Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(239)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/namespace_sandbox.cc

Issue 1158793003: Enable one PID namespace per process for NaCl processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Enable PID namespace per process for nonsfi newlib NaCl as well. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/services/namespace_sandbox.h ('k') | sandbox/linux/services/namespace_sandbox_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/namespace_sandbox.h" 5 #include "sandbox/linux/services/namespace_sandbox.h"
6 6
7 #include <sched.h> 7 #include <sched.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <stdlib.h> 9 #include <stdlib.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 int g_signal_exit_codes[64]; 73 int g_signal_exit_codes[64];
74 74
75 void TerminationSignalHandler(int sig) { 75 void TerminationSignalHandler(int sig) {
76 // Return a special exit code so that the process is detected as terminated by 76 // Return a special exit code so that the process is detected as terminated by
77 // a signal. 77 // a signal.
78 const size_t sig_idx = static_cast<size_t>(sig); 78 const size_t sig_idx = static_cast<size_t>(sig);
79 if (sig_idx < arraysize(g_signal_exit_codes)) { 79 if (sig_idx < arraysize(g_signal_exit_codes)) {
80 _exit(g_signal_exit_codes[sig_idx]); 80 _exit(g_signal_exit_codes[sig_idx]);
81 } 81 }
82 82
83 _exit(NamespaceSandbox::kDefaultExitCode); 83 _exit(NamespaceSandbox::SignalExitCode(sig));
84 } 84 }
85 85
86 } // namespace 86 } // namespace
87 87
88 #if !defined(OS_NACL_NONSFI) 88 #if !defined(OS_NACL_NONSFI)
89 // static 89 // static
90 base::Process NamespaceSandbox::LaunchProcess( 90 base::Process NamespaceSandbox::LaunchProcess(
91 const base::CommandLine& cmdline, 91 const base::CommandLine& cmdline,
92 const base::LaunchOptions& options) { 92 const base::LaunchOptions& options) {
93 return LaunchProcess(cmdline.argv(), options); 93 return LaunchProcess(cmdline.argv(), options);
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 } 154 }
155 155
156 // static 156 // static
157 void NamespaceSandbox::InstallDefaultTerminationSignalHandlers() { 157 void NamespaceSandbox::InstallDefaultTerminationSignalHandlers() {
158 static const int kDefaultTermSignals[] = { 158 static const int kDefaultTermSignals[] = {
159 LINUX_SIGHUP, LINUX_SIGINT, LINUX_SIGABRT, LINUX_SIGQUIT, 159 LINUX_SIGHUP, LINUX_SIGINT, LINUX_SIGABRT, LINUX_SIGQUIT,
160 LINUX_SIGPIPE, LINUX_SIGTERM, LINUX_SIGUSR1, LINUX_SIGUSR2, 160 LINUX_SIGPIPE, LINUX_SIGTERM, LINUX_SIGUSR1, LINUX_SIGUSR2,
161 }; 161 };
162 162
163 for (const int sig : kDefaultTermSignals) { 163 for (const int sig : kDefaultTermSignals) {
164 InstallTerminationSignalHandler(sig, kDefaultExitCode); 164 InstallTerminationSignalHandler(sig, SignalExitCode(sig));
165 } 165 }
166 } 166 }
167 167
168 // static 168 // static
169 bool NamespaceSandbox::InstallTerminationSignalHandler( 169 bool NamespaceSandbox::InstallTerminationSignalHandler(
170 int sig, 170 int sig,
171 int exit_code) { 171 int exit_code) {
172 struct sigaction old_action; 172 struct sigaction old_action;
173 PCHECK(sys_sigaction(sig, nullptr, &old_action) == 0); 173 PCHECK(sys_sigaction(sig, nullptr, &old_action) == 0);
174 174
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 bool NamespaceSandbox::InNewPidNamespace() { 206 bool NamespaceSandbox::InNewPidNamespace() {
207 return getenv(kSandboxPIDNSEnvironmentVarName) != nullptr; 207 return getenv(kSandboxPIDNSEnvironmentVarName) != nullptr;
208 } 208 }
209 209
210 // static 210 // static
211 bool NamespaceSandbox::InNewNetNamespace() { 211 bool NamespaceSandbox::InNewNetNamespace() {
212 return getenv(kSandboxNETNSEnvironmentVarName) != nullptr; 212 return getenv(kSandboxNETNSEnvironmentVarName) != nullptr;
213 } 213 }
214 214
215 } // namespace sandbox 215 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/services/namespace_sandbox.h ('k') | sandbox/linux/services/namespace_sandbox_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698