Bug 674545

Summary: [abrt] firefox-3.6.13-1.fc14: SIGSEGV in PR_JoinThread when setsched fails in SE sandbox
Product: [Fedora] Fedora Reporter: Mads Kiilerich <mads>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: dwalsh, gecko-bugs-nobody
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:1fa53fb2951f3f2b44c2649a2fe86692a42f85ec
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-07 13:05:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: reproduce none

Description Mads Kiilerich 2011-02-02 12:49:47 UTC 
abrt version: 1.1.14
architecture: i686
Attached file: backtrace
cmdline: /usr/lib/firefox-3.6/firefox
component: firefox
crash_function: PR_JoinThread
executable: /usr/lib/firefox-3.6/firefox
kernel: 2.6.35.10-74.fc14.i686.PAE
package: firefox-3.6.13-1.fc14
rating: 4
reason: Process /usr/lib/firefox-3.6/firefox was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
Attached file: reproduce
time: 1296650806
uid: 502
Comment 1 Mads Kiilerich 2011-02-02 12:49:51 UTC 
Created attachment 476559 [details]
File: backtrace
Comment 2 Mads Kiilerich 2011-02-02 12:49:53 UTC 
Created attachment 476560 [details]
File: reproduce
Comment 3 Mads Kiilerich 2011-02-02 12:56:20 UTC 
Removing nspluginwrapper makes one of the SE messages go away, but setsched still fails.
Comment 4 Mads Kiilerich 2011-02-02 13:31:22 UTC 
dwalsh said on bug 673224:
"""
sandbox -X firefox 

will blow up because the standard SELinux type does not allow connections to
http ports, and I guess firefox does not handle this well.

Using sandbox_web_t for the type should allow the access.
"""

The topic of this issue is that firefox should handle that it is blocked without crashing.
Comment 5 Daniel Walsh 2011-02-02 17:00:20 UTC 
I think it is failing because we are not allowing setsched call.


Maybe we should allow this in sandbox_x_t and then you could run firefox without network access.
Comment 6 Martin Stransky 2011-12-07 13:05:45 UTC 
We're using mozilla crash reporter now, ABRT is no more used for Firefox/Thunderbird. If you can reliably reproduce the crash (you have a testcase, reproduction steps, etc.) please reopen the bug and attach the reproduction info and assign it directly to me (stransky).

Thanks!
Comment 7 Mads Kiilerich 2011-12-07 13:28:55 UTC 
I canøt reproduce the crash on f16 - perhaps because the policy has changed.