[GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled

https://bugs.webkit.org/show_bug.cgi?id=140069

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2015-01-05
Reviewed by Philippe Normand.

If seccomp filters are enabled, any child processes we create are doomed
if they try to use a trapped syscall: the child will receive SIGSYS and
dump core. There appears to be no way around this.

Fortunately, the gstreamer developers had mad prescience and provided
us with a way to move plugin scanning in-process, so we don't need the
helper binary at all.

No new tests because this is covered by existing tests when seccomp
filters are enabled.

* platform/graphics/gstreamer/GStreamerUtilities.cpp:
(WebCore::initializeGStreamer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@177896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index e3e4d9a..a3d920a 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2015-01-05  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [GStreamer] Disable gst-plugin-scanner if seccomp filters are enabled
+        https://bugs.webkit.org/show_bug.cgi?id=140069
+
+        Reviewed by Philippe Normand.
+
+        If seccomp filters are enabled, any child processes we create are doomed
+        if they try to use a trapped syscall: the child will receive SIGSYS and
+        dump core. There appears to be no way around this.
+
+        Fortunately, the gstreamer developers had mad prescience and provided
+        us with a way to move plugin scanning in-process, so we don't need the
+        helper binary at all.
+
+        No new tests because this is covered by existing tests when seccomp
+        filters are enabled.
+
+        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
+        (WebCore::initializeGStreamer):
+
 2015-01-04  Darin Adler  <darin@apple.com>
 
         * dom/DocumentFragment.cpp:

diff --git a/Source/WebCore/platform/graphics/gstreamer/GStreamerUtilities.cpp b/Source/WebCore/platform/graphics/gstreamer/GStreamerUtilities.cpp
index bce418d..4d7735d 100644 (file)
--- a/Source/WebCore/platform/graphics/gstreamer/GStreamerUtilities.cpp
+++ b/Source/WebCore/platform/graphics/gstreamer/GStreamerUtilities.cpp
@@ -132,6 +132,14 @@ bool initializeGStreamer()
     if (gst_is_initialized())
         return true;
 
+#if ENABLE(SECCOMP_FILTERS)
+    // The gst-plugin-scanner helper binary will receive SIGSYS and dump core
+    // when it attempts to open a file. Disable it so that plugin scanning
+    // occurs in-process. The disadvantage is that a plugin that crashes while
+    // loading will now crash the web process.
+    gst_registry_fork_set_enabled(FALSE);
+#endif
+
     GUniqueOutPtr<GError> error;
     // FIXME: We should probably pass the arguments from the command line.
     bool gstInitialized = gst_init_check(0, 0, &error.outPtr());