After enabling file-read restrictions in our content sandbox in bug 1332190, launching Firefox and browsing triggers some sandbox violations to be logged in the Console app. Three new ones are SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /Applications SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /Users SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /usr We should investigate these and, when possible, remove the offending code from the content process to avoid these messages. In newer versions of OS X (10.12+), there is a large amount of data being logged in Console and I don't think these are likely to trigger lots of bugs being filed, but they could be seen as alarming to anyone examining Console output.

I seem to recall these being related to |dlopen|, I'm not sure what the right solution would be if my memory is correct.

To reiterate, some SandboxViolations attributed to plugin-container in Console are triggered by code we don't have control over such as OS X libraries. So we won't be able to eliminate all these messages and seeing them does not necessarily mean we have a bug in Firefox that needs a fix. Where the message does turn out to be triggered by Firefox code, we want to fix that because it means we're wasting cycles trying to read directories that are not available to the content process.

Here's one (potentially avoidable) stack that is triggering a sandbox violation by calling getattrlist(2) on the home directory. -- plugin-container(31772) deny file-read-metadata /Users/haik Process: plugin-container [31772] Path: /Applications/FirefoxNightly.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container Load Address: 0x108c74000 Identifier: org.mozilla.plugincontainer Version: 1.0 (???) Code Type: x86_64 (Native) Parent Process: firefox [24247] User ID: 501 Date/Time: 2017-07-24 09:26:30.498 -0700 OS Version: Mac OS X 10.11.6 (15G1611) Report Version: 8 Thread 0: 0 libsystem_kernel.dylib 0x00007fff8bde56d2 __getattrlist + 10 1 CarbonCore 0x00007fff92049439 PathGetObjectInfo(char const*, unsigned int, unsigned int, short*, unsigned int*, unsigned int*, char*, unsigned int*, unsigned char*, unsigned int*) + 199 2 CarbonCore 0x00007fff920492bd FSPathMakeRefInternal(unsigned char const*, unsigned int, unsigned int, FSRef*, unsigned char*) + 111 3 CoreFoundation 0x00007fff8f416e51 _CFGetFSRefFromURL + 225 4 CoreFoundation 0x00007fff8f416d55 CFURLGetFSRef + 37 5 CarbonCore 0x00007fff9205910b GetUserDomainRootRef + 219 6 CarbonCore 0x00007fff92058f79 GetDomainRootRef + 297 7 CarbonCore 0x00007fff92058def ResolveSpecialFolder + 48 8 CarbonCore 0x00007fff920587ff FindFolderGuts + 963 9 CarbonCore 0x00007fff920583dd FSFindFolder + 152 10 XUL 0x000000010901fe66 GetOSXFolderType(short, unsigned int, nsIFile**) + 166 11 XUL 0x000000010902483b nsDirectoryService::GetFile(char const*, bool*, nsIFile**) + 1355 12 XUL 0x0000000109023a79 FindProviderFile(nsIDirectoryServiceProvider*, FileData*) + 297 13 XUL 0x0000000109023880 nsDirectoryService::Get(char const*, nsID const&, void**) + 432 14 XUL 0x000000010ad8fb46 mozilla::GetPathToSpecialDir(char const*, nsString&) + 118 15 XUL 0x000000010ad8ffa6 mozilla::InitOSFileConstants() + 854 16 XUL 0x000000010ade0b80 mozilla::dom::workers::RuntimeService::Init() + 1712 17 XUL 0x000000010ade04a3 mozilla::dom::workers::RuntimeService::GetOrCreateService() + 403 18 XUL 0x000000010ae3788b mozilla::dom::workers::WorkerPrivate::Constructor(JSContext*, nsAString const&, bool, mozilla::dom::WorkerType, nsAString const&, nsACString const&, mozilla::dom::workers::WorkerLoadInfo*, mozilla::ErrorResult&) + 699 19 XUL 0x000000010ae374a9 mozilla::dom::workers::WorkerPrivate::Constructor(mozilla::dom::GlobalObject const&, nsAString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) + 73 20 XUL 0x000000010a427897 mozilla::dom::WorkerBinding::_constructor(JSContext*, unsigned int, JS::Value*) + 695 21 XUL 0x000000010c640959 InternalConstruct(JSContext*, js::AnyConstructArgs const&) + 473 22 XUL 0x000000010c64076e js::ConstructFromStack(JSContext*, JS::CallArgs const&) + 174 23 XUL 0x000000010c63ab3f Interpret(JSContext*, js::RunState&) + 35807 24 XUL 0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476 25 XUL 0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125 26 XUL 0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41 27 XUL 0x000000010c9a1a89 js::fun_apply(JSContext*, unsigned int, JS::Value*) + 921 28 XUL 0x000000010c64013c js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 860 29 XUL 0x000000010c6d294c js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) + 988 30 0x00000a3d23a07107 31 0x000000012e51aaa0 32 0x00000a3d23d14571 33 0x000000012e509920 34 0x00000a3d23d14571 35 0x000000012e5082e0 36 0x00000a3d23d14571 37 0x000000012cf06550 38 0x00000a3d23d14571 39 0x000000012e50d7c0 40 0x00000a3d23d14571 41 0x000000012d0a3530 42 0x00000a3d23d14571 43 0x000000012d1c64b8 44 0x00000a3d239fb8aa 45 XUL 0x000000010c6decf7 EnterBaseline(JSContext*, js::jit::EnterJitData&) + 327 46 XUL 0x000000010c6deb42 js::jit::EnterBaselineMethod(JSContext*, js::RunState&) + 226 47 XUL 0x000000010c63a5d2 Interpret(JSContext*, js::RunState&) + 34418 48 XUL 0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476 49 XUL 0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125 50 XUL 0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41 51 XUL 0x000000010c9a1a89 js::fun_apply(JSContext*, unsigned int, JS::Value*) + 921 52 XUL 0x000000010c64013c js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 860 53 XUL 0x000000010c63ab2a Interpret(JSContext*, js::RunState&) + 35786 54 XUL 0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476 55 XUL 0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125 56 XUL 0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41 57 XUL 0x000000010c965684 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) + 516 58 XUL 0x000000010a50ec02 mozilla::dom::Function::Call(JSContext*, JS::Handle<JS::Value>, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) + 1138 59 XUL 0x0000000109df66c6 nsGlobalWindow::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) + 662 60 XUL 0x0000000109e889cc mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&) + 1996 61 XUL 0x0000000109e83d51 mozilla::dom::TimeoutExecutor::MaybeExecute() + 161 62 XUL 0x0000000109e83fc3 non-virtual thunk to mozilla::dom::TimeoutExecutor::Notify(nsITimer*) + 19 63 XUL 0x0000000109060397 nsTimerImpl::Fire(int) + 967 64 XUL 0x000000010904c16d nsTimerEvent::Run() + 221 65 XUL 0x0000000109052c19 mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() + 249 66 XUL 0x0000000109052a5d mozilla::ThrottledEventQueue::Inner::Executor::Run() + 13 67 XUL 0x0000000109048ed4 mozilla::SchedulerGroup::Runnable::Run() + 356 68 XUL 0x000000010905a1f1 nsThread::ProcessNextEvent(bool, bool*) + 1681 69 XUL 0x0000000109057866 NS_ProcessPendingEvents(nsIThread*, unsigned int) + 70 70 XUL 0x000000010b01e4e1 nsBaseAppShell::NativeEventCallback() + 113 71 XUL 0x000000010b078936 nsAppShell::ProcessGeckoEvents(void*) + 246 72 CoreFoundation 0x00007fff8f41b7e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 73 CoreFoundation 0x00007fff8f3faf0c __CFRunLoopDoSources0 + 556 74 CoreFoundation 0x00007fff8f3fa42f __CFRunLoopRun + 927 75 CoreFoundation 0x00007fff8f3f9e28 CFRunLoopRunSpecific + 296 76 HIToolbox 0x00007fff82f81935 RunCurrentEventLoopInMode + 235 77 HIToolbox 0x00007fff82f8176f ReceiveNextEventCommon + 432 78 HIToolbox 0x00007fff82f815af _BlockUntilNextEventMatchingListInModeWithFilter + 71 79 AppKit 0x00007fff8c336df6 _DPSNextEvent + 1067 80 AppKit 0x00007fff8c336226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 81 XUL 0x000000010b078006 -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 86 82 AppKit 0x00007fff8c32ad80 -[NSApplication run] + 682 83 XUL 0x000000010b078e50 nsAppShell::Run() + 208 84 XUL 0x000000010c44e8a1 XRE_RunAppShell() + 257 85 XUL 0x00000001094b6f79 MessageLoop::Run() + 73 86 XUL 0x000000010c44e5e7 XRE_InitChildProcess(int, char**, XREChildData const*) + 1783 87 plugin-container 0x0000000108c74ee9 main + 89 88 plugin-container 0x0000000108c74e84 start + 52

These won't be visible by default with the fix for bug 1383841.