Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(253)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: services/service_manager/runner/host/linux_sandbox.cc

Issue 2561963002: base: Remove the string logging from CHECK(). (Closed)
Patch Set: checkstring: rebase Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« remoting/host/curtain_mode_mac.cc ('K') | « services/service_manager/runner/host/child_process_host.cc ('k') | services/service_manager/standalone/tracer.cc » ('j') | ui/base/template_expressions.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "services/service_manager/runner/host/linux_sandbox.h" 5 #include "services/service_manager/runner/host/linux_sandbox.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/syscall.h> 8 #include <sys/syscall.h>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
144 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get())); 144 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get()));
145 } 145 }
146 146
147 void LinuxSandbox::EngageSeccompSandbox() { 147 void LinuxSandbox::EngageSeccompSandbox() {
148 CHECK(warmed_up_); 148 CHECK(warmed_up_);
149 sandbox::SandboxBPF sandbox(policy_.release()); 149 sandbox::SandboxBPF sandbox(policy_.release());
150 base::ScopedFD proc_fd(HANDLE_EINTR( 150 base::ScopedFD proc_fd(HANDLE_EINTR(
151 openat(proc_fd_.get(), ".", O_RDONLY | O_DIRECTORY | O_CLOEXEC))); 151 openat(proc_fd_.get(), ".", O_RDONLY | O_DIRECTORY | O_CLOEXEC)));
152 CHECK(proc_fd.is_valid()); 152 CHECK(proc_fd.is_valid());
153 sandbox.SetProcFd(std::move(proc_fd)); 153 sandbox.SetProcFd(std::move(proc_fd));
154 // Starting the process with a sandbox failed. Missing kernel support.
154 CHECK( 155 CHECK(
155 sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED)) 156 sandbox.StartSandbox(sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED));
156 << "Starting the process with a sandbox failed. Missing kernel support.";
157 157
158 // The Broker is now bound to this process and should only be destroyed when 158 // The Broker is now bound to this process and should only be destroyed when
159 // the process exits or is killed. 159 // the process exits or is killed.
160 sandbox::syscall_broker::BrokerProcess* leaked_broker = broker_.release(); 160 sandbox::syscall_broker::BrokerProcess* leaked_broker = broker_.release();
161 ALLOW_UNUSED_LOCAL(leaked_broker); 161 ALLOW_UNUSED_LOCAL(leaked_broker);
162 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker); 162 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker);
163 } 163 }
164 164
165 void LinuxSandbox::Seal() { 165 void LinuxSandbox::Seal() {
166 proc_fd_.reset(); 166 proc_fd_.reset();
167 } 167 }
168 168
169 } // namespace service_manager 169 } // namespace service_manager
OLDNEW
« remoting/host/curtain_mode_mac.cc ('K') | « services/service_manager/runner/host/child_process_host.cc ('k') | services/service_manager/standalone/tracer.cc » ('j') | ui/base/template_expressions.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698