Index: content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
diff --git a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
index 86cef92cbe324bd18000b1301552ce292157e81e..20301938d6285b21a94caa3048a3a94600a4dc63 100644 |
--- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
+++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc |
@@ -43,16 +43,17 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const { |
case __NR_mremap: // See crbug.com/149834. |
case __NR_pread64: |
case __NR_pwrite64: |
- case __NR_sched_getaffinity: |
case __NR_sched_get_priority_max: |
case __NR_sched_get_priority_min: |
- case __NR_sched_getparam: |
- case __NR_sched_getscheduler: |
- case __NR_sched_setscheduler: |
case __NR_sysinfo: |
case __NR_times: |
case __NR_uname: |
return Allow(); |
+ case __NR_sched_getaffinity: |
+ case __NR_sched_getparam: |
+ case __NR_sched_getscheduler: |
+ case __NR_sched_setscheduler: |
+ return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); |
case __NR_prlimit64: |
return Error(EPERM); // See crbug.com/160157. |
default: |