Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

Issue 847723003: Revert of Linux Sandbox: move init processes to new session id. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
83 CHECK(!IsSandboxed()) << "Unexpectedly sandboxed!"; 83 CHECK(!IsSandboxed()) << "Unexpectedly sandboxed!";
84 84
85 if (setuid_sandbox_client_->IsSuidSandboxChild()) { 85 if (setuid_sandbox_client_->IsSuidSandboxChild()) {
86 setuid_sandbox_client_->CloseDummyFile(); 86 setuid_sandbox_client_->CloseDummyFile();
87 87
88 // Make sure that no directory file descriptor is open, as it would bypass 88 // Make sure that no directory file descriptor is open, as it would bypass
89 // the setuid sandbox model. 89 // the setuid sandbox model.
90 CHECK(!HasOpenDirectory()); 90 CHECK(!HasOpenDirectory());
91 91
92 // Get sandboxed. 92 // Get sandboxed.
93 CHECK(setuid_sandbox_client_->CreateNewSession());
94 CHECK(setuid_sandbox_client_->ChrootMe()); 93 CHECK(setuid_sandbox_client_->ChrootMe());
95 CHECK(IsSandboxed()); 94 CHECK(IsSandboxed());
96 layer_one_enabled_ = true; 95 layer_one_enabled_ = true;
97 } 96 }
98 } 97 }
99 98
100 void NaClSandbox::CheckForExpectedNumberOfOpenFds() { 99 void NaClSandbox::CheckForExpectedNumberOfOpenFds() {
101 if (setuid_sandbox_client_->IsSuidSandboxChild()) { 100 if (setuid_sandbox_client_->IsSuidSandboxChild()) {
102 // We expect to have the following FDs open: 101 // We expect to have the following FDs open:
103 // 1-3) stdin, stdout, stderr. 102 // 1-3) stdin, stdout, stderr.
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
167 static const char kNoBpfMsg[] = 166 static const char kNoBpfMsg[] =
168 "The seccomp-bpf sandbox is not engaged for NaCl:"; 167 "The seccomp-bpf sandbox is not engaged for NaCl:";
169 if (can_be_no_sandbox) 168 if (can_be_no_sandbox)
170 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; 169 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg;
171 else 170 else
172 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; 171 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg;
173 } 172 }
174 } 173 }
175 174
176 } // namespace nacl 175 } // namespace nacl
OLDNEW
« no previous file with comments | « no previous file | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698