Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(509)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_main_linux.cc

Issue 837083002: Linux Sandbox: move init processes to new session id. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | sandbox/linux/suid/client/setuid_sandbox_client.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/zygote/zygote_main.h" 5 #include "content/zygote/zygote_main.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after
410 // be enabled by the process later. 410 // be enabled by the process later.
411 411
412 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { 412 if (!setuid_sandbox->IsSuidSandboxUpToDate()) {
413 LOG(WARNING) << 413 LOG(WARNING) <<
414 "You are using a wrong version of the setuid binary!\n" 414 "You are using a wrong version of the setuid binary!\n"
415 "Please read " 415 "Please read "
416 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment." 416 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment."
417 "\n\n"; 417 "\n\n";
418 } 418 }
419 419
420 CHECK(setuid_sandbox->CreateNewSession());
421
420 if (!setuid_sandbox->ChrootMe()) 422 if (!setuid_sandbox->ChrootMe())
421 return false; 423 return false;
422 424
423 if (setuid_sandbox->IsInNewPIDNamespace()) { 425 if (setuid_sandbox->IsInNewPIDNamespace()) {
424 CHECK_EQ(1, getpid()) 426 CHECK_EQ(1, getpid())
425 << "The SUID sandbox created a new PID namespace but Zygote " 427 << "The SUID sandbox created a new PID namespace but Zygote "
426 "is not the init process. Please, make sure the SUID " 428 "is not the init process. Please, make sure the SUID "
427 "binary is up to date."; 429 "binary is up to date.";
428 } 430 }
429 431
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
640 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; 642 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID;
641 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); 643 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged);
642 644
643 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, 645 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children,
644 extra_fds); 646 extra_fds);
645 // This function call can return multiple times, once per fork(). 647 // This function call can return multiple times, once per fork().
646 return zygote.ProcessRequests(); 648 return zygote.ProcessRequests();
647 } 649 }
648 650
649 } // namespace content 651 } // namespace content
OLDNEW
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | sandbox/linux/suid/client/setuid_sandbox_client.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698