Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(588)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 2578483002: Namespace sandbox: add check for unprivileged use of CLONE_NEWUSER (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/services/credentials.cc ('K') | « sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/suid/client/setuid_sandbox_client.cc
diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc
index ca73d46444e12e386fbd9bed5c99fbcad382ed71..590efa8d2f68119e59cbce99112200c80d8f291c 100644
--- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
+++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc
@@ -22,7 +22,7 @@
namespace {
bool IsFileSystemAccessDenied() {
- base::ScopedFD root_dir(HANDLE_EINTR(open("/", O_RDONLY)));
+ base::ScopedFD root_dir(HANDLE_EINTR(open("/proc/self/exe", O_RDONLY)));
Tom (Use chromium acct) 2016/12/14 04:13:48 Without this, when running as root, IsFileSystemAc
mdempsky 2016/12/14 05:11:11 Hm, so my best guess is that because with the setu
Tom (Use chromium acct) 2016/12/14 21:10:26 ok that makes sense.
return !root_dir.is_valid();
}
« sandbox/linux/services/credentials.cc ('K') | « sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698