Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(411)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 1057403002: Start all children in their own PID namespace. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/logging.h"
12 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/scoped_ptr.h"
13 #include "content/public/common/sandbox_linux.h" 14 #include "content/public/common/sandbox_linux.h"
14 15
15 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ 16 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
16 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ 17 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \
17 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) 18 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE)
18 #include <sanitizer/common_interface_defs.h> 19 #include <sanitizer/common_interface_defs.h>
19 #define ANY_OF_AMTLU_SANITIZER 1 20 #define ANY_OF_AMTLU_SANITIZER 1
20 #endif 21 #endif
21 22
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
111 112
112 // Check the policy and eventually start the seccomp-bpf sandbox. This should 113 // Check the policy and eventually start the seccomp-bpf sandbox. This should
113 // never be called with threads started. If we detect that threads have 114 // never be called with threads started. If we detect that threads have
114 // started we will crash. 115 // started we will crash.
115 bool StartSeccompBPF(const std::string& process_type); 116 bool StartSeccompBPF(const std::string& process_type);
116 117
117 // Limit the address space of the current process (and its children). 118 // Limit the address space of the current process (and its children).
118 // to make some vulnerabilities harder to exploit. 119 // to make some vulnerabilities harder to exploit.
119 bool LimitAddressSpace(const std::string& process_type); 120 bool LimitAddressSpace(const std::string& process_type);
120 121
122 // Returns a file descriptor to proc. The file descriptor is no longer valid
123 // after the sandbox has been sealed.
124 int proc_fd() const {
125 DCHECK_NE(-1, proc_fd_);
126 return proc_fd_;
127 }
128
121 #if defined(ANY_OF_AMTLU_SANITIZER) 129 #if defined(ANY_OF_AMTLU_SANITIZER)
122 __sanitizer_sandbox_arguments* sanitizer_args() const { 130 __sanitizer_sandbox_arguments* sanitizer_args() const {
123 return sanitizer_args_.get(); 131 return sanitizer_args_.get();
124 }; 132 };
125 #endif 133 #endif
126 134
127 private: 135 private:
128 friend struct DefaultSingletonTraits<LinuxSandbox>; 136 friend struct DefaultSingletonTraits<LinuxSandbox>;
129 137
130 LinuxSandbox(); 138 LinuxSandbox();
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
168 #if defined(ANY_OF_AMTLU_SANITIZER) 176 #if defined(ANY_OF_AMTLU_SANITIZER)
169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; 177 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
170 #endif 178 #endif
171 179
172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); 180 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox);
173 }; 181 };
174 182
175 } // namespace content 183 } // namespace content
176 184
177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ 185 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_linux/sandbox_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698