On Sat, Jun 22, 2019 at 12:25:30PM +0200, Stephane HUC "PengouinBSD" wrote:
> HI
>
> On 6.5-current:
>
> As I wrote @ 1:46 AM, it seems OK!
>
> But, I experiment some troubles on my connexion:
>
> - unwanted SSH disconnections
>
> - on X, with Firefox, tabs crashed always in same time.
>
> Perhaps, for Firefox, it's a problem with pledge?
>
> I see thoses messages in /var/log/messages - egual on 'dmesg':
>
> Jun 22 11:21:21 ptb-z /bsd: firefox[19999]: pledge "flock", syscall 92
> Jun 22 11:21:21 ptb-z /bsd: firefox[17962]: pledge "flock", syscall 92
> Jun 22 11:21:22 ptb-z /bsd: firefox[47501]: pledge "flock", syscall 92
>
> (...)
>
> firefox[68021]: pledge "flock", syscall 92
> firefox[22469]: pledge "flock", syscall 92
> firefox[41244]: pledge "flock", syscall 92
>
> ???
This happens sometimes when firefox is calling into some library that
hits these syscalls, and those syscalls are not in the firefox pledge.
In my experience this is often some uncommon code path through X,
usually related to which graphics driver you are using, but it could be
anything. When I have this happen to me, it is always on specific
websites that trigger some rendering codepath through X that uses some
unusual way to allocate memory or something. In your case, it could also
be some extension you have loaded.
You can pretty easily see what is going wrong:
When a firefox tab crashes you should have a firefox.core file lying
around (usually in your $HOME, but it will be wherever you launched
firefox from). Run gdb on /usr/local/bin/firefox, and then load up the
core file. It will drop you into the spot where firefox was killed, and
you can check the backtrace to see what code path took you to the system
call that hasn't been pledged.
In this instance, firefox is calling fcntl, which is covered by the
"flock" pledge. You can add "flock" to the
security.sandbox.pledge.content line in about:config and see if that
makes it work for you. If you have at all modified the firefox content
or main pledges from their defaults, you should check to see if
reverting to their defaults helps ("flock" is in the main pledge by
default, but not in the content pledge).
Hope this helps.
