| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" | 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" |
| 6 | 6 |
| 7 #include "base/allocator/allocator_extension.h" | 7 #include "base/allocator/allocator_extension.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/files/file_enumerator.h" | 9 #include "base/files/file_enumerator.h" |
| 10 #include "base/process/kill.h" | 10 #include "base/process/kill.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 43 *base::CommandLine::ForCurrentProcess(); | 43 *base::CommandLine::ForCurrentProcess(); |
| 44 if (command_line.HasSwitch(switches::kNoSandbox) || | 44 if (command_line.HasSwitch(switches::kNoSandbox) || |
| 45 command_line.HasSwitch(switches::kDisableNamespaceSandbox) || | 45 command_line.HasSwitch(switches::kDisableNamespaceSandbox) || |
| 46 !sandbox::Credentials::CanCreateProcessInNewUserNS()) { | 46 !sandbox::Credentials::CanCreateProcessInNewUserNS()) { |
| 47 should_use_namespace_sandbox_ = false; | 47 should_use_namespace_sandbox_ = false; |
| 48 } | 48 } |
| 49 | 49 |
| 50 const bool using_namespace_sandbox = ShouldUseNamespaceSandbox(); | 50 const bool using_namespace_sandbox = ShouldUseNamespaceSandbox(); |
| 51 // A non empty sandbox_cmd means we want a SUID sandbox. | 51 // A non empty sandbox_cmd means we want a SUID sandbox. |
| 52 const bool using_suid_sandbox = | 52 const bool using_suid_sandbox = |
| 53 sandbox_binary_.empty() && !using_namespace_sandbox; | 53 !sandbox_binary_.empty() && !using_namespace_sandbox; |
| 54 | 54 |
| 55 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid | 55 // Use the SUID sandbox for adjusting OOM scores when we are using the setuid |
| 56 // sandbox. This is needed beacuse the processes are non-dumpable, so | 56 // sandbox. This is needed beacuse the processes are non-dumpable, so |
| 57 // /proc/pid/oom_score_adj can only be written by root. | 57 // /proc/pid/oom_score_adj can only be written by root. |
| 58 use_suid_sandbox_for_adj_oom_score_ = using_suid_sandbox; | 58 use_suid_sandbox_for_adj_oom_score_ = using_suid_sandbox; |
| 59 | 59 |
| 60 #if defined(OS_CHROMEOS) | 60 #if defined(OS_CHROMEOS) |
| 61 // Chrome OS has a kernel patch that restricts oom_score_adj. See | 61 // Chrome OS has a kernel patch that restricts oom_score_adj. See |
| 62 // crbug.com/576409 for details. | 62 // crbug.com/576409 for details. |
| 63 if (!sandbox_binary_.empty()) { | 63 if (!sandbox_binary_.empty()) { |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 158 if (sandbox_helper_process.IsValid()) | 158 if (sandbox_helper_process.IsValid()) |
| 159 base::EnsureProcessGetsReaped(sandbox_helper_process.Pid()); | 159 base::EnsureProcessGetsReaped(sandbox_helper_process.Pid()); |
| 160 } else if (!use_suid_sandbox_for_adj_oom_score_) { | 160 } else if (!use_suid_sandbox_for_adj_oom_score_) { |
| 161 if (!base::AdjustOOMScore(pid, score)) | 161 if (!base::AdjustOOMScore(pid, score)) |
| 162 PLOG(ERROR) << "Failed to adjust OOM score of renderer with pid " << pid; | 162 PLOG(ERROR) << "Failed to adjust OOM score of renderer with pid " << pid; |
| 163 } | 163 } |
| 164 } | 164 } |
| 165 #endif | 165 #endif |
| 166 | 166 |
| 167 } // namespace content | 167 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1867563002:
Correctly determine if the SUID sandbox will be used for adjusting the OOM score (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master