Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 598203004: Linux sandbox: Restrict sched_* syscalls on the GPU and ppapi processes. (Closed)

Created:
6 years, 2 months ago by rickyz (no longer on Chrome)
Modified:
6 years, 2 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, jln+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Linux sandbox: Restrict sched_* syscalls on the GPU and ppapi processes. BUG=399473, 413855 Committed: https://crrev.com/449de07210aa42f3e6f4e2930dc0a627e4c884fb Cr-Commit-Position: refs/heads/master@{#297248}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Rename to policy_pid, add SANDBOX_EXPORT. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+25 lines, -15 lines) Patch
M content/common/sandbox_linux/bpf_gpu_policy_linux.cc View 1 2 chunks +6 lines, -3 lines 0 comments Download
M content/common/sandbox_linux/bpf_ppapi_policy_linux.cc View 1 1 chunk +3 lines, -2 lines 0 comments Download
M content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h View 1 1 chunk +2 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/baseline_policy.h View 1 1 chunk +5 lines, -1 line 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc View 1 2 chunks +5 lines, -6 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h View 1 1 chunk +4 lines, -3 lines 0 comments Download

Messages

Total messages: 8 (2 generated)
rickyz (Google)
Here's the change to enable sched restrictions on GPU and ppapi processes. I ran content_browsertests ...
6 years, 2 months ago (2014-09-26 22:47:17 UTC) #2
jln (very slow on Chromium)
Lgtm with a nit. Also, could you please link bug 399473 as well since you're ...
6 years, 2 months ago (2014-09-26 23:03:36 UTC) #3
rickyz (Google)
Thanks, will look at submitting on Monday. https://codereview.chromium.org/598203004/diff/1/content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h File content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h (right): https://codereview.chromium.org/598203004/diff/1/content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h#newcode39 content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h:39: pid_t current_pid() ...
6 years, 2 months ago (2014-09-27 01:38:37 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/598203004/20001
6 years, 2 months ago (2014-09-29 19:29:02 UTC) #6
commit-bot: I haz the power
Committed patchset #2 (id:20001) as 5a14a8dd49c1f00e8cc6114cb256bb70eeb12a32
6 years, 2 months ago (2014-09-29 20:36:48 UTC) #7
commit-bot: I haz the power
6 years, 2 months ago (2014-09-29 20:37:39 UTC) #8
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/449de07210aa42f3e6f4e2930dc0a627e4c884fb
Cr-Commit-Position: refs/heads/master@{#297248}

Powered by Google App Engine
This is Rietveld 408576698