Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(480)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 847723003: Revert of Linux Sandbox: move init processes to new session id. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" 5 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <stdlib.h> 8 #include <stdlib.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 return false; 201 return false;
202 } 202 }
203 203
204 // We now consider ourselves "fully sandboxed" as far as the 204 // We now consider ourselves "fully sandboxed" as far as the
205 // setuid sandbox is concerned. 205 // setuid sandbox is concerned.
206 CHECK(IsFileSystemAccessDenied()); 206 CHECK(IsFileSystemAccessDenied());
207 sandboxed_ = true; 207 sandboxed_ = true;
208 return true; 208 return true;
209 } 209 }
210 210
211 bool SetuidSandboxClient::CreateNewSession() {
212 // This could fail if the process is already a process group leader.
213 return 0 < setsid();
214 }
215
216 bool SetuidSandboxClient::CreateInitProcessReaper( 211 bool SetuidSandboxClient::CreateInitProcessReaper(
217 base::Closure* post_fork_parent_callback) { 212 base::Closure* post_fork_parent_callback) {
218 return sandbox::CreateInitProcessReaper(post_fork_parent_callback); 213 return sandbox::CreateInitProcessReaper(post_fork_parent_callback);
219 } 214 }
220 215
221 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { 216 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
222 return GetHelperApi(env_) == kSUIDSandboxApiNumber; 217 return GetHelperApi(env_) == kSUIDSandboxApiNumber;
223 } 218 }
224 219
225 bool SetuidSandboxClient::IsSuidSandboxChild() const { 220 bool SetuidSandboxClient::IsSuidSandboxChild() const {
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
315 // kZygoteIdFd. Fixing this requires a sandbox API change. :( 310 // kZygoteIdFd. Fixing this requires a sandbox API change. :(
316 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd)); 311 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd));
317 } 312 }
318 313
319 void SetuidSandboxClient::SetupLaunchEnvironment() { 314 void SetuidSandboxClient::SetupLaunchEnvironment() {
320 SaveSUIDUnsafeEnvironmentVariables(env_); 315 SaveSUIDUnsafeEnvironmentVariables(env_);
321 SetSandboxAPIEnvironmentVariable(env_); 316 SetSandboxAPIEnvironmentVariable(env_);
322 } 317 }
323 318
324 } // namespace sandbox 319 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698