Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issue 6802024: Merge 79618 - Landing for Julien Tinnes, jln@google.com:---chroot to /proc instead of /tmp. This ... (Closed)

Created:
9 years, 8 months ago by Chris Evans
Modified:
9 years, 6 months ago
Reviewers:
Chris Evans
CC:
chromium-reviews, agl
Visibility:
Public.

Description

Merge 79618 - Landing for Julien Tinnes, jln@google.com:---chroot to /proc instead of /tmp. This gets rid of a lot of unnecessarycomplexity and fixes a race condition.(Original idea from Markus)The chroot helper will chroot to /proc/self/fdinfo (or /proc/self/fd). This ispretty safe because access to this directory is protected by the ptrace() checkin the kernel and the helper is privileged.Moreover, as soon as the helper _exit() and becomes a zombie, the directorywill be empty. Zygote should wait() for us to make everything deterministric.We also export SBX_HELPER_PID so that Zygote can specifically wait for thehelper. ---BUG=76542 R=markus,aglReview URL: http://codereview.chromium.org/6683056 TBR=cevans@chromium.org Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=80694

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+51 lines, -124 lines) Patch
M sandbox/linux/suid/sandbox.c View 6 chunks +51 lines, -124 lines 0 comments Download

Messages

Total messages: 1 (0 generated)
Chris Evans
9 years, 8 months ago (2011-04-06 21:12:29 UTC) #1

          

Powered by Google App Engine
This is Rietveld 408576698