Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(345)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 837083002: Linux Sandbox: move init processes to new session id. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" 5 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <stdlib.h> 8 #include <stdlib.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 return false; 201 return false;
202 } 202 }
203 203
204 // We now consider ourselves "fully sandboxed" as far as the 204 // We now consider ourselves "fully sandboxed" as far as the
205 // setuid sandbox is concerned. 205 // setuid sandbox is concerned.
206 CHECK(IsFileSystemAccessDenied()); 206 CHECK(IsFileSystemAccessDenied());
207 sandboxed_ = true; 207 sandboxed_ = true;
208 return true; 208 return true;
209 } 209 }
210 210
211 bool SetuidSandboxClient::CreateNewSession() {
212 // This could fail if the process is already a process group leader.
213 return 0 < setsid();
214 }
215
211 bool SetuidSandboxClient::CreateInitProcessReaper( 216 bool SetuidSandboxClient::CreateInitProcessReaper(
212 base::Closure* post_fork_parent_callback) { 217 base::Closure* post_fork_parent_callback) {
213 return sandbox::CreateInitProcessReaper(post_fork_parent_callback); 218 return sandbox::CreateInitProcessReaper(post_fork_parent_callback);
214 } 219 }
215 220
216 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { 221 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
217 return GetHelperApi(env_) == kSUIDSandboxApiNumber; 222 return GetHelperApi(env_) == kSUIDSandboxApiNumber;
218 } 223 }
219 224
220 bool SetuidSandboxClient::IsSuidSandboxChild() const { 225 bool SetuidSandboxClient::IsSuidSandboxChild() const {
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
310 // kZygoteIdFd. Fixing this requires a sandbox API change. :( 315 // kZygoteIdFd. Fixing this requires a sandbox API change. :(
311 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd)); 316 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd));
312 } 317 }
313 318
314 void SetuidSandboxClient::SetupLaunchEnvironment() { 319 void SetuidSandboxClient::SetupLaunchEnvironment() {
315 SaveSUIDUnsafeEnvironmentVariables(env_); 320 SaveSUIDUnsafeEnvironmentVariables(env_);
316 SetSandboxAPIEnvironmentVariable(env_); 321 SetSandboxAPIEnvironmentVariable(env_);
317 } 322 }
318 323
319 } // namespace sandbox 324 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698