Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(491)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1559012: 1. Create a new sandbox type which allows access to Unix sockets in the Mac... (Closed)

Created:
10 years, 8 months ago by Mark Schneckloth
Modified:
9 years, 7 months ago
CC:
chromium-reviews, jam+cc_chromium.org, ben+cc_chromium.org, John Grabowski, brettw-cc_chromium.org, pam+watch_chromium.org, Paweł Hajdan Jr., darin-cc_chromium.org, native-client-reviews_googlegroups.com
Visibility:
Public.

Description

1. Create a new sandbox type which allows access to Unix sockets in the Mac renderer sandbox to support running Native Client. 2. Put the Native Client sel_ldr (which contains the user's untrusted code) into a new Mac sandbox type. 3. Open /dev/random in SandboxWarmup(). 4. Remove the "--nosandbox" flag when running Mac tests. See http://codereview.chromium.org/1234003/show and http://codereview.chromium.org/1525005/show which were both reverted because of problems on Mac 10.6. This change is identical except for the ";NACL" lines in renderer.sb files and the corresponding lines in nacl-loader.sb. Unix socket support for the sandbox changed considerably from 10.5 to 10.6. BUG=http://code.google.com/p/nativeclient/issues/detail?id=327 TEST=nacl_ui_tests still pass while running in the sandbox. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=43473

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+121 lines, -9 lines) Patch
M base/rand_util_c.h View 1 chunk +3 lines, -0 lines 0 comments Download
A chrome/browser/nacl-loader.sb View 1 chunk +39 lines, -0 lines 0 comments Download
M chrome/chrome_browser.gypi View 1 chunk +1 line, -0 lines 0 comments Download
M chrome/common/sandbox_init_wrapper_mac.cc View 2 chunks +15 lines, -4 lines 0 comments Download
M chrome/common/sandbox_mac.h View 1 chunk +9 lines, -1 line 0 comments Download
M chrome/common/sandbox_mac.mm View 6 chunks +38 lines, -0 lines 0 comments Download
M chrome/renderer/renderer.sb View 1 chunk +15 lines, -1 line 0 comments Download
M chrome/test/nacl/nacl_test.cc View 1 chunk +1 line, -3 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Mark Schneckloth
10 years, 8 months ago (2010-04-01 21:48:05 UTC) #1
John Grabowski
Could you be a little more specific about which tests you ran before sending this ...
10 years, 8 months ago (2010-04-01 22:33:08 UTC) #2
Mark Schneckloth
Hi, I borrowed someone's (personal) 10.6 laptop and ran a bunch of experiments to determine ...
10 years, 8 months ago (2010-04-01 22:42:47 UTC) #3
John Grabowski
LGTM I disagree with Jeremy about splitting the sandbox profile out since cut-and-paste sucks. I ...
10 years, 8 months ago (2010-04-01 23:42:13 UTC) #4
Mark Schneckloth
10 years, 8 months ago (2010-04-02 00:59:07 UTC) #5 
I entered a bug for Jeremy to refactor the configs using common stuff in
included files to avoid replication.

Mark
- Sent from my phone.

On Apr 1, 2010 4:42 PM, <jrg@chromium.org> wrote:

LGTM

I disagree with Jeremy about splitting the sandbox profile out since
cut-and-paste sucks.  I also think we'll forget to update both when we
update
one.  But oh well.




http://codereview.chromium.org/1559012

Powered by Google App Engine
This is Rietveld 408576698