OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <openssl/rand.h> | 9 #include <openssl/rand.h> |
10 #include <pthread.h> | 10 #include <pthread.h> |
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
366 DCHECK(setuid_sandbox); | 366 DCHECK(setuid_sandbox); |
367 DCHECK(setuid_sandbox->IsSuidSandboxChild()); | 367 DCHECK(setuid_sandbox->IsSuidSandboxChild()); |
368 | 368 |
369 // Use the SUID sandbox. This still allows the seccomp sandbox to | 369 // Use the SUID sandbox. This still allows the seccomp sandbox to |
370 // be enabled by the process later. | 370 // be enabled by the process later. |
371 | 371 |
372 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { | 372 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { |
373 LOG(WARNING) << | 373 LOG(WARNING) << |
374 "You are using a wrong version of the setuid binary!\n" | 374 "You are using a wrong version of the setuid binary!\n" |
375 "Please read " | 375 "Please read " |
376 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment." | 376 "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid
_sandbox_development.md." |
377 "\n\n"; | 377 "\n\n"; |
378 } | 378 } |
379 | 379 |
380 if (!setuid_sandbox->ChrootMe()) | 380 if (!setuid_sandbox->ChrootMe()) |
381 return false; | 381 return false; |
382 | 382 |
383 if (setuid_sandbox->IsInNewPIDNamespace()) { | 383 if (setuid_sandbox->IsInNewPIDNamespace()) { |
384 CHECK_EQ(1, getpid()) | 384 CHECK_EQ(1, getpid()) |
385 << "The SUID sandbox created a new PID namespace but Zygote " | 385 << "The SUID sandbox created a new PID namespace but Zygote " |
386 "is not the init process. Please, make sure the SUID " | 386 "is not the init process. Please, make sure the SUID " |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
608 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; | 608 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; |
609 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); | 609 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); |
610 | 610 |
611 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 611 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
612 extra_fds); | 612 extra_fds); |
613 // This function call can return multiple times, once per fork(). | 613 // This function call can return multiple times, once per fork(). |
614 return zygote.ProcessRequests(); | 614 return zygote.ProcessRequests(); |
615 } | 615 } |
616 | 616 |
617 } // namespace content | 617 } // namespace content |
OLD | NEW |