if (mShmId == -1) {
     return false;

xpcom/base/nsDebugImpl.cpp

@@ -180,6 +180,10 @@ nsDebugImpl::GetIsDebuggerAttached(bool* aResult)
 {
   *aResult = false;
 
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  // no access to KERN_PROC_PID sysctl when pledge'd
+  return NS_OK;
+#endif
 #if defined(XP_WIN)
   *aResult = ::IsDebuggerPresent();
 #elif defined(XP_MACOSX) || defined(__DragonFly__) || defined(__FreeBSD__) \

xpcom/base/nsMemoryReporterManager.cpp

@@ -193,6 +193,12 @@ SystemHeapSize(int64_t* aSizeOut)
 static MOZ_MUST_USE nsresult
 GetKinfoProcSelf(KINFO_PROC* aProc)
 {
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  static LazyLogModule sPledgeLog("SandboxPledge");
+  MOZ_LOG(sPledgeLog, LogLevel::Debug,
+         ("%s called when pledged, returning NS_ERROR_FAILURE\n", __func__));
+  return NS_ERROR_FAILURE;
+#endif
   int mib[] = {
     CTL_KERN,
     KERN_PROC,