sandbox/linux/services/credentials.h - Issue 851503003: Update from https://crrev.com/311076

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/services/credentials.h

Issue 851503003: Update from https://crrev.com/311076 (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/services/credentials.h

diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h

index ddc54db7e0a466f94c6880abdca6bce14295cc62..fc65afcd5f6c7e39786f0439a45b0364deaeac78 100644

--- a/sandbox/linux/services/credentials.h

+++ b/sandbox/linux/services/credentials.h

@@ -25,19 +25,16 @@ namespace sandbox {

// implemented by the Linux kernel.

class SANDBOX_EXPORT Credentials {

public:

- Credentials();

- ~Credentials();

// Drop all capabilities in the effective, inheritable and permitted sets for

// the current process.

- bool DropAllCapabilities() WARN_UNUSED_RESULT;

+ static bool DropAllCapabilities() WARN_UNUSED_RESULT;

// Return true iff there is any capability in any of the capabilities sets

// of the current process.

- bool HasAnyCapability() const;

+ static bool HasAnyCapability();

// Returns the capabilities of the current process in textual form, as

// documented in libcap2's cap_to_text(3). This is mostly useful for

// debugging and tests.

- scoped_ptr<std::string> GetCurrentCapString() const;

+ static scoped_ptr<std::string> GetCurrentCapString();

// Returns whether the kernel supports CLONE_NEWUSER and whether it would be

// possible to immediately move to a new user namespace. There is no point

@@ -52,7 +49,7 @@ class SANDBOX_EXPORT Credentials {

// change.

// If this call succeeds, the current process will be granted a full set of

// capabilities in the new namespace.

- bool MoveToNewUserNS() WARN_UNUSED_RESULT;

+ static bool MoveToNewUserNS() WARN_UNUSED_RESULT;

// Remove the ability of the process to access the file system. File

// descriptors which are already open prior to calling this API remain

@@ -65,10 +62,10 @@ class SANDBOX_EXPORT Credentials {

// are closed (for example, by checking the result of

// ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing

// that file descriptor). Otherwise it may be possible to escape the chroot.

- bool DropFileSystemAccess() WARN_UNUSED_RESULT;

+ static bool DropFileSystemAccess() WARN_UNUSED_RESULT;

private:

- DISALLOW_COPY_AND_ASSIGN(Credentials);

+ DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials);

};

} // namespace sandbox.

« no previous file with comments | « net/url_request/url_request_job_manager.cc ('k') | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »