Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(135)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 1041163003: Revert of Start all children in their own PID namespace. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/logging.h"
13 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/scoped_ptr.h"
14 #include "content/public/common/sandbox_linux.h" 13 #include "content/public/common/sandbox_linux.h"
15 14
16 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ 15 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
17 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ 16 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \
18 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) 17 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE)
19 #include <sanitizer/common_interface_defs.h> 18 #include <sanitizer/common_interface_defs.h>
20 #define ANY_OF_AMTLU_SANITIZER 1 19 #define ANY_OF_AMTLU_SANITIZER 1
21 #endif 20 #endif
22 21
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 111
113 // Check the policy and eventually start the seccomp-bpf sandbox. This should 112 // Check the policy and eventually start the seccomp-bpf sandbox. This should
114 // never be called with threads started. If we detect that threads have 113 // never be called with threads started. If we detect that threads have
115 // started we will crash. 114 // started we will crash.
116 bool StartSeccompBPF(const std::string& process_type); 115 bool StartSeccompBPF(const std::string& process_type);
117 116
118 // Limit the address space of the current process (and its children). 117 // Limit the address space of the current process (and its children).
119 // to make some vulnerabilities harder to exploit. 118 // to make some vulnerabilities harder to exploit.
120 bool LimitAddressSpace(const std::string& process_type); 119 bool LimitAddressSpace(const std::string& process_type);
121 120
122 // Returns a file descriptor to proc. The file descriptor is no longer valid
123 // after the sandbox has been sealed.
124 int proc_fd() const {
125 DCHECK_NE(-1, proc_fd_);
126 return proc_fd_;
127 }
128
129 #if defined(ANY_OF_AMTLU_SANITIZER) 121 #if defined(ANY_OF_AMTLU_SANITIZER)
130 __sanitizer_sandbox_arguments* sanitizer_args() const { 122 __sanitizer_sandbox_arguments* sanitizer_args() const {
131 return sanitizer_args_.get(); 123 return sanitizer_args_.get();
132 }; 124 };
133 #endif 125 #endif
134 126
135 private: 127 private:
136 friend struct DefaultSingletonTraits<LinuxSandbox>; 128 friend struct DefaultSingletonTraits<LinuxSandbox>;
137 129
138 LinuxSandbox(); 130 LinuxSandbox();
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
176 #if defined(ANY_OF_AMTLU_SANITIZER) 168 #if defined(ANY_OF_AMTLU_SANITIZER)
177 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; 169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
178 #endif 170 #endif
179 171
180 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); 172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
181 }; 173 };
182 174
183 } // namespace content 175 } // namespace content
184 176
185 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698