Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
index 15faef6ff55226b871790a076e177961d3527133..6b2327e5452e131c3d054538f933e92f4604b56a 100644 |
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
@@ -268,6 +268,10 @@ bool SandboxBPF::RunFunctionInPolicy(void (*code_in_sandbox)(), |
SANDBOX_DIE("Process started without standard file descriptors"); |
} |
+ // This code is using fork() and should only ever run single-threaded. |
+ // Most of the code below is "async-signal-safe" and only minor changes |
+ // would be needed to support threads. |
+ DCHECK(IsSingleThreaded(proc_fd_)); |
pid_t pid = fork(); |
if (pid < 0) { |
// Die if we cannot fork(). We would probably fail a little later |