Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(199)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 240463005: Stop using chrome-sandbox to determine real pids (Closed)

Created:
6 years, 8 months ago by mdempsky
Modified:
6 years, 8 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam
Visibility:
Public.

Description

Stop using chrome-sandbox to determine real pids Previously, when the zygote forked a child process, the parent would send an IPC to the browser process, which then used chrome-sandbox to do some procfs trickery to correlate PIDs across PID namespaces. However, since Linux 3.0, PIDs provided by the kernel (e.g., by SCM_CREDENTIALS) are automatically translated to the receiver's PID namespace. To take advantage of this, this CL makes two changes: 1. Add a new sandbox IPC request to send back the caller's PID as seen by the browser PID namespace. 2. Switch roles so the fork child now issues the sandbox IPC to determine its own PID, and the browser writes the child's PID over the pipe for the parent to read. BUG=357670

Patch Set 1 #

Patch Set 2 : Use extended RecvMsg API instead of GetPeerPid #

Patch Set 3 : Style guide discourages default function arguments #

Patch Set 4 : Sync to HEAD and resolve conflicts #

Patch Set 5 : Use more ScopedFDs #

Patch Set 6 : Fix indenting missed by clang-format #

Patch Set 7 : Restore use of base::ReadFromFD() instead of read() #

Patch Set 8 : Fix an embarassing number of compile errors #

Unified diffs Side-by-side diffs Delta from patch set Stats (+208 lines, -188 lines) Patch
M base/posix/unix_domain_socket_linux.h View 1 2 3 3 chunks +18 lines, -0 lines 0 comments Download
M base/posix/unix_domain_socket_linux.cc View 1 2 3 chunks +31 lines, -3 lines 0 comments Download
M components/nacl/loader/nacl_helper_linux.cc View 1 2 chunks +5 lines, -33 lines 0 comments Download
M content/browser/renderer_host/sandbox_ipc_linux.h View 1 2 3 4 5 6 7 2 chunks +7 lines, -0 lines 0 comments Download
M content/browser/renderer_host/sandbox_ipc_linux.cc View 1 2 3 4 5 6 7 5 chunks +31 lines, -1 line 0 comments Download
M content/browser/zygote_host/zygote_host_impl_linux.cc View 1 2 3 4 5 6 7 3 chunks +24 lines, -34 lines 0 comments Download
M content/common/child_process_sandbox_support_impl_linux.cc View 1 2 3 4 5 6 7 1 chunk +28 lines, -0 lines 0 comments Download
M content/common/sandbox_linux/sandbox_linux.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/public/common/child_process_sandbox_support_linux.h View 1 2 chunks +10 lines, -0 lines 0 comments Download
M content/public/common/zygote_fork_delegate_linux.h View 1 1 chunk +7 lines, -6 lines 0 comments Download
M content/zygote/zygote_linux.cc View 1 2 3 4 5 6 7 4 chunks +40 lines, -101 lines 0 comments Download
M content/zygote/zygote_main_linux.cc View 1 3 chunks +6 lines, -10 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
mdempsky
This should be ready for review now, but there's going to be some overlap/conflicts with ...
6 years, 8 months ago (2014-04-25 04:42:23 UTC) #1
mdempsky
6 years, 8 months ago (2014-04-25 23:48:59 UTC) #2 
Hold off on reviewing this.  I think I can simplify things so that:
  1. We get rid of the extra sandbox IPC that nobody likes.
  2. I can split it into two logically distinct CLs that are easier to review
separately and in parallel.

Powered by Google App Engine
This is Rietveld 408576698