Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(550)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/namespace_sandbox_unittest.cc

Issue 868233011: Start all children in their own PID namespace. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Respond to some comments. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/linux/services/namespace_sandbox.h ('K') | « sandbox/linux/services/namespace_sandbox.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/namespace_sandbox.h" 5 #include "sandbox/linux/services/namespace_sandbox.h"
6 6
7 #include <sys/types.h> 7 #include <sys/types.h>
8 #include <sys/wait.h> 8 #include <sys/wait.h>
9 #include <unistd.h> 9 #include <unistd.h>
10 10
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
111 int exit_code = kDummyExitCode; 111 int exit_code = kDummyExitCode;
112 CHECK(process.WaitForExit(&exit_code)); 112 CHECK(process.WaitForExit(&exit_code));
113 CHECK_EQ(0, exit_code); 113 CHECK_EQ(0, exit_code);
114 return 0; 114 return 0;
115 } 115 }
116 116
117 TEST_F(NamespaceSandboxTest, NestedNamespaceSandbox) { 117 TEST_F(NamespaceSandboxTest, NestedNamespaceSandbox) {
118 TestProc("NestedNamespaceSandbox"); 118 TestProc("NestedNamespaceSandbox");
119 } 119 }
120 120
121 const int kNormalExitCode = 0;
122 const int kSignalTerminationExitCode = 255;
123
124 SANDBOX_TEST(ForkInNewPidNamespace, BasicUsage) {
125 if (!Credentials::CanCreateProcessInNewUserNS()) {
126 return;
127 }
128
129 CHECK(sandbox::Credentials::MoveToNewUserNS());
130 const pid_t pid = NamespaceSandbox::ForkInNewPidNamespace();
131 CHECK_GE(pid, 0);
132
133 if (pid == 0) {
jln (very slow on Chromium) 2015/03/25 02:09:13 We should also check that getpid() == 1
rickyz (no longer on Chrome) 2015/03/25 22:47:46 Done.
134 _exit(kNormalExitCode);
135 }
136
137 int status;
138 PCHECK(waitpid(pid, &status, 0) == pid);
139 CHECK(WIFEXITED(status));
140 CHECK_EQ(kNormalExitCode, WEXITSTATUS(status));
141 }
142
143 SANDBOX_TEST(ForkInNewPidNamespace, ExitWithSignal) {
144 if (!Credentials::CanCreateProcessInNewUserNS()) {
145 return;
146 }
147
148 CHECK(sandbox::Credentials::MoveToNewUserNS());
149 const pid_t pid = NamespaceSandbox::ForkInNewPidNamespace();
150 CHECK_GE(pid, 0);
151
152 if (pid == 0) {
153 NamespaceSandbox::InstallTerminationSignalHandler(
154 SIGTERM, kSignalTerminationExitCode);
155 while (true) {
156 raise(SIGTERM);
157 }
158 }
159
160 int status;
161 PCHECK(waitpid(pid, &status, 0) == pid);
162 CHECK(WIFEXITED(status));
163 CHECK_EQ(kSignalTerminationExitCode, WEXITSTATUS(status));
164 }
165
121 } // namespace 166 } // namespace
122 167
123 } // namespace sandbox 168 } // namespace sandbox
OLDNEW
« sandbox/linux/services/namespace_sandbox.h ('K') | « sandbox/linux/services/namespace_sandbox.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698