DescriptionRemove the open directory fd check.
Linux Zygote sandboxing code keeps an fd for /proc while starting the
BPF sandbox (but ensures that it is closed later). This moves the
responsibility to the caller to ensure that no directory fds are present
after sandboxing is enabled.
Also adds WARN_UNUSED_RESULT to some important functions that return a
bool indicating success or failure.
BUG=312380
Committed: https://crrev.com/2e632ac2a948f2c07b6ed45f97a30f2d3abd23d2
Cr-Commit-Position: refs/heads/master@{#310141}
Patch Set 1 #
Total comments: 4
Patch Set 2 : Respond to comments. #
Messages
Total messages: 11 (2 generated)
|