| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <openssl/rand.h> | 9 #include <openssl/rand.h> |
| 10 #include <pthread.h> | 10 #include <pthread.h> |
| (...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 366 DCHECK(setuid_sandbox); | 366 DCHECK(setuid_sandbox); |
| 367 DCHECK(setuid_sandbox->IsSuidSandboxChild()); | 367 DCHECK(setuid_sandbox->IsSuidSandboxChild()); |
| 368 | 368 |
| 369 // Use the SUID sandbox. This still allows the seccomp sandbox to | 369 // Use the SUID sandbox. This still allows the seccomp sandbox to |
| 370 // be enabled by the process later. | 370 // be enabled by the process later. |
| 371 | 371 |
| 372 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { | 372 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { |
| 373 LOG(WARNING) << | 373 LOG(WARNING) << |
| 374 "You are using a wrong version of the setuid binary!\n" | 374 "You are using a wrong version of the setuid binary!\n" |
| 375 "Please read " | 375 "Please read " |
| 376 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment." | 376 "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid
_sandbox_development.md." |
| 377 "\n\n"; | 377 "\n\n"; |
| 378 } | 378 } |
| 379 | 379 |
| 380 if (!setuid_sandbox->ChrootMe()) | 380 if (!setuid_sandbox->ChrootMe()) |
| 381 return false; | 381 return false; |
| 382 | 382 |
| 383 if (setuid_sandbox->IsInNewPIDNamespace()) { | 383 if (setuid_sandbox->IsInNewPIDNamespace()) { |
| 384 CHECK_EQ(1, getpid()) | 384 CHECK_EQ(1, getpid()) |
| 385 << "The SUID sandbox created a new PID namespace but Zygote " | 385 << "The SUID sandbox created a new PID namespace but Zygote " |
| 386 "is not the init process. Please, make sure the SUID " | 386 "is not the init process. Please, make sure the SUID " |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 608 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; | 608 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; |
| 609 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); | 609 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); |
| 610 | 610 |
| 611 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 611 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
| 612 extra_fds); | 612 extra_fds); |
| 613 // This function call can return multiple times, once per fork(). | 613 // This function call can return multiple times, once per fork(). |
| 614 return zygote.ProcessRequests(); | 614 return zygote.ProcessRequests(); |
| 615 } | 615 } |
| 616 | 616 |
| 617 } // namespace content | 617 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1538613002:
fix some obsolete code.google.com sandbox links (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master