| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" | 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 156 // A non empty sandbox_cmd means we want a SUID sandbox. | 156 // A non empty sandbox_cmd means we want a SUID sandbox. |
| 157 const bool using_suid_sandbox = | 157 const bool using_suid_sandbox = |
| 158 !sandbox_cmd.empty() && !using_namespace_sandbox; | 158 !sandbox_cmd.empty() && !using_namespace_sandbox; |
| 159 | 159 |
| 160 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid | 160 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid |
| 161 // or namespace sandbox. This is needed beacuse the processes are | 161 // or namespace sandbox. This is needed beacuse the processes are |
| 162 // non-dumpable, so /proc/pid/oom_score_adj can only be written by root. | 162 // non-dumpable, so /proc/pid/oom_score_adj can only be written by root. |
| 163 use_suid_sandbox_for_adj_oom_score_ = | 163 use_suid_sandbox_for_adj_oom_score_ = |
| 164 !sandbox_binary_.empty() && using_suid_sandbox; | 164 !sandbox_binary_.empty() && using_suid_sandbox; |
| 165 | 165 |
| 166 #if defined(OS_CHROMEOS) |
| 167 // Chrome OS has a kernel patch that restricts oom_score_adj. See |
| 168 // crbug.com/576409 for details. |
| 169 if (!sandbox_binary_.empty() && using_namespace_sandbox) { |
| 170 use_suid_sandbox_for_adj_oom_score_ = true; |
| 171 } |
| 172 #endif |
| 173 |
| 166 // Start up the sandbox host process and get the file descriptor for the | 174 // Start up the sandbox host process and get the file descriptor for the |
| 167 // renderers to talk to it. | 175 // renderers to talk to it. |
| 168 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); | 176 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); |
| 169 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD())); | 177 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD())); |
| 170 | 178 |
| 171 base::ScopedFD dummy_fd; | 179 base::ScopedFD dummy_fd; |
| 172 if (using_suid_sandbox) { | 180 if (using_suid_sandbox) { |
| 173 scoped_ptr<sandbox::SetuidSandboxHost> sandbox_host( | 181 scoped_ptr<sandbox::SetuidSandboxHost> sandbox_host( |
| 174 sandbox::SetuidSandboxHost::Create()); | 182 sandbox::SetuidSandboxHost::Create()); |
| 175 sandbox_host->PrependWrapper(&cmd_line); | 183 sandbox_host->PrependWrapper(&cmd_line); |
| (...skipping 420 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 596 } | 604 } |
| 597 | 605 |
| 598 if (!sandbox::Credentials::CanCreateProcessInNewUserNS()) { | 606 if (!sandbox::Credentials::CanCreateProcessInNewUserNS()) { |
| 599 return false; | 607 return false; |
| 600 } | 608 } |
| 601 | 609 |
| 602 return true; | 610 return true; |
| 603 } | 611 } |
| 604 | 612 |
| 605 } // namespace content | 613 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1692183005:
Use the suid helper for oom_score_adj on Chrome OS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2623