Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 835623005: Remove the open directory fd check. (Closed)

Created:
5 years, 11 months ago by rickyz (no longer on Chrome)
Modified:
5 years, 11 months ago
CC:
chromium-reviews, jln+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Remove the open directory fd check. Linux Zygote sandboxing code keeps an fd for /proc while starting the BPF sandbox (but ensures that it is closed later). This moves the responsibility to the caller to ensure that no directory fds are present after sandboxing is enabled. Also adds WARN_UNUSED_RESULT to some important functions that return a bool indicating success or failure. BUG=312380 Committed: https://crrev.com/2e632ac2a948f2c07b6ed45f97a30f2d3abd23d2 Cr-Commit-Position: refs/heads/master@{#310141}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Respond to comments. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -14 lines) Patch
M sandbox/linux/services/credentials.h View 1 4 chunks +8 lines, -5 lines 0 comments Download
M sandbox/linux/services/credentials.cc View 2 chunks +0 lines, -4 lines 0 comments Download
M sandbox/linux/services/credentials_unittest.cc View 4 chunks +5 lines, -5 lines 0 comments Download

Messages

Total messages: 11 (2 generated)
rickyz (no longer on Chrome)
5 years, 11 months ago (2015-01-05 22:45:19 UTC) #2
jln (very slow on Chromium)
Could you explain why this is necessary? A DCHECK inside Credentials::DropFileSystemAccess() seemed useful (even if ...
5 years, 11 months ago (2015-01-05 22:51:02 UTC) #3
jln (very slow on Chromium)
On 2015/01/05 22:51:02, jln wrote: > Could you explain why this is necessary? > > ...
5 years, 11 months ago (2015-01-05 22:58:30 UTC) #4
jln (very slow on Chromium)
https://codereview.chromium.org/835623005/diff/1/sandbox/linux/services/credentials.cc File sandbox/linux/services/credentials.cc (left): https://codereview.chromium.org/835623005/diff/1/sandbox/linux/services/credentials.cc#oldcode250 sandbox/linux/services/credentials.cc:250: bool Credentials::DropFileSystemAccess() { We could also take a file ...
5 years, 11 months ago (2015-01-05 23:02:32 UTC) #5
rickyz (no longer on Chrome)
https://codereview.chromium.org/835623005/diff/1/sandbox/linux/services/credentials.cc File sandbox/linux/services/credentials.cc (left): https://codereview.chromium.org/835623005/diff/1/sandbox/linux/services/credentials.cc#oldcode250 sandbox/linux/services/credentials.cc:250: bool Credentials::DropFileSystemAccess() { On 2015/01/05 23:02:32, jln wrote: > ...
5 years, 11 months ago (2015-01-06 08:01:20 UTC) #6
jln (very slow on Chromium)
lgtm
5 years, 11 months ago (2015-01-06 17:19:39 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/835623005/20001
5 years, 11 months ago (2015-01-06 19:53:22 UTC) #9
commit-bot: I haz the power
Committed patchset #2 (id:20001)
5 years, 11 months ago (2015-01-06 20:59:58 UTC) #10
commit-bot: I haz the power
5 years, 11 months ago (2015-01-06 21:01:31 UTC) #11
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/2e632ac2a948f2c07b6ed45f97a30f2d3abd23d2
Cr-Commit-Position: refs/heads/master@{#310141}

Powered by Google App Engine
This is Rietveld 408576698