Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1690)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/bpf_renderer_policy_linux.cc

Issue 2536103002: Linux Sandbox: Whitelist prlimit64 when used as getrlimit (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/bpf_renderer_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
index b6a960ceef31fa377ebf9fdaeddc985a8ad1284a..67c1301d604d86113c5ba2e865fdea7f72d5eb58 100644
--- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -88,7 +88,8 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
case __NR_sched_setscheduler:
return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_prlimit64:
- return Error(EPERM); // See crbug.com/160157.
+ // See crbug.com/662450.
+ return sandbox::RestrictPrlimitToGetrlimit(GetPolicyPid());
default:
// Default on the content baseline policy.
return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698