src/platform/minijail/minijail.cc - Issue 465106: Add build and package support to minijail

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: src/platform/minijail/minijail.cc

Issue 465106: Add build and package support to minijail (Closed)

Patch Set: Created 11 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved.	1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4 // Some portions Copyright (c) 2009 The Chromium Authors.	4 // Some portions Copyright (c) 2009 The Chromium Authors.

5 //	5 //

6 // Implements MiniJail jailing logic.	6 // Implements MiniJail jailing logic.

7	7

8 #include "minijail.h"	8 #include "minijail.h"

9	9

10 #include <errno.h>	10 #include <errno.h>

11	11

12 namespace chromeos {	12 namespace chromeos {

13	13

14 bool MiniJail::Jail() const {	14 bool MiniJail::Jail() const {

15 // XXX This is a very early implementation of the jailing logic.	15 // XXX This is a very early implementation of the jailing logic.

16 // XXX Many features are missing or will be made more tunable.	16 // XXX Many features are missing or will be made more tunable.

17 const minijail::Options *opts = options();	17 const minijail::Options *opts = options();

	18 if (!opts) {

	19 LOG(ERROR) << "No Options given. Initialize must be called first "

	20 << "with a valid Option pointer.";

	21 return false;

	22 }

18 const minijail::Env *env = opts->env();	23 const minijail::Env *env = opts->env();

19	24

20 int namespaces = 0;	25 int namespaces = 0;

21 if (opts->namespace_pid())	26 if (opts->namespace_pid())

22 namespaces \|= CLONE_NEWPID;	27 namespaces \|= CLONE_NEWPID;

23 if (opts->namespace_vfs())	28 if (opts->namespace_vfs())

24 namespaces \|= CLONE_NEWNS;	29 namespaces \|= CLONE_NEWNS;

25 // Dumb forced exit on failure.	30 // Dumb forced exit on failure.

26 LOG_IF(FATAL, !env->EnterNamespace(namespaces));	31 LOG_IF(FATAL, !env->EnterNamespace(namespaces));

27	32

(...skipping 29 matching lines...) Expand all Loading...
57	62

58 if (opts->use_capabilities()) {	63 if (opts->use_capabilities()) {

59 // TODO(wad) use helpers to read caps from flags	64 // TODO(wad) use helpers to read caps from flags

60 LOG_IF(FATAL, !env->SanitizeCapabilities(0));	65 LOG_IF(FATAL, !env->SanitizeCapabilities(0));

61 LOG_IF(FATAL, !env->SanitizeBoundingSet(0));	66 LOG_IF(FATAL, !env->SanitizeBoundingSet(0));

62 }	67 }

63 return true;	68 return true;

64 }	69 }

65	70

66 } // namespace chromeos	71 } // namespace chromeos

OLD	NEW

« no previous file with comments | « src/platform/minijail/minijail.h ('k') | src/platform/minijail/minijail_unittest.cc » ('j') | no next file with comments »