I see regular crashes of content process with: Sandbox: Sandbox: SandboxBroker: denied op=1 rflags=5 perms=3 path=/usr/share/X11/xkb for pid=24892 error="No such file or directory" SandboxBroker: denied op=1 rflags=5 perms=3 path=/usr/share/X11/xkb for pid=6232 error="No such file or directory" Sandbox: SandboxBroker: denied op=1 rflags=5 perms=3 path=/usr/share/X11/xkb for pid=6146 error="No such file or directory" Sandbox: Rejected errno -13 op 1 flags 05 path /usr/share/X11/xkb Sandbox: Rejected errno -13 op 1 flags 05 path /usr/share/X11/xkb access(/usr/share/X11/xkb) -> Permission denied the /usr/share/X11/xkb directory contains keyboard input config and it's accessed by libxkbcommon library which is a part of Gtk/Gnome on linux: [komat@localhost ~]$ ll /usr/share/X11 total 88 drwxr-xr-x. 2 root root 4096 Jul 24 10:21 app-defaults drwxr-xr-x. 7 root root 4096 Feb 12 06:38 fonts drwxr-xr-x. 64 root root 4096 Jun 16 09:24 locale -rw-r--r-- 1 root root 17975 Feb 12 06:44 rgb.txt drwxr-xr-x 2 root root 4096 Jun 16 09:31 x11perfcomp -rw-r--r-- 1 root root 42077 Sep 3 2015 XErrorDB drwxr-xr-x. 8 root root 4096 Jun 1 00:53 xkb drwxr-xr-x. 2 root root 4096 Jun 16 09:39 xorg.conf.d [komat@localhost ~]$ ll /usr/share/X11/xkb total 24 drwxr-xr-x. 2 root root 4096 Jun 16 09:23 compat drwxr-xr-x. 4 root root 4096 Jun 16 09:23 geometry drwxr-xr-x. 4 root root 4096 Jun 16 09:23 keycodes drwxr-xr-x. 2 root root 4096 Jun 16 09:23 rules drwxr-xr-x. 14 root root 4096 Jun 16 09:42 symbols drwxr-xr-x. 2 root root 4096 Jun 16 09:23 types

Distro is Fedora 26 with latest mozilla-central.

/usr/share is whitelisted: https://dxr.mozilla.org/mozilla-central/rev/36f95aeb4c77f7cf3b3366583008cd6e4b6b1dba/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#102 Also, the errors have "op=1" instead of "op=access", which means they're being made by the AuditPermissive mode, yet they have "denied" instead of "would have denied". Are you sure your m-c is current? Do you have something special related to the sandbox in the environment?

That looks like a version of m-c from before bug 1308400, which is where that error message changed to use operation names (and remove the meaningless errno). I think the problem might be that it's passing R_OK|X_OK, not just R_OK, and we consider nothing “executable”[1]. That more or less makes sense for regular files, given that execve() is not allowed, although I don't know if it makes any difference to do that vs. return the actual executability. However, this is a directory, and any directory that's MAY_ACCESS in the policy and X_OK for real is effectively X_OK for the client. See also bug 1382246 — the reason why the brokered access() doesn't call the real access() is no longer relevant. [1] https://searchfox.org/mozilla-central/rev/bbc1c59e460a27b20929b56489e2e55438de81fa/security/sandbox/linux/broker/SandboxBroker.cpp#344

I tested latest trunk, still crashes. There's the output: Sandbox: SandboxBroker: denied op=access rflags=5 perms=3 path=/usr/share/X11/xkb for pid=5676 Sandbox: SandboxBroker: denied op=access rflags=5 perms=3 path=/usr/share/X11/xkb for pid=5730 Sandbox: Failed errno -13 op 1 flags 05 path /usr/share/X11/xkb Sandbox: Failed errno -13 op 1 flags 05 path /usr/share/X11/xkb access(/usr/share/X11/xkb) -> Permission denied

I don't know if this has any observable interaction with bug 1292249, but I'm noting it for future reference.

Comment on attachment 8895160 [details] Bug 1386279 - Renovate Linux sandbox file broker handling of access(). https://reviewboard.mozilla.org/r/166300/#review171780

Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c0838ed41842 Renovate Linux sandbox file broker handling of access(). r=gcp

Also, I looked at upstream libxkbcommon, and it seems to use eaccess(), which glibc emulates imperfectly on top of stat() because Linux doesn't support it (nor faccessat with AT_EACCESS; Linux's faccessat doesn't take flags at all). If Fedora has local patches to use access() instead, that might explain why this showed up only on Fedora.