Chromium Code Reviews Chromium Code Reviews
Issue 24055003:
add a LinuxSandbox::HasOpenDirectories() sanity check (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 // Returns the Status of the renderers' sandbox. Can only be queried after | 50 // Returns the Status of the renderers' sandbox. Can only be queried after |
| 51 // going through PreinitializeSandbox(). This is a bitmask and uses the | 51 // going through PreinitializeSandbox(). This is a bitmask and uses the |
| 52 // constants defined in "enum LinuxSandboxStatus". Since the status needs to | 52 // constants defined in "enum LinuxSandboxStatus". Since the status needs to |
| 53 // be provided before the sandboxes are actually started, this returns what | 53 // be provided before the sandboxes are actually started, this returns what |
| 54 // will actually happen once the various Start* functions are called from | 54 // will actually happen once the various Start* functions are called from |
| 55 // inside a renderer. | 55 // inside a renderer. |
| 56 int GetStatus() const; | 56 int GetStatus() const; |
| 57 // Returns true if the current process is single-threaded or if the number | 57 // Returns true if the current process is single-threaded or if the number |
| 58 // of threads cannot be determined. | 58 // of threads cannot be determined. |
| 59 bool IsSingleThreaded() const; | 59 bool IsSingleThreaded() const; |
| 60 // Returns true if it can be determined that the current process has open | |
| 61 // directories (besides /proc). | |
|
jln (very slow on Chromium)
2013/10/22 01:10:50
Let's just say "that are not managed by the LinuxS
Mostyn Bramley-Moore
2013/10/23 23:15:19
Done in patchset 2.
| |
| 62 bool HasOpenDirectories() const; | |
| 60 // Did we start Seccomp BPF? | 63 // Did we start Seccomp BPF? |
| 61 bool seccomp_bpf_started() const; | 64 bool seccomp_bpf_started() const; |
| 62 | 65 |
| 63 // Simple accessor for our instance of the setuid sandbox. Will never return | 66 // Simple accessor for our instance of the setuid sandbox. Will never return |
| 64 // NULL. | 67 // NULL. |
| 65 // There is no StartSetuidSandbox(), the SetuidSandboxClient instance should | 68 // There is no StartSetuidSandbox(), the SetuidSandboxClient instance should |
| 66 // be used directly. | 69 // be used directly. |
| 67 sandbox::SetuidSandboxClient* setuid_sandbox_client() const; | 70 sandbox::SetuidSandboxClient* setuid_sandbox_client() const; |
| 68 | 71 |
| 69 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 72 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 95 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 98 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
| 96 | 99 |
| 97 ~LinuxSandbox(); | 100 ~LinuxSandbox(); |
| 98 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 101 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
| 99 }; | 102 }; |
| 100 | 103 |
| 101 } // namespace content | 104 } // namespace content |
| 102 | 105 |
| 103 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ | 106 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 104 | 107 |
| OLD | NEW |
