Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(436)

Unified Diff: content/browser/browser_main_loop.cc

Issue 1976403002: Fix logic for checking chrome-sandbox setuid binary (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rickyz feedback Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/zygote_host/zygote_communication_linux.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/browser_main_loop.cc
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc
index 1fd90e6e33c619fe6634c4d2d74e527351a91335..f99e1d44530523a5833ef69ecb8df047b5f19cf7 100644
--- a/content/browser/browser_main_loop.cc
+++ b/content/browser/browser_main_loop.cc
@@ -159,7 +159,6 @@
#if defined(OS_POSIX) && !defined(OS_MACOSX)
#include "content/browser/renderer_host/render_sandbox_host_linux.h"
#include "content/browser/zygote_host/zygote_host_impl_linux.h"
-#include "sandbox/linux/suid/client/setuid_sandbox_host.h"
#if !defined(OS_ANDROID)
#include "content/public/browser/zygote_handle_linux.h"
@@ -206,34 +205,10 @@ namespace {
#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
void SetupSandbox(const base::CommandLine& parsed_command_line) {
TRACE_EVENT0("startup", "SetupSandbox");
- base::FilePath sandbox_binary;
-
- std::unique_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host(
- sandbox::SetuidSandboxHost::Create());
-
- const bool want_setuid_sandbox =
- !parsed_command_line.HasSwitch(switches::kNoSandbox) &&
- !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox) &&
- !setuid_sandbox_host->IsDisabledViaEnvironment();
-
- static const char no_suid_error[] =
- "Running without the SUID sandbox! See "
- "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md "
- "for more information on developing with the sandbox on.";
- if (want_setuid_sandbox) {
- sandbox_binary = setuid_sandbox_host->GetSandboxBinaryPath();
- if (sandbox_binary.empty()) {
- // This needs to be fatal. Talk to security@chromium.org if you feel
- // otherwise.
- LOG(FATAL) << no_suid_error;
- }
- } else {
- LOG(ERROR) << no_suid_error;
- }
// Tickle the sandbox host and zygote host so they fork now.
RenderSandboxHostLinux::GetInstance()->Init();
- ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value());
+ ZygoteHostImpl::GetInstance()->Init(parsed_command_line);
*GetGenericZygote() = CreateZygote();
RenderProcessHostImpl::EarlyZygoteLaunch();
}
« no previous file with comments | « no previous file | content/browser/zygote_host/zygote_communication_linux.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698