| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <signal.h> | 10 #include <signal.h> |
| (...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 // startup and the point where we set the non-dumpable flag in which a | 444 // startup and the point where we set the non-dumpable flag in which a |
| 445 // compromised renderer could ptrace attach. | 445 // compromised renderer could ptrace attach. |
| 446 // | 446 // |
| 447 // However, now that we have a zygote model, only the (trusted) zygote | 447 // However, now that we have a zygote model, only the (trusted) zygote |
| 448 // exists at this point and we can set the non-dumpable flag which is | 448 // exists at this point and we can set the non-dumpable flag which is |
| 449 // inherited by all our renderer children. | 449 // inherited by all our renderer children. |
| 450 // | 450 // |
| 451 // Note: a non-dumpable process can't be debugged. To debug sandbox-related | 451 // Note: a non-dumpable process can't be debugged. To debug sandbox-related |
| 452 // issues, one can specify --allow-sandbox-debugging to let the process be | 452 // issues, one can specify --allow-sandbox-debugging to let the process be |
| 453 // dumpable. | 453 // dumpable. |
| 454 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 454 const base::CommandLine& command_line = |
| 455 *base::CommandLine::ForCurrentProcess(); |
| 455 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { | 456 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { |
| 456 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); | 457 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); |
| 457 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { | 458 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { |
| 458 LOG(ERROR) << "Failed to set non-dumpable flag"; | 459 LOG(ERROR) << "Failed to set non-dumpable flag"; |
| 459 return false; | 460 return false; |
| 460 } | 461 } |
| 461 } else { | 462 } else { |
| 462 // If sandbox debugging is allowed, install a handler for sandbox-related | 463 // If sandbox debugging is allowed, install a handler for sandbox-related |
| 463 // crash testing. | 464 // crash testing. |
| 464 InstallSandboxCrashTestHandler(); | 465 InstallSandboxCrashTestHandler(); |
| (...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 635 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 636 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
| 636 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); | 637 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); |
| 637 | 638 |
| 638 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 639 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
| 639 extra_fds); | 640 extra_fds); |
| 640 // This function call can return multiple times, once per fork(). | 641 // This function call can return multiple times, once per fork(). |
| 641 return zygote.ProcessRequests(); | 642 return zygote.ProcessRequests(); |
| 642 } | 643 } |
| 643 | 644 |
| 644 } // namespace content | 645 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 803813003:
Make callers of CommandLine use it via the base:: namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master