Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1106)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 11203003: Merge 161443 - Seccomp BPF: handle EINTR in error reporting setup. (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1271/src/
Patch Set: Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <time.h> 5 #include <time.h>
6 6
7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
8 #include "sandbox/linux/seccomp-bpf/verifier.h" 8 #include "sandbox/linux/seccomp-bpf/verifier.h"
9 9
10 // The kernel gives us a sandbox, we turn it into a playground :-) 10 // The kernel gives us a sandbox, we turn it into a playground :-)
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 // into running without a sandbox. 77 // into running without a sandbox.
78 sigprocmask(SIG_SETMASK, &oldMask, NULL); // OK, if it fails 78 sigprocmask(SIG_SETMASK, &oldMask, NULL); // OK, if it fails
79 SANDBOX_DIE("fork() failed unexpectedly"); 79 SANDBOX_DIE("fork() failed unexpectedly");
80 } 80 }
81 81
82 // In the child process 82 // In the child process
83 if (!pid) { 83 if (!pid) {
84 // Test a very simple sandbox policy to verify that we can 84 // Test a very simple sandbox policy to verify that we can
85 // successfully turn on sandboxing. 85 // successfully turn on sandboxing.
86 Die::EnableSimpleExit(); 86 Die::EnableSimpleExit();
87 errno = 0;
87 if (HANDLE_EINTR(close(fds[0])) || 88 if (HANDLE_EINTR(close(fds[0])) ||
88 dup2(fds[1], 2) != 2 || 89 HANDLE_EINTR(dup2(fds[1], 2)) != 2 ||
89 HANDLE_EINTR(close(fds[1]))) { 90 HANDLE_EINTR(close(fds[1]))) {
90 static const char msg[] = "Failed to set up stderr\n"; 91 const char* error_string = strerror(errno);
91 if (HANDLE_EINTR(write(fds[1], msg, sizeof(msg)-1))) { } 92 static const char msg[] = "Failed to set up stderr: ";
93 if (HANDLE_EINTR(write(fds[1], msg, sizeof(msg)-1)) > 0 && error_string &&
94 HANDLE_EINTR(write(fds[1], error_string, strlen(error_string))) > 0 &&
95 HANDLE_EINTR(write(fds[1], "\n", 1))) {
96 }
92 } else { 97 } else {
93 evaluators_.clear(); 98 evaluators_.clear();
94 setSandboxPolicy(syscallEvaluator, NULL); 99 setSandboxPolicy(syscallEvaluator, NULL);
95 setProcFd(proc_fd); 100 setProcFd(proc_fd);
96 101
97 // By passing "quiet=true" to "startSandboxInternal()" we suppress 102 // By passing "quiet=true" to "startSandboxInternal()" we suppress
98 // messages for expected and benign failures (e.g. if the current 103 // messages for expected and benign failures (e.g. if the current
99 // kernel lacks support for BPF filters). 104 // kernel lacks support for BPF filters).
100 startSandboxInternal(true); 105 startSandboxInternal(true);
101 106
(...skipping 614 matching lines...) Expand 10 before | Expand all | Expand 10 after
716 Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN; 721 Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN;
717 int Sandbox::proc_fd_ = -1; 722 int Sandbox::proc_fd_ = -1;
718 Sandbox::Evaluators Sandbox::evaluators_; 723 Sandbox::Evaluators Sandbox::evaluators_;
719 Sandbox::ErrMap Sandbox::errMap_; 724 Sandbox::ErrMap Sandbox::errMap_;
720 Sandbox::Traps *Sandbox::traps_ = NULL; 725 Sandbox::Traps *Sandbox::traps_ = NULL;
721 Sandbox::TrapIds Sandbox::trapIds_; 726 Sandbox::TrapIds Sandbox::trapIds_;
722 ErrorCode *Sandbox::trapArray_ = NULL; 727 ErrorCode *Sandbox::trapArray_ = NULL;
723 size_t Sandbox::trapArraySize_ = 0; 728 size_t Sandbox::trapArraySize_ = 0;
724 729
725 } // namespace 730 } // namespace
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698