Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(279)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.h

Issue 54643010: Linux: add basic unprivileged namespace support. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: (unneeded) rebase Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
7 7
8 #include "build/build_config.h" 8 #include "build/build_config.h"
9 // Link errors are tedious to track, raise a compile-time error instead. 9 // Link errors are tedious to track, raise a compile-time error instead.
10 #if defined(OS_ANDROID) 10 #if defined(OS_ANDROID)
(...skipping 10 matching lines...) Expand all
21 // This class should be used to manipulate the current process' credentials. 21 // This class should be used to manipulate the current process' credentials.
22 // It is currently a stub used to manipulate POSIX.1e capabilities as 22 // It is currently a stub used to manipulate POSIX.1e capabilities as
23 // implemented by the Linux kernel. 23 // implemented by the Linux kernel.
24 class Credentials { 24 class Credentials {
25 public: 25 public:
26 Credentials(); 26 Credentials();
27 ~Credentials(); 27 ~Credentials();
28 28
29 // Drop all capabilities in the effective, inheritable and permitted sets for 29 // Drop all capabilities in the effective, inheritable and permitted sets for
30 // the current process. 30 // the current process.
31 void DropAllCapabilities(); 31 bool DropAllCapabilities();
32 // Return true iff there is any capability in any of the capabilities sets 32 // Return true iff there is any capability in any of the capabilities sets
33 // of the current process. 33 // of the current process.
34 bool HasAnyCapability(); 34 bool HasAnyCapability() const;
35 // Returns the capabilities of the current process in textual form, as 35 // Returns the capabilities of the current process in textual form, as
36 // documented in libcap2's cap_to_text(3). This is mostly useful for 36 // documented in libcap2's cap_to_text(3). This is mostly useful for
37 // debugging and tests. 37 // debugging and tests.
38 scoped_ptr<std::string> GetCurrentCapString(); 38 scoped_ptr<std::string> GetCurrentCapString() const;
39
40 // Move the current process to a new "user namespace" as supported by Linux
41 // 3.8+ (CLONE_NEWUSER).
42 // The uid map will be set-up so that the perceived uid and gid will not
43 // change.
44 // If this call succeeds, the current process will be granted a full set of
45 // capabilities in the new namespace.
46 bool MoveToNewUserNS();
47
48 // Remove the ability of the process to access the file system. File
49 // descriptors which are already open prior to calling this API remain
50 // available.
51 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT.
52 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API.
53 // Make sure to call DropAllCapabilities() after this call to prevent
54 // escapes.
55 // To be secure, it's very important for this API to not be called with any
56 // directory file descriptor present. TODO(jln): integrate with
57 // crbug.com/269806 when available.
58 bool DropFileSystemAccess();
39 59
40 private: 60 private:
41 DISALLOW_COPY_AND_ASSIGN(Credentials); 61 DISALLOW_COPY_AND_ASSIGN(Credentials);
42 }; 62 };
43 63
44 } // namespace sandbox. 64 } // namespace sandbox.
45 65
46 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 66 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698