Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(104)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/zygote_main_linux.cc

Issue 647017: linux: enable seccomp sandbox by default (Closed)
Patch Set: better Created 10 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | chrome/common/chrome_switches.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <dlfcn.h> 5 #include <dlfcn.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <sys/epoll.h> 7 #include <sys/epoll.h>
8 #include <sys/prctl.h> 8 #include <sys/prctl.h>
9 #include <sys/signal.h> 9 #include <sys/signal.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 589 matching lines...) Expand 10 before | Expand all | Expand 10 after
600 600
601 bool ZygoteMain(const MainFunctionParams& params) { 601 bool ZygoteMain(const MainFunctionParams& params) {
602 #if !defined(CHROMIUM_SELINUX) 602 #if !defined(CHROMIUM_SELINUX)
603 g_am_zygote_or_renderer = true; 603 g_am_zygote_or_renderer = true;
604 #endif 604 #endif
605 605
606 #if defined(ARCH_CPU_X86_FAMILY) 606 #if defined(ARCH_CPU_X86_FAMILY)
607 // The seccomp sandbox needs access to files in /proc, which might be denied 607 // The seccomp sandbox needs access to files in /proc, which might be denied
608 // after one of the other sandboxes have been started. So, obtain a suitable 608 // after one of the other sandboxes have been started. So, obtain a suitable
609 // file handle in advance. 609 // file handle in advance.
610 if (CommandLine::ForCurrentProcess()->HasSwitch( 610 if (!CommandLine::ForCurrentProcess()->HasSwitch(
611 switches::kEnableSeccompSandbox)) { 611 switches::kDisableSeccompSandbox)) {
612 g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY); 612 g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY);
613 if (g_proc_fd < 0) { 613 if (g_proc_fd < 0) {
614 LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp " 614 LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp "
615 "sandboxing."; 615 "sandboxing.";
616 } 616 }
617 } 617 }
618 #endif // ARCH_CPU_X86_FAMILY 618 #endif // ARCH_CPU_X86_FAMILY
619 619
620 // Turn on the SELinux or SUID sandbox 620 // Turn on the SELinux or SUID sandbox
621 if (!EnterSandbox()) { 621 if (!EnterSandbox()) {
622 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " 622 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: "
623 << errno << ")"; 623 << errno << ")";
624 return false; 624 return false;
625 } 625 }
626 626
627 #if defined(ARCH_CPU_X86_FAMILY) 627 #if defined(ARCH_CPU_X86_FAMILY)
628 // The seccomp sandbox will be turned on when the renderers start. But we can 628 // The seccomp sandbox will be turned on when the renderers start. But we can
629 // already check if sufficient support is available so that we only need to 629 // already check if sufficient support is available so that we only need to
630 // print one error message for the entire browser session. 630 // print one error message for the entire browser session.
631 if (g_proc_fd >= 0 && 631 if (g_proc_fd >= 0 &&
632 CommandLine::ForCurrentProcess()->HasSwitch( 632 !CommandLine::ForCurrentProcess()->HasSwitch(
633 switches::kEnableSeccompSandbox)) { 633 switches::kDisableSeccompSandbox)) {
634 if (!SupportsSeccompSandbox(g_proc_fd)) { 634 if (!SupportsSeccompSandbox(g_proc_fd)) {
635 // There are a good number of users who cannot use the seccomp sandbox 635 // There are a good number of users who cannot use the seccomp sandbox
636 // (e.g. because their distribution does not enable seccomp mode by 636 // (e.g. because their distribution does not enable seccomp mode by
637 // default). While we would prefer to deny execution in this case, it 637 // default). While we would prefer to deny execution in this case, it
638 // seems more realistic to continue in degraded mode. 638 // seems more realistic to continue in degraded mode.
639 LOG(ERROR) << "WARNING! This machine lacks support needed for the " 639 LOG(FATAL) << "WARNING! This machine lacks support needed for the "
640 "Seccomp sandbox. Running renderers with Seccomp " 640 "Seccomp sandbox. Please report your system specs on "
641 "sandboxing disabled."; 641 "http://code.google.com/p/chromium/issues/detail?id=36133";
642 } else { 642 } else {
643 LOG(INFO) << "Enabling experimental Seccomp sandbox."; 643 LOG(INFO) << "Enabling experimental Seccomp sandbox.";
644 } 644 }
645 } 645 }
646 #endif // ARCH_CPU_X86_FAMILY 646 #endif // ARCH_CPU_X86_FAMILY
647 647
648 Zygote zygote; 648 Zygote zygote;
649 return zygote.ProcessRequests(); 649 return zygote.ProcessRequests();
650 } 650 }
OLDNEW
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | chrome/common/chrome_switches.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698