Chromium Code Reviews Chromium Code Reviews
Issue 868233011:
Start all children in their own PID namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/common/sandbox_linux/sandbox_linux.h |
| diff --git a/content/common/sandbox_linux/sandbox_linux.h b/content/common/sandbox_linux/sandbox_linux.h |
| index 12aabcfc06da020d693ae8b721beb90f805723d1..1f5163da2650b874dda84e153b3887bb62fb0d0f 100644 |
| --- a/content/common/sandbox_linux/sandbox_linux.h |
| +++ b/content/common/sandbox_linux/sandbox_linux.h |
| @@ -118,6 +118,10 @@ class LinuxSandbox { |
| // to make some vulnerabilities harder to exploit. |
| bool LimitAddressSpace(const std::string& process_type); |
| + // Returns a file descriptor to proc. The file descriptor is no longer valid |
| + // after the sandbox has been sealed. |
|
mdempsky
2015/03/27 20:32:11
Can/should we CHECK/DCHECK for this?
rickyz (no longer on Chrome)
2015/03/27 21:08:02
Done.
|
| + int proc_fd() const { return proc_fd_; } |
| + |
| #if defined(ANY_OF_AMTLU_SANITIZER) |
| __sanitizer_sandbox_arguments* sanitizer_args() const { |
| return sanitizer_args_.get(); |
