OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
179 // Check being in a new PID namespace created by the namespace sandbox and | 179 // Check being in a new PID namespace created by the namespace sandbox and |
180 // being the init process. | 180 // being the init process. |
181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); | 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); |
182 const pid_t pid = getpid(); | 182 const pid_t pid = getpid(); |
183 CHECK_EQ(1, pid); | 183 CHECK_EQ(1, pid); |
184 | 184 |
185 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
186 // Note: this requires SealSandbox() to be called later in this process to be | 186 // Note: this requires SealSandbox() to be called later in this process to be |
187 // safe, as this class is keeping a file descriptor to /proc/. | 187 // safe, as this class is keeping a file descriptor to /proc/. |
188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); | 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); |
189 | 189 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_)); |
190 // We do not drop CAP_SYS_ADMIN because we need it to place each child process | |
191 // in its own PID namespace later on. | |
192 std::vector<sandbox::Credentials::Capability> caps; | |
193 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); | |
194 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps)); | |
195 | 190 |
196 // This needs to happen after moving to a new user NS, since doing so involves | 191 // This needs to happen after moving to a new user NS, since doing so involves |
197 // writing the UID/GID map. | 192 // writing the UID/GID map. |
198 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); | 193 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); |
199 } | 194 } |
200 | 195 |
201 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { | 196 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { |
202 std::vector<int> fds; | 197 std::vector<int> fds; |
203 if (proc_fd_ >= 0) { | 198 if (proc_fd_ >= 0) { |
204 fds.push_back(proc_fd_); | 199 fds.push_back(proc_fd_); |
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
454 | 449 |
455 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 450 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
456 DCHECK(thread); | 451 DCHECK(thread); |
457 base::ScopedFD proc_fd(OpenProc(proc_fd_)); | 452 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
458 PCHECK(proc_fd.is_valid()); | 453 PCHECK(proc_fd.is_valid()); |
459 CHECK( | 454 CHECK( |
460 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); | 455 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
461 } | 456 } |
462 | 457 |
463 } // namespace content | 458 } // namespace content |
OLD | NEW |