Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(755)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 2578483002: Namespace sandbox: add check for unprivileged use of CLONE_NEWUSER (Closed)
Patch Set: getuid -> geteuid Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/services/credentials.cc ('K') | « sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/suid/client/setuid_sandbox_client.cc
diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc
index ca73d46444e12e386fbd9bed5c99fbcad382ed71..107d7c964cc56ff9b7c579d29fe4e8230ee19321 100644
--- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
+++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc
@@ -22,8 +22,8 @@
namespace {
bool IsFileSystemAccessDenied() {
- base::ScopedFD root_dir(HANDLE_EINTR(open("/", O_RDONLY)));
- return !root_dir.is_valid();
+ base::ScopedFD proc_self_exe(HANDLE_EINTR(open("/proc/self/exe", O_RDONLY)));
mdempsky 2017/01/10 22:48:23 Since we decided to not support root+sandbox, can
Tom (Use chromium acct) 2017/01/10 23:32:03 Unfortunately no, since the dialog box gets shown
mdempsky 2017/01/11 22:20:15 That is unfortunate. Can you at least add a commen
+ return !proc_self_exe.is_valid();
}
int GetHelperApi(base::Environment* env) {
« sandbox/linux/services/credentials.cc ('K') | « sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698