Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(95)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 333823002: Apply renderer sandbox to utility processes. (Closed)

Created:
6 years, 6 months ago by mdempsky
Modified:
6 years, 6 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, jln+watch_chromium.org
Project:
chromium
Visibility:
Public.

Description

Apply renderer sandbox to utility processes. BUG=325893 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=279844

Patch Set 1 #

Patch Set 2 : Push should-I-sandbox logic up into UtilityMain() #

Patch Set 3 : Revert unintentional white space change #

Patch Set 4 : Respond to jln feedback #

Total comments: 5

Patch Set 5 : Expand comment #

Total comments: 2

Patch Set 6 : Fix comment artifact #

Unified diffs Side-by-side diffs Delta from patch set Stats (+54 lines, -8 lines) Patch
M content/app/content_main_runner.cc View 1 1 chunk +1 line, -0 lines 0 comments Download
M content/common/BUILD.gn View 1 2 3 1 chunk +2 lines, -0 lines 0 comments Download
A content/common/sandbox_linux/bpf_utility_policy_linux.h View 1 2 3 4 5 1 chunk +27 lines, -0 lines 0 comments Download
A + content/common/sandbox_linux/bpf_utility_policy_linux.cc View 1 2 3 4 2 chunks +14 lines, -6 lines 0 comments Download
M content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc View 1 2 3 2 chunks +2 lines, -1 line 0 comments Download
M content/content_common.gypi View 1 2 3 1 chunk +2 lines, -0 lines 0 comments Download
M content/public/common/main_function_params.h View 1 2 chunks +4 lines, -0 lines 0 comments Download
M content/utility/utility_main.cc View 1 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 17 (0 generated)
mdempsky
6 years, 6 months ago (2014-06-13 00:19:57 UTC) #1
jln (very slow on Chromium)
This makes for a slightly strange interface to start the BPF sandbox. I think I ...
6 years, 6 months ago (2014-06-13 18:52:56 UTC) #2
mdempsky
Updated to decide whether to sandbox in UtilityMain().
6 years, 6 months ago (2014-06-23 21:56:50 UTC) #3
jln (very slow on Chromium)
Looks good but let's create a separate policy. Something close to the baseline should work ...
6 years, 6 months ago (2014-06-24 01:03:22 UTC) #4
mdempsky
On 2014/06/24 01:03:22, jln wrote: > Looks good but let's create a separate policy. Something ...
6 years, 6 months ago (2014-06-24 20:03:08 UTC) #5
jln (very slow on Chromium)
lgtm if the GTK issues are gone. https://chromiumcodereview.appspot.com/333823002/diff/60001/content/common/sandbox_linux/bpf_utility_policy_linux.cc File content/common/sandbox_linux/bpf_utility_policy_linux.cc (right): https://chromiumcodereview.appspot.com/333823002/diff/60001/content/common/sandbox_linux/bpf_utility_policy_linux.cc#newcode28 content/common/sandbox_linux/bpf_utility_policy_linux.cc:28: // TODO(mdempsky): ...
6 years, 6 months ago (2014-06-25 00:28:08 UTC) #6
mdempsky
https://chromiumcodereview.appspot.com/333823002/diff/60001/content/common/sandbox_linux/bpf_utility_policy_linux.cc File content/common/sandbox_linux/bpf_utility_policy_linux.cc (right): https://chromiumcodereview.appspot.com/333823002/diff/60001/content/common/sandbox_linux/bpf_utility_policy_linux.cc#newcode28 content/common/sandbox_linux/bpf_utility_policy_linux.cc:28: // TODO(mdempsky): See if we can limit these further. ...
6 years, 6 months ago (2014-06-25 00:43:30 UTC) #7
Jorge Lucangeli Obes
There shouldn't be any issues with GTK since the Aura switch. https://chromiumcodereview.appspot.com/333823002/diff/80001/content/common/sandbox_linux/bpf_utility_policy_linux.h File content/common/sandbox_linux/bpf_utility_policy_linux.h (right): ...
6 years, 6 months ago (2014-06-25 00:49:52 UTC) #8
mdempsky
https://chromiumcodereview.appspot.com/333823002/diff/80001/content/common/sandbox_linux/bpf_utility_policy_linux.h File content/common/sandbox_linux/bpf_utility_policy_linux.h (right): https://chromiumcodereview.appspot.com/333823002/diff/80001/content/common/sandbox_linux/bpf_utility_policy_linux.h#newcode12 content/common/sandbox_linux/bpf_utility_policy_linux.h:12: // This policy can be used by both utility ...
6 years, 6 months ago (2014-06-25 00:52:59 UTC) #9
jln (very slow on Chromium)
On 2014/06/25 00:49:52, Jorge Lucangeli Obes wrote: > There shouldn't be any issues with GTK ...
6 years, 6 months ago (2014-06-25 00:53:02 UTC) #10
Jorge Lucangeli Obes
On 2014/06/25 00:53:02, jln wrote: > On 2014/06/25 00:49:52, Jorge Lucangeli Obes wrote: > > ...
6 years, 6 months ago (2014-06-25 01:21:30 UTC) #11
mdempsky
avi: Please review for content OWNERS approval. jln and jorgelo have already reviewed the content/common/sandbox_linux ...
6 years, 6 months ago (2014-06-25 20:25:43 UTC) #12
Avi (use Gerrit)
Yeah, this is cool. LGTM
6 years, 6 months ago (2014-06-25 20:27:18 UTC) #13
mdempsky
The CQ bit was checked by mdempsky@chromium.org
6 years, 6 months ago (2014-06-25 20:28:44 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mdempsky@chromium.org/333823002/100001
6 years, 6 months ago (2014-06-25 20:33:27 UTC) #15
commit-bot: I haz the power
Change committed as 279844
6 years, 6 months ago (2014-06-25 23:04:51 UTC) #16
gordanac
6 years, 6 months ago (2014-06-26 15:25:29 UTC) #17
Message was sent while issue was closed. 
On 2014/06/25 23:04:51, I haz the power (commit-bot) wrote:
> Change committed as 279844

This change breaks mips build:
http://www.rt-rk.com/mips-buildbot/builders/build_and_test_chromium_with_pnac...

where use_seccomp_bpf=0.

Please exclude:
'common/sandbox_linux/bpf_utility_policy_linux.cc',
'common/sandbox_linux/bpf_utility_policy_linux.h',
if 'use_seccomp_bpf==0'.

Powered by Google App Engine
This is Rietveld 408576698