Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(601)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_main_linux.cc

Issue 847723003: Revert of Linux Sandbox: move init processes to new session id. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | sandbox/linux/suid/client/setuid_sandbox_client.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/zygote/zygote_main.h" 5 #include "content/zygote/zygote_main.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after
410 // be enabled by the process later. 410 // be enabled by the process later.
411 411
412 if (!setuid_sandbox->IsSuidSandboxUpToDate()) { 412 if (!setuid_sandbox->IsSuidSandboxUpToDate()) {
413 LOG(WARNING) << 413 LOG(WARNING) <<
414 "You are using a wrong version of the setuid binary!\n" 414 "You are using a wrong version of the setuid binary!\n"
415 "Please read " 415 "Please read "
416 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment." 416 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment."
417 "\n\n"; 417 "\n\n";
418 } 418 }
419 419
420 CHECK(setuid_sandbox->CreateNewSession());
421
422 if (!setuid_sandbox->ChrootMe()) 420 if (!setuid_sandbox->ChrootMe())
423 return false; 421 return false;
424 422
425 if (setuid_sandbox->IsInNewPIDNamespace()) { 423 if (setuid_sandbox->IsInNewPIDNamespace()) {
426 CHECK_EQ(1, getpid()) 424 CHECK_EQ(1, getpid())
427 << "The SUID sandbox created a new PID namespace but Zygote " 425 << "The SUID sandbox created a new PID namespace but Zygote "
428 "is not the init process. Please, make sure the SUID " 426 "is not the init process. Please, make sure the SUID "
429 "binary is up to date."; 427 "binary is up to date.";
430 } 428 }
431 429
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
642 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; 640 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID;
643 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); 641 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged);
644 642
645 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, 643 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children,
646 extra_fds); 644 extra_fds);
647 // This function call can return multiple times, once per fork(). 645 // This function call can return multiple times, once per fork().
648 return zygote.ProcessRequests(); 646 return zygote.ProcessRequests();
649 } 647 }
650 648
651 } // namespace content 649 } // namespace content
OLDNEW
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | sandbox/linux/suid/client/setuid_sandbox_client.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698