Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1792)

Unified Diff: trunk/src/content/browser/browser_main_loop.cc

Issue 21910004: Revert 215101 "Linux: use sandbox binary alongside chrome." (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « trunk/src/build/common.gypi ('k') | trunk/src/content/content_browser.gypi » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: trunk/src/content/browser/browser_main_loop.cc
===================================================================
--- trunk/src/content/browser/browser_main_loop.cc (revision 215299)
+++ trunk/src/content/browser/browser_main_loop.cc (working copy)
@@ -7,12 +7,10 @@
#include "base/bind.h"
#include "base/command_line.h"
#include "base/debug/trace_event.h"
-#include "base/file_util.h"
#include "base/logging.h"
#include "base/message_loop/message_loop.h"
#include "base/metrics/field_trial.h"
#include "base/metrics/histogram.h"
-#include "base/path_service.h"
#include "base/pending_task.h"
#include "base/power_monitor/power_monitor.h"
#include "base/process/process_metrics.h"
@@ -121,29 +119,20 @@
TRACE_EVENT0("startup", "SetupSandbox");
// TODO(evanm): move this into SandboxWrapper; I'm just trying to move this
// code en masse out of chrome_main for now.
- base::FilePath sandbox_binary;
- bool env_chrome_devel_sandbox_set = false;
+ const char* sandbox_binary = NULL;
struct stat st;
- base::FilePath exe_dir;
- if (PathService::Get(base::DIR_EXE, &exe_dir)) {
- base::FilePath sandbox_candidate = exe_dir.AppendASCII("chrome-sandbox");
- if (base::PathExists(sandbox_candidate))
- sandbox_binary = sandbox_candidate;
- }
-
- // In user-managed builds, including development builds, an environment
- // variable is required to enable the sandbox. See
+ // In Chromium branded builds, developers can set an environment variable to
+ // use the development sandbox. See
// http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
- if (sandbox_binary.empty() &&
- stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid()) {
- const char* devel_sandbox_path = getenv("CHROME_DEVEL_SANDBOX");
- if (devel_sandbox_path) {
- env_chrome_devel_sandbox_set = true;
- sandbox_binary = base::FilePath(devel_sandbox_path);
- }
- }
+ if (stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid())
+ sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
+#if defined(LINUX_SANDBOX_PATH)
+ if (!sandbox_binary)
+ sandbox_binary = LINUX_SANDBOX_PATH;
+#endif
+
const bool want_setuid_sandbox =
!parsed_command_line.HasSwitch(switches::kNoSandbox) &&
!parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox);
@@ -152,23 +141,26 @@
static const char no_suid_error[] = "Running without the SUID sandbox! See "
"https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment "
"for more information on developing with the sandbox on.";
- if (sandbox_binary.empty()) {
- if (!env_chrome_devel_sandbox_set) {
- // This needs to be fatal. Talk to security@chromium.org if you feel
- // otherwise.
- LOG(FATAL) << no_suid_error;
- }
-
- // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as
- // opposed to a non existing one) is not fatal yet. This is needed
- // because of existing bots and scripts. Fix it (crbug.com/245376).
- LOG(ERROR) << no_suid_error;
+ if (!sandbox_binary) {
+ // This needs to be fatal. Talk to security@chromium.org if you feel
+ // otherwise.
+ LOG(FATAL) << no_suid_error;
}
+ // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as
+ // opposed to a non existing one) is not fatal yet. This is needed because
+ // of existing bots and scripts. Fix it (crbug.com/245376).
+ if (sandbox_binary && *sandbox_binary == '\0')
+ LOG(ERROR) << no_suid_error;
}
+ std::string sandbox_cmd;
+ if (want_setuid_sandbox && sandbox_binary) {
+ sandbox_cmd = sandbox_binary;
+ }
+
// Tickle the sandbox host and zygote host so they fork now.
- RenderSandboxHostLinux::GetInstance()->Init(sandbox_binary.value());
- ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value());
+ RenderSandboxHostLinux::GetInstance()->Init(sandbox_cmd);
+ ZygoteHostImpl::GetInstance()->Init(sandbox_cmd);
}
#endif
« no previous file with comments | « trunk/src/build/common.gypi ('k') | trunk/src/content/content_browser.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698