Chromium Code Reviews Chromium Code Reviews
Issue 849893004:
Move a couple of utility functions to a new namespace_utils class. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
| 6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
| 7 | 7 |
| 8 #include "build/build_config.h" | 8 #include "build/build_config.h" |
| 9 // Link errors are tedious to track, raise a compile-time error instead. | 9 // Link errors are tedious to track, raise a compile-time error instead. |
| 10 #if defined(OS_ANDROID) | 10 #if defined(OS_ANDROID) |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 29 // the current process. | 29 // the current process. |
| 30 static bool DropAllCapabilities() WARN_UNUSED_RESULT; | 30 static bool DropAllCapabilities() WARN_UNUSED_RESULT; |
| 31 // Return true iff there is any capability in any of the capabilities sets | 31 // Return true iff there is any capability in any of the capabilities sets |
| 32 // of the current process. | 32 // of the current process. |
| 33 static bool HasAnyCapability(); | 33 static bool HasAnyCapability(); |
| 34 // Returns the capabilities of the current process in textual form, as | 34 // Returns the capabilities of the current process in textual form, as |
| 35 // documented in libcap2's cap_to_text(3). This is mostly useful for | 35 // documented in libcap2's cap_to_text(3). This is mostly useful for |
| 36 // debugging and tests. | 36 // debugging and tests. |
| 37 static scoped_ptr<std::string> GetCurrentCapString(); | 37 static scoped_ptr<std::string> GetCurrentCapString(); |
| 38 | 38 |
| 39 // Returns whether the kernel supports CLONE_NEWUSER and whether it would be | |
| 40 // possible to immediately move to a new user namespace. There is no point | |
| 41 // in using this method right before calling MoveToNewUserNS(), simply call | |
| 42 // MoveToNewUserNS() immediately. This method is only useful to test kernel | |
| 43 // support ahead of time. | |
| 44 static bool SupportsNewUserNS(); | |
|
jln (very slow on Chromium)
2015/01/23 02:48:23
I wonder if we should keep this as "CanCreateProce
rickyz (no longer on Chrome)
2015/01/23 23:59:37
Done - at this point, there pretty messy separatio
| |
| 45 | |
| 46 // Move the current process to a new "user namespace" as supported by Linux | 39 // Move the current process to a new "user namespace" as supported by Linux |
| 47 // 3.8+ (CLONE_NEWUSER). | 40 // 3.8+ (CLONE_NEWUSER). |
| 48 // The uid map will be set-up so that the perceived uid and gid will not | 41 // The uid map will be set-up so that the perceived uid and gid will not |
| 49 // change. | 42 // change. |
| 50 // If this call succeeds, the current process will be granted a full set of | 43 // If this call succeeds, the current process will be granted a full set of |
| 51 // capabilities in the new namespace. | 44 // capabilities in the new namespace. |
| 52 static bool MoveToNewUserNS() WARN_UNUSED_RESULT; | 45 static bool MoveToNewUserNS() WARN_UNUSED_RESULT; |
| 53 | 46 |
| 54 // Remove the ability of the process to access the file system. File | 47 // Remove the ability of the process to access the file system. File |
| 55 // descriptors which are already open prior to calling this API remain | 48 // descriptors which are already open prior to calling this API remain |
| 56 // available. | 49 // available. |
| 57 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT. | 50 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT. |
| 58 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API. | 51 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API. |
| 59 // Make sure to call DropAllCapabilities() after this call to prevent | 52 // Make sure to call DropAllCapabilities() after this call to prevent |
| 60 // escapes. | 53 // escapes. |
| 61 // To be secure, the caller must ensure that any directory file descriptors | 54 // To be secure, the caller must ensure that any directory file descriptors |
| 62 // are closed (for example, by checking the result of | 55 // are closed (for example, by checking the result of |
| 63 // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing | 56 // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing |
| 64 // that file descriptor). Otherwise it may be possible to escape the chroot. | 57 // that file descriptor). Otherwise it may be possible to escape the chroot. |
| 65 static bool DropFileSystemAccess() WARN_UNUSED_RESULT; | 58 static bool DropFileSystemAccess() WARN_UNUSED_RESULT; |
| 66 | 59 |
| 67 private: | 60 private: |
| 68 DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials); | 61 DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials); |
| 69 }; | 62 }; |
| 70 | 63 |
| 71 } // namespace sandbox. | 64 } // namespace sandbox. |
| 72 | 65 |
| 73 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 66 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
| OLD | NEW |
