components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc - Issue 1158793003: Enable one PID namespace per process for NaCl processes.

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

Issue 1158793003: Enable one PID namespace per process for NaCl processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Split out nonSFI bits. Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h"	5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <fcntl.h>	8 #include <fcntl.h>

9 #include <sys/prctl.h>	9 #include <sys/prctl.h>

10 #include <sys/stat.h>	10 #include <sys/stat.h>

(...skipping 121 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
132 // the setuid sandbox model.	132 // the setuid sandbox model.

133 CHECK(!HasOpenDirectory());	133 CHECK(!HasOpenDirectory());

134	134

135 // Get sandboxed.	135 // Get sandboxed.

136 CHECK(setuid_sandbox_client_->ChrootMe());	136 CHECK(setuid_sandbox_client_->ChrootMe());

137 CHECK(MaybeSetProcessNonDumpable());	137 CHECK(MaybeSetProcessNonDumpable());

138 CHECK(IsSandboxed());	138 CHECK(IsSandboxed());

139 layer_one_enabled_ = true;	139 layer_one_enabled_ = true;

140 } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) {	140 } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) {

141 CHECK(sandbox::Credentials::MoveToNewUserNS());	141 CHECK(sandbox::Credentials::MoveToNewUserNS());

142 // This relies on SealLayerOneSandbox() to be called later since this
Mark Seaborn 2015/06/09 23:44:19 Isn't this still true? We still call SealLayerOne Isn't this still true? We still call SealLayerOneSandbox() later and the requirement is still there, isn't it? rickyz (no longer on Chrome) 2015/06/10 01:31:43 Yeah, it's still true - I removed the comment to b Show quoted text On 2015/06/09 23:44:19, Mark Seaborn wrote: > Isn't this still true? We still call SealLayerOneSandbox() later and the > requirement is still there, isn't it? Yeah, it's still true - I removed the comment to be consistent with the fact that we don't explicitly call out the need for SealLayerOneSandbox when dropping FS access in the suid sandbox case. The fact that we continue to use proc_fd_ after DropFileSystemAccess hopefully makes it clear that there's still a dir fd around.
143 // class is keeping a file descriptor to /proc/.

144 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get()));	142 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get()));

145 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get()));	143

	144 // We do not drop CAP_SYS_ADMIN because we need it to place each child

	145 // process in its own PID namespace later on.

	146 std::vector<sandbox::Credentials::Capability> caps;

	147 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN);

	148 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_.get(), caps));

	149

146 CHECK(IsSandboxed());	150 CHECK(IsSandboxed());

147 layer_one_enabled_ = true;	151 layer_one_enabled_ = true;

148 }	152 }

149 }	153 }

150	154

151 void NaClSandbox::CheckForExpectedNumberOfOpenFds() {	155 void NaClSandbox::CheckForExpectedNumberOfOpenFds() {

152 // We expect to have the following FDs open:	156 // We expect to have the following FDs open:

153 // 1-3) stdin, stdout, stderr.	157 // 1-3) stdin, stdout, stderr.

154 // 4) The /dev/urandom FD used by base::GetUrandomFD().	158 // 4) The /dev/urandom FD used by base::GetUrandomFD().

155 // 5) A dummy pipe FD used to overwrite kSandboxIPCChannel.	159 // 5) A dummy pipe FD used to overwrite kSandboxIPCChannel.

(...skipping 79 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
235 static const char kNoBpfMsg[] =	239 static const char kNoBpfMsg[] =

236 "The seccomp-bpf sandbox is not engaged for NaCl:";	240 "The seccomp-bpf sandbox is not engaged for NaCl:";

237 if (can_be_no_sandbox)	241 if (can_be_no_sandbox)

238 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg;	242 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg;

239 else	243 else

240 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg;	244 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg;

241 }	245 }

242 }	246 }

243	247

244 } // namespace nacl	248 } // namespace nacl

OLD	NEW

« components/nacl/loader/nacl_helper_linux.cc ('K') | « components/nacl/loader/nacl_helper_linux.cc ('k') | content/zygote/zygote_linux.cc » ('j') | no next file with comments »