Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 240613003: Revert of Add seccomp sandbox for non-SFI NaCl (Closed)

Created:
6 years, 8 months ago by jln (very slow on Chromium)
Modified:
6 years, 8 months ago
CC:
chromium-reviews, hidehiko, kmixter1, dvyukov, Alexander Potapenko
Visibility:
Public.

Description

Revert of Add seccomp sandbox for non-SFI NaCl (https://codereview.chromium.org/196793023/) Reason for revert: Broke ASAN on main WF. /b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: error: obj/base/libsanitizer_options.a(obj/base/debug/sanitizer_options.sanitizer_options.o): multiple definition of '__asan_default_options' /b/build/slave/Linux_ASan_LSan_Builder/build/src/third_party/binutils/Linux_x64/Release/bin/ld: obj/components/nacl/loader/nacl_helper.nacl_helper_linux.o: previous definition here clang: error: linker command failed with exit code 1 (use -v to see invocation) ninja: build stopped: subcommand failed. Original issue's description: > Add seccomp sandbox for non-SFI NaCl > > All syscalls except whitelisted ones will cause SIGSYS. > > We test the sandbox with BPF_TEST and BPF_TEST_DEATH, which appropriately fork the process so the main process of the test will never enable the sandbox. > > TEST=Our app works with this sandbox on i686 and ARM > TEST=Build chrome and nacl_helper on i686, x86-64, and ARM > TEST=./out/Release/components_unittests --gtest_filter='NaClNonSfi*' > # on i686, x86-64, and ARM > TEST=SFI NaCl apps still work > TEST=trybots > BUG=359285 > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264383 TBR=mseaborn@chromium.org,wad@chromium.org,jochen@chromium.org,hamaji@chromium.org NOTREECHECKS=true NOTRY=true BUG=359285 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264384

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+22 lines, -1519 lines) Patch
M components/components_tests.gyp View 1 chunk +0 lines, -10 lines 0 comments Download
M components/nacl.gyp View 4 chunks +13 lines, -27 lines 0 comments Download
M components/nacl/loader/nacl_helper_linux.cc View 2 chunks +1 line, -2 lines 0 comments Download
M components/nacl/loader/nonsfi/DEPS View 1 chunk +0 lines, -1 line 0 comments Download
D components/nacl/loader/nonsfi/nonsfi_sandbox.h View 1 chunk +0 lines, -39 lines 0 comments Download
D components/nacl/loader/nonsfi/nonsfi_sandbox.cc View 1 chunk +0 lines, -315 lines 0 comments Download
D components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc View 1 chunk +0 lines, -609 lines 0 comments Download
D components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc View 1 chunk +0 lines, -461 lines 0 comments Download
M sandbox/linux/sandbox_linux.gypi View 1 chunk +0 lines, -16 lines 0 comments Download
M sandbox/linux/sandbox_linux_test_sources.gypi View 2 chunks +4 lines, -1 line 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h View 1 chunk +0 lines, -7 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc View 6 chunks +4 lines, -25 lines 0 comments Download
M sandbox/linux/seccomp-bpf/bpf_tests.h View 1 chunk +0 lines, -6 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
jln (very slow on Chromium)
Created Revert of Add seccomp sandbox for non-SFI NaCl
6 years, 8 months ago (2014-04-17 02:14:40 UTC) #1
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jln@chromium.org/240613003/1
6 years, 8 months ago (2014-04-17 02:15:30 UTC) #2
commit-bot: I haz the power
6 years, 8 months ago (2014-04-17 02:16:29 UTC) #3
Message was sent while issue was closed. 
Change committed as 264384

Powered by Google App Engine
This is Rietveld 408576698