| Index: content/zygote/zygote_linux.cc
|
| diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc
|
| index 5a84dec6db9f48d43b4a5d743b87e8b95b55ce8f..5944f87aa1258dff7a908eb6d5a2d55cea93a05f 100644
|
| --- a/content/zygote/zygote_linux.cc
|
| +++ b/content/zygote/zygote_linux.cc
|
| @@ -36,8 +36,6 @@
|
| #include "content/public/common/zygote_fork_delegate_linux.h"
|
| #include "ipc/ipc_channel.h"
|
| #include "ipc/ipc_switches.h"
|
| -#include "sandbox/linux/services/credentials.h"
|
| -#include "sandbox/linux/services/namespace_sandbox.h"
|
|
|
| // See http://code.google.com/p/chromium/wiki/LinuxZygote
|
|
|
| @@ -48,14 +46,6 @@
|
| // NOP function. See below where this handler is installed.
|
| void SIGCHLDHandler(int signal) {
|
| }
|
| -
|
| -// On Linux, when a process is the init process of a PID namespace, it cannot be
|
| -// terminated by signals like SIGTERM or SIGINT, since they are ignored unless
|
| -// we register a handler for them. In the handlers, we exit with this special
|
| -// exit code that GetTerminationStatus understands to mean that we were
|
| -// terminated by an external signal.
|
| -const int kKilledExitCode = 0x80;
|
| -const int kUnexpectedExitCode = 0x81;
|
|
|
| int LookUpFd(const base::GlobalDescriptors::Mapping& fd_mapping, uint32_t key) {
|
| for (size_t index = 0; index < fd_mapping.size(); ++index) {
|
| @@ -114,7 +104,7 @@
|
| struct sigaction action;
|
| memset(&action, 0, sizeof(action));
|
| action.sa_handler = &SIGCHLDHandler;
|
| - PCHECK(sigaction(SIGCHLD, &action, NULL) == 0);
|
| + CHECK(sigaction(SIGCHLD, &action, NULL) == 0);
|
|
|
| if (UsingSUIDSandbox() || UsingNSSandbox()) {
|
| // Let the ZygoteHost know we are ready to go.
|
| @@ -315,11 +305,6 @@
|
| // Time to forget about this process.
|
| process_info_map_.erase(real_pid);
|
| }
|
| -
|
| - if (WIFEXITED(*exit_code) && WEXITSTATUS(*exit_code) == kKilledExitCode) {
|
| - *status = base::TERMINATION_STATUS_PROCESS_WAS_KILLED;
|
| - }
|
| -
|
| return true;
|
| }
|
|
|
| @@ -390,33 +375,12 @@
|
| CHECK_NE(pid, 0);
|
| } else {
|
| CreatePipe(&read_pipe, &write_pipe);
|
| - if (sandbox_flags_ & kSandboxLinuxPIDNS &&
|
| - sandbox_flags_ & kSandboxLinuxUserNS) {
|
| - pid = sandbox::NamespaceSandbox::ForkInNewPidNamespace(
|
| - /*drop_capabilities_in_child=*/true);
|
| - } else {
|
| - pid = fork();
|
| - }
|
| + // This is roughly equivalent to a fork(). We are using ForkWithFlags mainly
|
| + // to give it some more diverse test coverage.
|
| + pid = base::ForkWithFlags(SIGCHLD, nullptr, nullptr);
|
| }
|
|
|
| if (pid == 0) {
|
| - // If the process is the init process inside a PID namespace, it must have
|
| - // explicit signal handlers.
|
| - if (getpid() == 1) {
|
| - for (const int sig : {SIGINT, SIGTERM}) {
|
| - sandbox::NamespaceSandbox::InstallTerminationSignalHandler(
|
| - sig, kKilledExitCode);
|
| - }
|
| -
|
| - static const int kUnexpectedSignals[] = {
|
| - SIGHUP, SIGQUIT, SIGABRT, SIGPIPE, SIGUSR1, SIGUSR2,
|
| - };
|
| - for (const int sig : kUnexpectedSignals) {
|
| - sandbox::NamespaceSandbox::InstallTerminationSignalHandler(
|
| - sig, kUnexpectedExitCode);
|
| - }
|
| - }
|
| -
|
| // In the child process.
|
| write_pipe.reset();
|
|
|
|
|
Chromium Code Reviews
Issue 1041163003:
Revert of Start all children in their own PID namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master