Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(863)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc

Issue 2707763002: Fix unprivileged user namespace regression (Closed)
Patch Set: incorporate code review feedback Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
diff --git a/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc b/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
index b7cc45a8b536650f06a1eaa3352356793256857f..accc3785c13ddb98a0a5fe67862475a6433341ed 100644
--- a/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
+++ b/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc
@@ -4,6 +4,8 @@
#include "chrome/browser/ui/views/chrome_browser_main_extra_parts_views.h"
+#include <utility>
+
#include "base/memory/ptr_util.h"
#include "chrome/browser/ui/views/chrome_constrained_window_views_client.h"
#include "chrome/browser/ui/views/chrome_views_delegate.h"
@@ -27,6 +29,10 @@
#endif // defined(USE_AURA)
#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
#include "base/command_line.h"
#include "chrome/browser/ui/simple_message_box.h"
#include "chrome/grit/chromium_strings.h"
@@ -77,6 +83,12 @@ void ChromeBrowserMainExtraPartsViews::PreProfileInit() {
if (geteuid() != 0)
return;
+ // Allow running inside an unprivileged user namespace. In that case, the
+ // root directory will be owned by an unmapped UID and GID.
Jorge Lucangeli Obes 2017/04/10 13:39:47 This is not true all the time, is it? It's only tr
Kevin Cernekee 2017/04/10 21:40:21 Done.
+ struct stat st;
+ if (stat("/", &st) == 0 && st.st_uid != 0)
Jorge Lucangeli Obes 2017/04/10 13:41:18 Does this need to be HANDLE_EINTR?
Kevin Cernekee 2017/04/10 21:40:21 I don't think it is strictly necessary, although I
+ return;
+
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
if (command_line.HasSwitch(switches::kNoSandbox))
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698