DescriptionRevert of Add seccomp sandbox for non-SFI NaCl (https://codereview.chromium.org/196793023/)
Reason for revert:
Broke ASAN on main WF.
/b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: error: obj/base/libsanitizer_options.a(obj/base/debug/sanitizer_options.sanitizer_options.o): multiple definition of '__asan_default_options'
/b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: obj/components/nacl/loader/nacl_helper.nacl_helper_linux.o: previous definition here
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.
Original issue's description:
> Add seccomp sandbox for non-SFI NaCl
>
> All syscalls except whitelisted ones will cause SIGSYS.
>
> We test the sandbox with BPF_TEST and BPF_TEST_DEATH, which appropriately fork the process so the main process of the test will never enable the sandbox.
>
> TEST=Our app works with this sandbox on i686 and ARM
> TEST=Build chrome and nacl_helper on i686, x86-64, and ARM
> TEST=./out/Release/components_unittests --gtest_filter='NaClNonSfi*'
> # on i686, x86-64, and ARM
> TEST=SFI NaCl apps still work
> TEST=trybots
> BUG=359285
>
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264383
TBR=mseaborn@chromium.org,wad@chromium.org,jochen@chromium.org,hamaji@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=359285
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264384
Patch Set 1 #
Created: 6 years, 8 months ago
(Patch set is too large to download)
Messages
Total messages: 3 (0 generated)
|