| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dirent.h> | 5 #include <dirent.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/time.h> | 9 #include <sys/time.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 // Check being in a new PID namespace created by the namespace sandbox and | 179 // Check being in a new PID namespace created by the namespace sandbox and |
| 180 // being the init process. | 180 // being the init process. |
| 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); | 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); |
| 182 const pid_t pid = getpid(); | 182 const pid_t pid = getpid(); |
| 183 CHECK_EQ(1, pid); | 183 CHECK_EQ(1, pid); |
| 184 | 184 |
| 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
| 186 // Note: this requires SealSandbox() to be called later in this process to be | 186 // Note: this requires SealSandbox() to be called later in this process to be |
| 187 // safe, as this class is keeping a file descriptor to /proc/. | 187 // safe, as this class is keeping a file descriptor to /proc/. |
| 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); | 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); |
| 189 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_)); | 189 |
| 190 // We do not drop CAP_SYS_ADMIN because we need it to place each child process |
| 191 // in its own PID namespace later on. |
| 192 std::vector<sandbox::Credentials::Capability> caps; |
| 193 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); |
| 194 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps)); |
| 190 | 195 |
| 191 // This needs to happen after moving to a new user NS, since doing so involves | 196 // This needs to happen after moving to a new user NS, since doing so involves |
| 192 // writing the UID/GID map. | 197 // writing the UID/GID map. |
| 193 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); | 198 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); |
| 194 } | 199 } |
| 195 | 200 |
| 196 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { | 201 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { |
| 197 std::vector<int> fds; | 202 std::vector<int> fds; |
| 198 if (proc_fd_ >= 0) { | 203 if (proc_fd_ >= 0) { |
| 199 fds.push_back(proc_fd_); | 204 fds.push_back(proc_fd_); |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 | 454 |
| 450 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 455 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
| 451 DCHECK(thread); | 456 DCHECK(thread); |
| 452 base::ScopedFD proc_fd(OpenProc(proc_fd_)); | 457 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
| 453 PCHECK(proc_fd.is_valid()); | 458 PCHECK(proc_fd.is_valid()); |
| 454 CHECK( | 459 CHECK( |
| 455 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); | 460 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
| 456 } | 461 } |
| 457 | 462 |
| 458 } // namespace content | 463 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1057403002:
Start all children in their own PID namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master