Index: sandbox/linux/services/credentials.h |
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h |
index c23db930df270ea39d95845fadda268f94b01cd5..48cf259a2f9eca1b78c5a8bc66caedaa847bed54 100644 |
--- a/sandbox/linux/services/credentials.h |
+++ b/sandbox/linux/services/credentials.h |
@@ -51,6 +51,13 @@ class Credentials { |
// debugging and tests. |
scoped_ptr<std::string> GetCurrentCapString() const; |
+ // Returns whether the kernel supports CLONE_NEWUSER and whether it would be |
+ // possible to immediately move to a new user namespace. There is no point |
+ // in using this method right before calling MoveToNewUserNS(), simply call |
+ // MoveToNewUserNS() immediately. This method is only useful to test kernel |
+ // support ahead of time. |
+ static bool SupportsNewUserNS(); |
+ |
// Move the current process to a new "user namespace" as supported by Linux |
// 3.8+ (CLONE_NEWUSER). |
// The uid map will be set-up so that the perceived uid and gid will not |