add a LinuxSandbox::HasOpenDirectories() sanity check

content/common/sandbox_linux.h

Index: content/common/sandbox_linux.h
diff --git a/content/common/sandbox_linux.h b/content/common/sandbox_linux.h
index 412c04ab20bdf1915974443370025d853579ed9b..9533df57a956f7f870dd96d86e8cdc99fae18fd9 100644
--- a/content/common/sandbox_linux.h
+++ b/content/common/sandbox_linux.h
@@ -80,6 +80,13 @@ class LinuxSandbox {
 
   // We must have been pre_initialized_ before using this.
   bool seccomp_bpf_supported() const;
+  // Returns true if it can be determined that the current process has open
+  // directories that are not managed by the LinuxSandbox class. This would
+  // be a vulnerability as it would allow to bypass the setuid sandbox.
+  bool HasOpenDirectories();
+  // Attempt to open /proc in debug builds if it's not already open. Returns
+  // true if proc_fd_ is valid afterwards.
+  bool OpenProc();
   // The last part of the initialization is to make sure any temporary "hole"
   // in the sandbox is closed. For now, this consists of closing proc_fd_.
   void SealSandbox();
@@ -91,6 +98,7 @@ class LinuxSandbox {
   bool seccomp_bpf_started_;
   // Did PreinitializeSandbox() run?
   bool pre_initialized_;
+  bool sealed_;
   bool seccomp_bpf_supported_;  // Accurate if pre_initialized_.
   scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;