Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 272083002: Linux NaCl BPF sandbox : restrict clone() (Closed)

Created:
6 years, 7 months ago by jln (very slow on Chromium)
Modified:
6 years, 7 months ago
Reviewers:
Mark Seaborn
CC:
chromium-reviews
Visibility:
Public.

Description

Linux NaCl BPF sandbox : restrict clone() Restrict clone() by defaulting to the baseline policy. This means that fork() will EPERM and only the flags used by pthread_create() will be allowed. BUG=367986 R=mseaborn@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=269167

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -2 lines) Patch
M components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc View 2 chunks +1 line, -2 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
jln (very slow on Chromium)
Mark, PTAL!
6 years, 7 months ago (2014-05-09 01:06:02 UTC) #1
Mark Seaborn
LGTM It's a little surprising that we had an unrestricted clone() before. :-)
6 years, 7 months ago (2014-05-09 01:09:00 UTC) #2
jln (very slow on Chromium)
The CQ bit was checked by jln@chromium.org
6 years, 7 months ago (2014-05-09 02:10:06 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jln@chromium.org/272083002/1
6 years, 7 months ago (2014-05-09 02:18:34 UTC) #4
jln (very slow on Chromium)
6 years, 7 months ago (2014-05-09 06:53:55 UTC) #5
Message was sent while issue was closed. 
Committed patchset #1 manually as r269167 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698