| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dirent.h> | 5 #include <dirent.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/time.h> | 9 #include <sys/time.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 // Check being in a new PID namespace created by the namespace sandbox and | 179 // Check being in a new PID namespace created by the namespace sandbox and |
| 180 // being the init process. | 180 // being the init process. |
| 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); | 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); |
| 182 const pid_t pid = getpid(); | 182 const pid_t pid = getpid(); |
| 183 CHECK_EQ(1, pid); | 183 CHECK_EQ(1, pid); |
| 184 | 184 |
| 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
| 186 // Note: this requires SealSandbox() to be called later in this process to be | 186 // Note: this requires SealSandbox() to be called later in this process to be |
| 187 // safe, as this class is keeping a file descriptor to /proc/. | 187 // safe, as this class is keeping a file descriptor to /proc/. |
| 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); | 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); |
| 189 | 189 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_)); |
| 190 // We do not drop CAP_SYS_ADMIN because we need it to place each child process | |
| 191 // in its own PID namespace later on. | |
| 192 std::vector<sandbox::Credentials::Capability> caps; | |
| 193 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); | |
| 194 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps)); | |
| 195 | 190 |
| 196 // This needs to happen after moving to a new user NS, since doing so involves | 191 // This needs to happen after moving to a new user NS, since doing so involves |
| 197 // writing the UID/GID map. | 192 // writing the UID/GID map. |
| 198 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); | 193 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); |
| 199 } | 194 } |
| 200 | 195 |
| 201 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { | 196 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { |
| 202 std::vector<int> fds; | 197 std::vector<int> fds; |
| 203 if (proc_fd_ >= 0) { | 198 if (proc_fd_ >= 0) { |
| 204 fds.push_back(proc_fd_); | 199 fds.push_back(proc_fd_); |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 | 449 |
| 455 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 450 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
| 456 DCHECK(thread); | 451 DCHECK(thread); |
| 457 base::ScopedFD proc_fd(OpenProc(proc_fd_)); | 452 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
| 458 PCHECK(proc_fd.is_valid()); | 453 PCHECK(proc_fd.is_valid()); |
| 459 CHECK( | 454 CHECK( |
| 460 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); | 455 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
| 461 } | 456 } |
| 462 | 457 |
| 463 } // namespace content | 458 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1041163003:
Revert of Start all children in their own PID namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master