[wip] firefox 71.0b8 with unveil integration

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[wip] firefox 71.0b8 with unveil integration

Landry Breuil-5
Hi,

now that jcs@'s work has been commited upstream and will be in firefox
72 (cf https://bugzilla.mozilla.org/show_bug.cgi?id=1580268,
https://bugzilla.mozilla.org/show_bug.cgi?id=1584839 &
https://bugzilla.mozilla.org/show_bug.cgi?id=1580271) i've backported
all the corresponding commits to the upcoming 71 release (due beginning
of december) in my git repo (in the unveil branch) and adapted the
corresponding pledge/unveil per-process configs - cf
https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil

see
https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n17
for the details on the configuration, and note that this will
break/ignore the file associations configured in firefox, relying on
xdg-open to rely on the file associations configured via xdg-mime.
https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n68
has more bits on specific logging/debugging.

https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
this branch, and i'm running it now. This needs more testing from anyone
actually using firefox in weird environments so that we figure out more
missing paths.

Landry

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Solene Rapenne
If someone can confirm a behavior I had with firefox patched for pledge and unveil
I was not able to delete extensions, but it wasn't triggering a pledge error and I've not been able to deal with the huge ktrace...Le 8 nov. 2019 23:48, Landry Breuil <[hidden email]> a écrit :

>
> Hi,
>
> now that jcs@'s work has been commited upstream and will be in firefox
> 72 (cf https://bugzilla.mozilla.org/show_bug.cgi?id=1580268,
> https://bugzilla.mozilla.org/show_bug.cgi?id=1584839 &
> https://bugzilla.mozilla.org/show_bug.cgi?id=1580271) i've backported
> all the corresponding commits to the upcoming 71 release (due beginning
> of december) in my git repo (in the unveil branch) and adapted the
> corresponding pledge/unveil per-process configs - cf
> https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil 
>
> see
> https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n17 
> for the details on the configuration, and note that this will
> break/ignore the file associations configured in firefox, relying on
> xdg-open to rely on the file associations configured via xdg-mime.
> https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n68 
> has more bits on specific logging/debugging.
>
> https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> this branch, and i'm running it now. This needs more testing from anyone
> actually using firefox in weird environments so that we figure out more
> missing paths.
>
> Landry
>
Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

joshua stein-3
On Sat, 09 Nov 2019 at 00:02:55 +0100, Solène Rapenne wrote:
> If someone can confirm a behavior I had with firefox patched for pledge and unveil
> I was not able to delete extensions, but it wasn't triggering a pledge error and I've not been able to deal with the huge ktrace...

I just installed Landry's beta package and ran it with my existing
profile, installed a random extension, then uninstalled it, and it
performed as expected.

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Tim van der Molen-4
In reply to this post by Landry Breuil-5
Landry Breuil (2019-11-08 23:48 +0100):
> https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> this branch, and i'm running it now. This needs more testing from anyone
> actually using firefox in weird environments so that we figure out more
> missing paths.

Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
I can reproduce this with an empty homedir and an audio-only .ogg file
in /tmp.

Firefox writes this to stderr:

[Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
[Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
[Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
[Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728

ktrace -di shows this:

 99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
 99779 firefox  RET   open -1 errno 2 No such file or directory

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Tim van der Molen-4
Tim van der Molen (2019-11-10 12:58 +0100):

> Landry Breuil (2019-11-08 23:48 +0100):
> > https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> > this branch, and i'm running it now. This needs more testing from anyone
> > actually using firefox in weird environments so that we figure out more
> > missing paths.
>
> Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
> I can reproduce this with an empty homedir and an audio-only .ogg file
> in /tmp.
>
> Firefox writes this to stderr:
>
> [Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
> [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
> [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
> [Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
>
> ktrace -di shows this:
>

I missed this line:

 99779 firefox  CALL  open(0x17e0b204289,0x10000<O_RDONLY|O_CLOEXEC>)

>  99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
>  99779 firefox  RET   open -1 errno 2 No such file or directory

By the way, I also noticed this:

 99779 firefox  CALL  open(0x17ddbbba1e0,0x30000<O_RDONLY|O_CLOEXEC|O_DIRECTORY>)
 99779 firefox  NAMI  "/usr/local/lib/firefox"
 99779 firefox  RET   open -1 errno 2 No such file or directory

unveil.gpu and unveil.main have a line for that dir, but unveil.content
does not.

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Landry Breuil-5
In reply to this post by Tim van der Molen-4
On Sun, Nov 10, 2019 at 12:58:50PM +0100, Tim van der Molen wrote:

> Landry Breuil (2019-11-08 23:48 +0100):
> > https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> > this branch, and i'm running it now. This needs more testing from anyone
> > actually using firefox in weird environments so that we figure out more
> > missing paths.
>
> Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
> I can reproduce this with an empty homedir and an audio-only .ogg file
> in /tmp.
>
> Firefox writes this to stderr:
>
> [Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
> [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
> [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
> [Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
>
> ktrace -di shows this:
>
>  99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
>  99779 firefox  RET   open -1 errno 2 No such file or directory

I finally had time to properly dig ainto this, and indeed it tries to
dlopen this file in
https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#285
- i dont really remember this parts, alex was it here last you worked on
  the cubeb sndio backend ? this code is coming from
https://bugzilla.mozilla.org/show_bug.cgi?id=1575883, which comes
from upstream cubeb in
https://github.com/kinetiknz/cubeb/commit/9eb4c89535fdf3726900231a804aa35e19b9f93c,
which in the end came from https://github.com/kinetiknz/cubeb/pull/539
where jan beich (the freebsd mozilla porter, in cc) moved from linking to libsndio
to dlopening at runtime.

I have to admit that now that we move towards unveil, dlopen() feels awkward,
especially with the version number hardcoded. I dont want to hardcode
libsndio.so.7.0 in the unveil config... and i dunno if having
/usr/lib/libsndio.so would work.

I guess one of the options is to set DISABLE_LIBSNDIO_DLOPEN (cf
https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#26)
but then one would need to readd sndio to the libs linked (i dont see
this done in the build system yet), and i'm not sure this codepath was
tested much.. alex, what's your take on this ?

Landry

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Theo de Raadt-2
Landry Breuil <[hidden email]> wrote:

> I have to admit that now that we move towards unveil, dlopen() feels awkward,
> especially with the version number hardcoded. I dont want to hardcode
> libsndio.so.7.0 in the unveil config... and i dunno if having
> /usr/lib/libsndio.so would work.

Yes, it should make you feel uncomfortable.

dlopen() will also put you in a position of needing pledge "prot_exec",
so ld.so can PROT_EXEC the loaded text segments.  Of course there's few
things an attacker wants as much as a fully operational mprotect system
call to rop-pivot through.

There are no programs trying to act this way in base, and the other
major pledge/unveil program in ports are organized to avoid late
dlopen().

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Landry Breuil-5
In reply to this post by Landry Breuil-5
On Tue, Nov 12, 2019 at 08:32:29AM +0100, Landry Breuil wrote:

> On Sun, Nov 10, 2019 at 12:58:50PM +0100, Tim van der Molen wrote:
> > Landry Breuil (2019-11-08 23:48 +0100):
> > > https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> > > this branch, and i'm running it now. This needs more testing from anyone
> > > actually using firefox in weird environments so that we figure out more
> > > missing paths.
> >
> > Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
> > I can reproduce this with an empty homedir and an audio-only .ogg file
> > in /tmp.
> >
> > Firefox writes this to stderr:
> >
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
> > [Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
> >
> > ktrace -di shows this:
> >
> >  99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
> >  99779 firefox  RET   open -1 errno 2 No such file or directory
>
> I finally had time to properly dig ainto this, and indeed it tries to
> dlopen this file in
> https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#285
> - i dont really remember this parts, alex was it here last you worked on
>   the cubeb sndio backend ? this code is coming from
> https://bugzilla.mozilla.org/show_bug.cgi?id=1575883, which comes
> from upstream cubeb in
> https://github.com/kinetiknz/cubeb/commit/9eb4c89535fdf3726900231a804aa35e19b9f93c,
> which in the end came from https://github.com/kinetiknz/cubeb/pull/539
> where jan beich (the freebsd mozilla porter, in cc) moved from linking to libsndio
> to dlopening at runtime.
>
> I have to admit that now that we move towards unveil, dlopen() feels awkward,
> especially with the version number hardcoded. I dont want to hardcode
> libsndio.so.7.0 in the unveil config... and i dunno if having
> /usr/lib/libsndio.so would work.

Tested, and unveiling /usr/lib/libsndio.so didnt work.

> I guess one of the options is to set DISABLE_LIBSNDIO_DLOPEN (cf
> https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#26)
> but then one would need to readd sndio to the libs linked (i dont see
> this done in the build system yet), and i'm not sure this codepath was
> tested much.. alex, what's your take on this ?

The following (completely untested) diff might achieve that:

diff --git a/media/libcubeb/src/moz.build b/media/libcubeb/src/moz.build
--- a/media/libcubeb/src/moz.build
+++ b/media/libcubeb/src/moz.build
@@ -44,16 +44,17 @@ if CONFIG['MOZ_JACK']:
     ]
     DEFINES['USE_JACK'] = True
 
 if CONFIG['OS_ARCH'] == 'OpenBSD':
     SOURCES += [
         'cubeb_sndio.c',
     ]
     DEFINES['USE_SNDIO'] = True
+    DEFINES['DISABLE_LIBSNDIO_DLOPEN'] = True
 
 if CONFIG['OS_TARGET'] == 'Darwin':
     SOURCES += [
         'cubeb_audiounit.cpp',
         'cubeb_resampler.cpp'
     ]
     if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
         SOURCES += [
diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
--- a/toolkit/library/moz.build
+++ b/toolkit/library/moz.build
@@ -260,16 +260,21 @@ if not CONFIG['MOZ_TREE_PIXMAN']:
 if CONFIG['HAVE_CLOCK_MONOTONIC']:
     OS_LIBS += CONFIG['REALTIME_LIBS']
 
 OS_LIBS += CONFIG['ICONV_LIBS']
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('cocoa', 'uikit'):
     OS_LIBS += CONFIG['TK_LIBS']
 
+if CONFIG['OS_ARCH'] == 'OpenBSD':
+    OS_LIBS += [
+        'sndio',
+    ]
+
 if CONFIG['MOZ_ENABLE_DBUS']:
     OS_LIBS += CONFIG['MOZ_DBUS_GLIB_LIBS']
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gtk':
     OS_LIBS += [l for l in CONFIG['TK_LIBS']
         if l not in ('-lgtk-3', '-lgdk-3')]
     OS_LIBS += CONFIG['XLDFLAGS']
     OS_LIBS += CONFIG['XLIBS']

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Alexandre Ratchov-2
In reply to this post by Landry Breuil-5
On Tue, Nov 12, 2019 at 08:32:29AM +0100, Landry Breuil wrote:

> On Sun, Nov 10, 2019 at 12:58:50PM +0100, Tim van der Molen wrote:
> > Landry Breuil (2019-11-08 23:48 +0100):
> > > https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> > > this branch, and i'm running it now. This needs more testing from anyone
> > > actually using firefox in weird environments so that we figure out more
> > > missing paths.
> >
> > Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
> > I can reproduce this with an empty homedir and an audio-only .ogg file
> > in /tmp.
> >
> > Firefox writes this to stderr:
> >
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
> > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
> > [Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
> >
> > ktrace -di shows this:
> >
> >  99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
> >  99779 firefox  RET   open -1 errno 2 No such file or directory
>
> I finally had time to properly dig ainto this, and indeed it tries to
> dlopen this file in
> https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#285
> - i dont really remember this parts, alex was it here last you worked on
>   the cubeb sndio backend ? this code is coming from
> https://bugzilla.mozilla.org/show_bug.cgi?id=1575883, which comes
> from upstream cubeb in
> https://github.com/kinetiknz/cubeb/commit/9eb4c89535fdf3726900231a804aa35e19b9f93c,
> which in the end came from https://github.com/kinetiknz/cubeb/pull/539
> where jan beich (the freebsd mozilla porter, in cc) moved from linking to libsndio
> to dlopening at runtime.

This part is new, I've seen Jan Beich diff, but missed the
DISABLE_LIBSNDIO_DLOPEN bits.

> I guess one of the options is to set DISABLE_LIBSNDIO_DLOPEN (cf
> https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#26)
> but then one would need to readd sndio to the libs linked (i dont see
> this done in the build system yet), and i'm not sure this codepath was
> tested much.. alex, what's your take on this ?

IMHO we should use DISABLE_LIBSNDIO_DLOPEN as in the diff you proposed
in your other mail; this would also help catching bugs by not
disabling compiler type checks.

Reply | Threaded
Open this post in threaded view
|

Re: [wip] firefox 71.0b8 with unveil integration

Landry Breuil-5
On Tue, Nov 12, 2019 at 12:21:04PM +0100, Alexandre Ratchov wrote:

> On Tue, Nov 12, 2019 at 08:32:29AM +0100, Landry Breuil wrote:
> > On Sun, Nov 10, 2019 at 12:58:50PM +0100, Tim van der Molen wrote:
> > > Landry Breuil (2019-11-08 23:48 +0100):
> > > > https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from
> > > > this branch, and i'm running it now. This needs more testing from anyone
> > > > actually using firefox in weird environments so that we figure out more
> > > > missing paths.
> > >
> > > Firefox doesn't play audio unless I add "/usr/lib r" to unveil.content.
> > > I can reproduce this with an empty homedir and an audio-only .ogg file
> > > in /tmp.
> > >
> > > Firefox writes this to stderr:
> > >
> > > [Child 99779, MediaDecoderStateMachine #1] WARNING: 17d3e855100 Can't get cubeb context!: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/AudioStream.cpp, line 281
> > > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 [OnMediaSinkAudioError]: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3639
> > > [Child 99779, MediaDecoderStateMachine #1] WARNING: Decoder=17d3db0c800 Decode error: NS_ERROR_DOM_MEDIA_MEDIASINK_ERR (0x806e000b) - OnMediaSinkAudioError: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/dom/media/MediaDecoderStateMachine.cpp, line 3308
> > > [Parent 6521, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /usr/ports/pobj/firefox-71.0beta8/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
> > >
> > > ktrace -di shows this:
> > >
> > >  99779 firefox  NAMI  "/usr/lib/libsndio.so.7.0"
> > >  99779 firefox  RET   open -1 errno 2 No such file or directory
> >
> > I finally had time to properly dig ainto this, and indeed it tries to
> > dlopen this file in
> > https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#285
> > - i dont really remember this parts, alex was it here last you worked on
> >   the cubeb sndio backend ? this code is coming from
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1575883, which comes
> > from upstream cubeb in
> > https://github.com/kinetiknz/cubeb/commit/9eb4c89535fdf3726900231a804aa35e19b9f93c,
> > which in the end came from https://github.com/kinetiknz/cubeb/pull/539
> > where jan beich (the freebsd mozilla porter, in cc) moved from linking to libsndio
> > to dlopening at runtime.
>
> This part is new, I've seen Jan Beich diff, but missed the
> DISABLE_LIBSNDIO_DLOPEN bits.
>
> > I guess one of the options is to set DISABLE_LIBSNDIO_DLOPEN (cf
> > https://searchfox.org/mozilla-central/source/media/libcubeb/src/cubeb_sndio.c#26)
> > but then one would need to readd sndio to the libs linked (i dont see
> > this done in the build system yet), and i'm not sure this codepath was
> > tested much.. alex, what's your take on this ?
>
> IMHO we should use DISABLE_LIBSNDIO_DLOPEN as in the diff you proposed
> in your other mail; this would also help catching bugs by not
> disabling compiler type checks.

I've tested the proposed diff and it indeed does the right thing, ie it
links libxul.so with libsndio, and i can play sound with unveil enabled
without having to unveil /usr/lib/libsndio.so.7.0.

If ppl want to test it, the firefox-71.0beta9 package on my repo
contains
https://cgit.rhaalovely.net/mozilla-firefox/commit/?h=unveil&id=ed3d4671090ec2449cb9ab935a923862275f43d6
which i'm going to push upstream. Or rebuild the port from the git
branch..

Landry