OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <time.h> | 5 #include <time.h> |
6 | 6 |
7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
8 #include "sandbox/linux/seccomp-bpf/verifier.h" | 8 #include "sandbox/linux/seccomp-bpf/verifier.h" |
9 | 9 |
10 // The kernel gives us a sandbox, we turn it into a playground :-) | 10 // The kernel gives us a sandbox, we turn it into a playground :-) |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 // into running without a sandbox. | 77 // into running without a sandbox. |
78 sigprocmask(SIG_SETMASK, &oldMask, NULL); // OK, if it fails | 78 sigprocmask(SIG_SETMASK, &oldMask, NULL); // OK, if it fails |
79 SANDBOX_DIE("fork() failed unexpectedly"); | 79 SANDBOX_DIE("fork() failed unexpectedly"); |
80 } | 80 } |
81 | 81 |
82 // In the child process | 82 // In the child process |
83 if (!pid) { | 83 if (!pid) { |
84 // Test a very simple sandbox policy to verify that we can | 84 // Test a very simple sandbox policy to verify that we can |
85 // successfully turn on sandboxing. | 85 // successfully turn on sandboxing. |
86 Die::EnableSimpleExit(); | 86 Die::EnableSimpleExit(); |
| 87 errno = 0; |
87 if (HANDLE_EINTR(close(fds[0])) || | 88 if (HANDLE_EINTR(close(fds[0])) || |
88 dup2(fds[1], 2) != 2 || | 89 HANDLE_EINTR(dup2(fds[1], 2)) != 2 || |
89 HANDLE_EINTR(close(fds[1]))) { | 90 HANDLE_EINTR(close(fds[1]))) { |
90 static const char msg[] = "Failed to set up stderr\n"; | 91 const char* error_string = strerror(errno); |
91 if (HANDLE_EINTR(write(fds[1], msg, sizeof(msg)-1))) { } | 92 static const char msg[] = "Failed to set up stderr: "; |
| 93 if (HANDLE_EINTR(write(fds[1], msg, sizeof(msg)-1)) > 0 && error_string && |
| 94 HANDLE_EINTR(write(fds[1], error_string, strlen(error_string))) > 0 && |
| 95 HANDLE_EINTR(write(fds[1], "\n", 1))) { |
| 96 } |
92 } else { | 97 } else { |
93 evaluators_.clear(); | 98 evaluators_.clear(); |
94 setSandboxPolicy(syscallEvaluator, NULL); | 99 setSandboxPolicy(syscallEvaluator, NULL); |
95 setProcFd(proc_fd); | 100 setProcFd(proc_fd); |
96 | 101 |
97 // By passing "quiet=true" to "startSandboxInternal()" we suppress | 102 // By passing "quiet=true" to "startSandboxInternal()" we suppress |
98 // messages for expected and benign failures (e.g. if the current | 103 // messages for expected and benign failures (e.g. if the current |
99 // kernel lacks support for BPF filters). | 104 // kernel lacks support for BPF filters). |
100 startSandboxInternal(true); | 105 startSandboxInternal(true); |
101 | 106 |
(...skipping 614 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
716 Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN; | 721 Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN; |
717 int Sandbox::proc_fd_ = -1; | 722 int Sandbox::proc_fd_ = -1; |
718 Sandbox::Evaluators Sandbox::evaluators_; | 723 Sandbox::Evaluators Sandbox::evaluators_; |
719 Sandbox::ErrMap Sandbox::errMap_; | 724 Sandbox::ErrMap Sandbox::errMap_; |
720 Sandbox::Traps *Sandbox::traps_ = NULL; | 725 Sandbox::Traps *Sandbox::traps_ = NULL; |
721 Sandbox::TrapIds Sandbox::trapIds_; | 726 Sandbox::TrapIds Sandbox::trapIds_; |
722 ErrorCode *Sandbox::trapArray_ = NULL; | 727 ErrorCode *Sandbox::trapArray_ = NULL; |
723 size_t Sandbox::trapArraySize_ = 0; | 728 size_t Sandbox::trapArraySize_ = 0; |
724 | 729 |
725 } // namespace | 730 } // namespace |
OLD | NEW |