| Index: chrome/browser/zygote_host_linux.cc
|
| diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
|
| index afa55da39506321ca4121cad9fa74191ad12a0c6..54af6014991766f2cbfaec178cef889bf5f2ef73 100644
|
| --- a/chrome/browser/zygote_host_linux.cc
|
| +++ b/chrome/browser/zygote_host_linux.cc
|
| @@ -7,6 +7,7 @@
|
| #include <unistd.h>
|
| #include <sys/types.h>
|
| #include <sys/socket.h>
|
| +#include <sys/stat.h>
|
|
|
| #include "base/command_line.h"
|
| #include "base/eintr_wrapper.h"
|
| @@ -14,9 +15,11 @@
|
| #include "base/path_service.h"
|
| #include "base/pickle.h"
|
| #include "base/process_util.h"
|
| +#include "base/string_util.h"
|
| #include "base/unix_domain_socket_posix.h"
|
|
|
| #include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
|
| +#include "chrome/common/chrome_constants.h"
|
| #include "chrome/common/chrome_switches.h"
|
|
|
| ZygoteHost::ZygoteHost() {
|
| @@ -39,6 +42,21 @@ ZygoteHost::ZygoteHost() {
|
| cmd_line.PrependWrapper(prefix);
|
| }
|
|
|
| + const std::string kSandboxPath =
|
| + WideToASCII(std::wstring(L"/var/run/") +
|
| + chrome::kBrowserProcessExecutableName +
|
| + L"-sandbox");
|
| +
|
| + const std::string sandbox_bin = WideToASCII(chrome_path) + "-sandbox";
|
| + struct stat st;
|
| + if (access(sandbox_bin.c_str(), X_OK) == 0 &&
|
| + stat(sandbox_bin.c_str(), &st) == 0 &&
|
| + (st.st_mode & S_ISUID) &&
|
| + (st.st_mode & S_IXOTH) &&
|
| + access(kSandboxPath.c_str(), F_OK) == 0) {
|
| + cmd_line.PrependWrapper(chrome_path + L"-sandbox");
|
| + }
|
| +
|
| // Start up the sandbox host process and get the file descriptor for the
|
| // renderers to talk to it.
|
| const int sfd = Singleton<RenderSandboxHostLinux>()->GetRendererSocket();
|
|
|
Chromium Code Reviews
Issue 149230:
Linux: SUID sandbox support (Closed)
