components/nacl/loader/nacl_helper_linux.cc - Issue 240463005: Stop using chrome-sandbox to determine real pids

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/nacl/loader/nacl_helper_linux.cc

Issue 240463005: Stop using chrome-sandbox to determine real pids (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix an embarassing number of compile errors Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/nacl/loader/nacl_helper_linux.cc

diff --git a/components/nacl/loader/nacl_helper_linux.cc b/components/nacl/loader/nacl_helper_linux.cc

index 15f58eb3a5fba07e50a7b578f240a261be23384e..91dd855081d562de716a880580a1d1f21f1afa3b 100644

--- a/components/nacl/loader/nacl_helper_linux.cc

+++ b/components/nacl/loader/nacl_helper_linux.cc

@@ -34,6 +34,7 @@

#include "components/nacl/loader/nacl_listener.h"

#include "components/nacl/loader/nacl_sandbox_linux.h"

#include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"

+#include "content/public/common/child_process_sandbox_support_linux.h"

#include "content/public/common/zygote_fork_delegate_linux.h"

#include "crypto/nss_util.h"

#include "ipc/ipc_descriptors.h"

@@ -143,40 +144,11 @@ void ChildNaClLoaderInit(const std::vector<int>& child_fds,

bool uses_nonsfi_mode,

const std::string& channel_id) {

const int parent_fd = child_fds[content::ZygoteForkDelegate::kParentFDIndex];

- const int dummy_fd = child_fds[content::ZygoteForkDelegate::kDummyFDIndex];

- bool validack = false;

- base::ProcessId real_pid;

- // Wait until the parent process has discovered our PID. We

- // should not fork any child processes (which the seccomp

- // sandbox does) until then, because that can interfere with the

- // parent's discovery of our PID.

- const ssize_t nread =

- HANDLE_EINTR(read(parent_fd, &real_pid, sizeof(real_pid)));

- if (static_cast<size_t>(nread) == sizeof(real_pid)) {

- // Make sure the parent didn't accidentally send us our real PID.

- // We don't want it to be discoverable anywhere in our address space

- // when we start running untrusted code.

- CHECK(real_pid == 0);

- CommandLine::ForCurrentProcess()->AppendSwitchASCII(

- switches::kProcessChannelID, channel_id);

- validack = true;

- } else {

- if (nread < 0)

- perror("read");

- LOG(ERROR) << "read returned " << nread;

- }

- if (IGNORE_EINTR(close(dummy_fd)) != 0)

- LOG(ERROR) << "close(dummy_fd) failed";

+ if (!content::SendRealPidToZygote(parent_fd, NULL))

+ LOG(FATAL) << "Failed to synchronize with zygote";

if (IGNORE_EINTR(close(parent_fd)) != 0)

- LOG(ERROR) << "close(parent_fd) failed";

- if (validack) {

- BecomeNaClLoader(child_fds, system_info, uses_nonsfi_mode);

- } else {

- LOG(ERROR) << "Failed to synch with zygote";

- }

+ LOG(FATAL) << "close(parent_fd) failed";

+ BecomeNaClLoader(child_fds, system_info, uses_nonsfi_mode);

_exit(1);

}

« no previous file with comments | « base/posix/unix_domain_socket_linux.cc ('k') | content/browser/renderer_host/sandbox_ipc_linux.h » ('j') | no next file with comments »