OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 // A file descriptor to /proc. It's dangerous to have it around as it could | 108 // A file descriptor to /proc. It's dangerous to have it around as it could |
109 // allow for sandbox bypasses. It needs to be closed before we consider | 109 // allow for sandbox bypasses. It needs to be closed before we consider |
110 // ourselves sandboxed. | 110 // ourselves sandboxed. |
111 int proc_fd_; | 111 int proc_fd_; |
112 bool seccomp_bpf_started_; | 112 bool seccomp_bpf_started_; |
113 // The value returned by GetStatus(). Gets computed once and then cached. | 113 // The value returned by GetStatus(). Gets computed once and then cached. |
114 int sandbox_status_flags_; | 114 int sandbox_status_flags_; |
115 // Did PreinitializeSandbox() run? | 115 // Did PreinitializeSandbox() run? |
116 bool pre_initialized_; | 116 bool pre_initialized_; |
117 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. | 117 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. |
| 118 bool yama_is_enforcing_; // Accurate if pre_initialized_. |
118 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 119 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
119 | 120 |
120 ~LinuxSandbox(); | 121 ~LinuxSandbox(); |
121 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 122 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
122 }; | 123 }; |
123 | 124 |
124 } // namespace content | 125 } // namespace content |
125 | 126 |
126 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 127 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |