| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host/zygote_communication_linux.h" | 5 #include "content/browser/zygote_host/zygote_communication_linux.h" |
| 6 | 6 |
| 7 #include <string.h> | 7 #include <string.h> |
| 8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
| 9 | 9 |
| 10 #include "base/base_switches.h" | 10 #include "base/base_switches.h" |
| (...skipping 285 matching lines...) Loading... |
| 296 GetContentClient()->browser()->AppendExtraCommandLineSwitches(&cmd_line, -1); | 296 GetContentClient()->browser()->AppendExtraCommandLineSwitches(&cmd_line, -1); |
| 297 | 297 |
| 298 const bool using_namespace_sandbox = ShouldUseNamespaceSandbox(); | 298 const bool using_namespace_sandbox = ShouldUseNamespaceSandbox(); |
| 299 // A non empty sandbox_cmd means we want a SUID sandbox. | 299 // A non empty sandbox_cmd means we want a SUID sandbox. |
| 300 const bool using_suid_sandbox = | 300 const bool using_suid_sandbox = |
| 301 !ZygoteHostImpl::GetInstance()->SandboxCommand().empty() && | 301 !ZygoteHostImpl::GetInstance()->SandboxCommand().empty() && |
| 302 !using_namespace_sandbox; | 302 !using_namespace_sandbox; |
| 303 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid | 303 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid |
| 304 // or namespace sandbox. This is needed beacuse the processes are | 304 // or namespace sandbox. This is needed beacuse the processes are |
| 305 // non-dumpable, so /proc/pid/oom_score_adj can only be written by root. | 305 // non-dumpable, so /proc/pid/oom_score_adj can only be written by root. |
| 306 use_suid_sandbox_for_adj_oom_score_ = | 306 use_suid_sandbox_for_adj_oom_score_ = using_suid_sandbox; |
| 307 !ZygoteHostImpl::GetInstance()->SandboxCommand().empty() && | 307 |
| 308 using_suid_sandbox; | 308 #if defined(OS_CHROMEOS) |
| 309 // Chrome OS has a kernel patch that restricts oom_score_adj. See |
| 310 // crbug.com/576409 for details. |
| 311 if (!ZygoteHostImpl::GetInstance()->SandboxCommand().empty() && |
| 312 using_namespace_sandbox) { |
| 313 use_suid_sandbox_for_adj_oom_score_ = true; |
| 314 } |
| 315 #endif |
| 309 | 316 |
| 310 // Start up the sandbox host process and get the file descriptor for the | 317 // Start up the sandbox host process and get the file descriptor for the |
| 311 // renderers to talk to it. | 318 // renderers to talk to it. |
| 312 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); | 319 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); |
| 313 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD())); | 320 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD())); |
| 314 | 321 |
| 315 base::ScopedFD dummy_fd; | 322 base::ScopedFD dummy_fd; |
| 316 if (using_suid_sandbox) { | 323 if (using_suid_sandbox) { |
| 317 scoped_ptr<sandbox::SetuidSandboxHost> sandbox_host( | 324 scoped_ptr<sandbox::SetuidSandboxHost> sandbox_host( |
| 318 sandbox::SetuidSandboxHost::Create()); | 325 sandbox::SetuidSandboxHost::Create()); |
| (...skipping 132 matching lines...) Loading... |
| 451 } | 458 } |
| 452 if (ReadSandboxStatus() == -1) { | 459 if (ReadSandboxStatus() == -1) { |
| 453 return 0; | 460 return 0; |
| 454 } | 461 } |
| 455 have_read_sandbox_status_word_ = true; | 462 have_read_sandbox_status_word_ = true; |
| 456 UMA_HISTOGRAM_SPARSE_SLOWLY("Linux.SandboxStatus", sandbox_status_); | 463 UMA_HISTOGRAM_SPARSE_SLOWLY("Linux.SandboxStatus", sandbox_status_); |
| 457 return sandbox_status_; | 464 return sandbox_status_; |
| 458 } | 465 } |
| 459 | 466 |
| 460 } // namespace content | 467 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews