Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(377)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/platform/minijail/env.cc

Issue 1570004: waitpid() on the child process when changing namespaces (Closed)
Patch Set: use waitpid status properly Created 10 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // Some portions Copyright (c) 2009 The Chromium Authors. 4 // Some portions Copyright (c) 2009 The Chromium Authors.
5 // 5 //
6 // Default implementation of the Env interface. 6 // Default implementation of the Env interface.
7 7
8 #include "minijail/env.h" 8 #include "minijail/env.h"
9 9
10 #include <asm/unistd.h> 10 #include <asm/unistd.h>
11 #include <errno.h> 11 #include <errno.h>
12 #include <fcntl.h> 12 #include <fcntl.h>
13 #include <grp.h> 13 #include <grp.h>
14 #include <pwd.h> 14 #include <pwd.h>
15 #include <sched.h> 15 #include <sched.h>
16 #include <signal.h> 16 #include <signal.h>
17 #include <stdarg.h> 17 #include <stdarg.h>
18 #include <stdbool.h> 18 #include <stdbool.h>
19 #include <stdio.h> 19 #include <stdio.h>
20 #include <stdlib.h> 20 #include <stdlib.h>
21 #include <string.h> 21 #include <string.h>
22 #include <sys/capability.h> 22 #include <sys/capability.h>
23 #include <sys/mount.h> 23 #include <sys/mount.h>
24 #include <sys/prctl.h> 24 #include <sys/prctl.h>
25 #include <sys/resource.h> 25 #include <sys/resource.h>
26 #include <sys/socket.h> 26 #include <sys/socket.h>
27 #include <sys/stat.h> 27 #include <sys/stat.h>
28 #include <sys/time.h> 28 #include <sys/time.h>
29 #include <sys/types.h> 29 #include <sys/types.h>
30 #include <sys/wait.h>
30 #include <unistd.h> 31 #include <unistd.h>
31 32
32 #include <base/logging.h> 33 #include <base/logging.h>
33 34
34 // prctl constants that are still missing in the headers. 35 // prctl constants that are still missing in the headers.
35 #define PR_GET_KEEPCAPS 7 36 #define PR_GET_KEEPCAPS 7
36 #define PR_SET_KEEPCAPS 8 37 #define PR_SET_KEEPCAPS 8
37 #define PR_CAPBSET_READ 23 38 #define PR_CAPBSET_READ 23
38 #define PR_CAPBSET_DROP 24 39 #define PR_CAPBSET_DROP 24
39 #define PR_GET_SECUREBITS 27 40 #define PR_GET_SECUREBITS 27
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after
196 } 197 }
197 DLOG(INFO) << "Entering namespaces " << namespaces; 198 DLOG(INFO) << "Entering namespaces " << namespaces;
198 // TODO(wad) support namespace args 199 // TODO(wad) support namespace args
199 const pid_t pid = syscall( 200 const pid_t pid = syscall(
200 __NR_clone, namespaces | CLONE_VFORK | SIGCHLD, 0, 0, 0); 201 __NR_clone, namespaces | CLONE_VFORK | SIGCHLD, 0, 0, 0);
201 if (pid == -1) { 202 if (pid == -1) {
202 PLOG(FATAL) << "Could not use PID namespacing"; 203 PLOG(FATAL) << "Could not use PID namespacing";
203 return false; 204 return false;
204 } 205 }
205 if (pid) { 206 if (pid) {
207 // We want to wait on the child pid to ensure that pid-tracking code
208 // isn't completely broken.
209 int status = 0;
210 waitpid(pid, &status, 0);
206 // Kill the original process without atexit handlers. 211 // Kill the original process without atexit handlers.
207 DLOG(INFO) << "original process death:" << pid; 212 DLOG(INFO) << "jailed process death:" << pid;
208 _exit(0); 213 if (WIFEXITED(status)) {
214 _exit(WEXITSTATUS(status));
215 }
216 if (WIFSIGNALED(status)) {
217 _exit(WTERMSIG(status));
218 }
219 DLOG(INFO) << "unknown terminal condition for child";
220 _exit(1);
209 } 221 }
210 DLOG(INFO) << "Success: " << getpid(); 222 DLOG(INFO) << "Success: " << getpid();
211 return true; 223 return true;
212 } 224 }
213 225
214 bool Env::Mount() const { 226 bool Env::Mount() const {
215 DLOG(INFO) << "Attempting to mount /proc RO."; 227 DLOG(INFO) << "Attempting to mount /proc RO.";
216 if (mount("proc", 228 if (mount("proc",
217 "/proc", 229 "/proc",
218 "proc", 230 "proc",
(...skipping 11 matching lines...) Expand all
230 for (char * const* arg = argv; *arg; ++arg) { 242 for (char * const* arg = argv; *arg; ++arg) {
231 DLOG(INFO) << "-> " << *arg; 243 DLOG(INFO) << "-> " << *arg;
232 } 244 }
233 execve(path, argv, envp); 245 execve(path, argv, envp);
234 PLOG(FATAL) << "failed to execute " << path; 246 PLOG(FATAL) << "failed to execute " << path;
235 return false; 247 return false;
236 } 248 }
237 249
238 } // namespace minijail 250 } // namespace minijail
239 } // namespace chromeos 251 } // namespace chromeos
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698