| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/zygote_host_linux.h" | 5 #include "chrome/browser/zygote_host_linux.h" |
| 6 | 6 |
| 7 #include <sys/socket.h> | 7 #include <sys/socket.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/types.h> | 9 #include <sys/types.h> |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 | 74 |
| 75 cmd_line.AppendSwitchASCII(switches::kProcessType, switches::kZygoteProcess); | 75 cmd_line.AppendSwitchASCII(switches::kProcessType, switches::kZygoteProcess); |
| 76 | 76 |
| 77 int fds[2]; | 77 int fds[2]; |
| 78 CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0); | 78 CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0); |
| 79 base::file_handle_mapping_vector fds_to_map; | 79 base::file_handle_mapping_vector fds_to_map; |
| 80 fds_to_map.push_back(std::make_pair(fds[1], 3)); | 80 fds_to_map.push_back(std::make_pair(fds[1], 3)); |
| 81 | 81 |
| 82 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | 82 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); |
| 83 if (browser_command_line.HasSwitch(switches::kZygoteCmdPrefix)) { | 83 if (browser_command_line.HasSwitch(switches::kZygoteCmdPrefix)) { |
| 84 const std::wstring prefix = | 84 cmd_line.PrependWrapper( |
| 85 browser_command_line.GetSwitchValue(switches::kZygoteCmdPrefix); | 85 browser_command_line.GetSwitchValueNative(switches::kZygoteCmdPrefix)); |
| 86 cmd_line.PrependWrapper(prefix); | |
| 87 } | 86 } |
| 88 // Append any switches from the browser process that need to be forwarded on | 87 // Append any switches from the browser process that need to be forwarded on |
| 89 // to the zygote/renderers. | 88 // to the zygote/renderers. |
| 90 // Should this list be obtained from browser_render_process_host.cc? | 89 // Should this list be obtained from browser_render_process_host.cc? |
| 91 static const char* kForwardSwitches[] = { | 90 static const char* kForwardSwitches[] = { |
| 92 switches::kAllowSandboxDebugging, | 91 switches::kAllowSandboxDebugging, |
| 93 switches::kLoggingLevel, | 92 switches::kLoggingLevel, |
| 94 switches::kEnableLogging, // Support, e.g., --enable-logging=stderr. | 93 switches::kEnableLogging, // Support, e.g., --enable-logging=stderr. |
| 95 switches::kUserDataDir, // Make logs go to the right file. | 94 switches::kUserDataDir, // Make logs go to the right file. |
| 96 // Load (in-process) Pepper plugins in-process in the zygote pre-sandbox. | 95 // Load (in-process) Pepper plugins in-process in the zygote pre-sandbox. |
| 97 switches::kRegisterPepperPlugins, | 96 switches::kRegisterPepperPlugins, |
| 98 #if defined(USE_SECCOMP_SANDBOX) | 97 #if defined(USE_SECCOMP_SANDBOX) |
| 99 switches::kDisableSeccompSandbox, | 98 switches::kDisableSeccompSandbox, |
| 100 #else | 99 #else |
| 101 switches::kEnableSeccompSandbox, | 100 switches::kEnableSeccompSandbox, |
| 102 #endif | 101 #endif |
| 103 }; | 102 }; |
| 104 cmd_line.CopySwitchesFrom(browser_command_line, kForwardSwitches, | 103 cmd_line.CopySwitchesFrom(browser_command_line, kForwardSwitches, |
| 105 arraysize(kForwardSwitches)); | 104 arraysize(kForwardSwitches)); |
| 106 | 105 |
| 107 sandbox_binary_ = sandbox_cmd.c_str(); | 106 sandbox_binary_ = sandbox_cmd.c_str(); |
| 108 struct stat st; | 107 struct stat st; |
| 109 | 108 |
| 110 if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) { | 109 if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) { |
| 111 if (access(sandbox_binary_.c_str(), X_OK) == 0 && | 110 if (access(sandbox_binary_.c_str(), X_OK) == 0 && |
| 112 (st.st_uid == 0) && | 111 (st.st_uid == 0) && |
| 113 (st.st_mode & S_ISUID) && | 112 (st.st_mode & S_ISUID) && |
| 114 (st.st_mode & S_IXOTH)) { | 113 (st.st_mode & S_IXOTH)) { |
| 115 using_suid_sandbox_ = true; | 114 using_suid_sandbox_ = true; |
| 116 cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary_.c_str())); | 115 cmd_line.PrependWrapper(sandbox_binary_); |
| 117 | 116 |
| 118 SaveSUIDUnsafeEnvironmentVariables(); | 117 SaveSUIDUnsafeEnvironmentVariables(); |
| 119 } else { | 118 } else { |
| 120 LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " | 119 LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " |
| 121 "configured correctly. Rather than run without sandboxing " | 120 "configured correctly. Rather than run without sandboxing " |
| 122 "I'm aborting now. You need to make sure that " | 121 "I'm aborting now. You need to make sure that " |
| 123 << sandbox_binary_ << " is mode 4755 and owned by root."; | 122 << sandbox_binary_ << " is mode 4755 and owned by root."; |
| 124 } | 123 } |
| 125 } | 124 } |
| 126 | 125 |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 336 !read_pickle.ReadBool(&iter, &tmp_child_exited)) { | 335 !read_pickle.ReadBool(&iter, &tmp_child_exited)) { |
| 337 LOG(WARNING) << "Error parsing DidProcessCrash response from zygote."; | 336 LOG(WARNING) << "Error parsing DidProcessCrash response from zygote."; |
| 338 return false; | 337 return false; |
| 339 } | 338 } |
| 340 | 339 |
| 341 if (child_exited) | 340 if (child_exited) |
| 342 *child_exited = tmp_child_exited; | 341 *child_exited = tmp_child_exited; |
| 343 | 342 |
| 344 return did_crash; | 343 return did_crash; |
| 345 } | 344 } |
| OLD | NEW |