Dmitry Vyukov

> Yet another angle to tackle this (e.g. to make less harmful attributes do not persist after an executor run) would be to do chattr -R = / on executor...

> We need to reset the attributes before preparing to every program execution, what would be the best place to do so? This looks expensive. We would need to read...

> Given that we cannot reliably mount tmpfs (see above) Do you mean this one? > Hmm, some tests start failing when I am trying to mount tmpfs in do_sandbox_none()....

> What tests have failed? Were they for linux, or test OS? For which OSes have you changed sandbox setup? I don't see where we run test programs for Linux...

If mount was failing, changing attribute of every file on the disk will fail too, right. Both things are not something that tests should be doing. But I had memories...

Also see [IPC Fuzzing with Snapshots](https://blog.mozilla.org/attack-and-defense/2024/06/24/ipc-fuzzing-with-snapshots/).

> We do not specify any coverage filters in their configuration. The coverage filter object is also used to track max cover, so it's always used when coverage is enabled.

Yes, pulling all 100K entries in /sys/ looks like too much. And there will probably be more dangerous ones that we will need to filter out. #4905 switches this to...

With #4905 glob will continue to work as it is now (except that matched directories will be filters out).

CC @eprucka3 @kalder since this touches Android modules support.