Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(701)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 877153005: sandbox: extract SetuidSandboxHost code from SetuidSandboxClient (Closed)

Created:
5 years, 10 months ago by mdempsky
Modified:
5 years, 10 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, jln+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

sandbox: extract SetuidSandboxHost code from SetuidSandboxClient This separates the code used to "host" the setuid sandbox binary from the code used to run underneath it (i.e., the client). The primary motivation for this is so that lightweight clients (e.g., the BMM non-SFI sandbox) can avoid all of the additional dependencies required only for hosting the setuid sandbox. TBR=mseaborn@chromium.org,nasko@chromium.org BUG=455087 Committed: https://crrev.com/3cc942a3dfecc18e0b20fdc509a9608644b67036 Cr-Commit-Position: refs/heads/master@{#314734}

Patch Set 1 #

Patch Set 2 : Fix NaCl zygote delegate #

Patch Set 3 : Sync and resolve conflicts #

Total comments: 6

Patch Set 4 : Respond to rickyz feedback #

Total comments: 17

Patch Set 5 : Respond to jln/hidehiko feedback; clang-format #

Unified diffs Side-by-side diffs Delta from patch set Stats (+95 lines, -516 lines) Patch
M components/nacl/zygote/nacl_fork_delegate_linux.cc View 1 2 3 4 3 chunks +6 lines, -8 lines 0 comments Download
M content/browser/browser_main_loop.cc View 2 chunks +5 lines, -5 lines 0 comments Download
M content/browser/zygote_host/zygote_host_impl_linux.cc View 1 2 3 4 2 chunks +6 lines, -6 lines 0 comments Download
M sandbox/linux/BUILD.gn View 2 chunks +6 lines, -1 line 0 comments Download
M sandbox/linux/sandbox_linux.gypi View 1 chunk +2 lines, -0 lines 0 comments Download
M sandbox/linux/sandbox_linux_test_sources.gypi View 1 chunk +1 line, -0 lines 0 comments Download
M sandbox/linux/suid/client/setuid_sandbox_client.h View 1 2 3 4 3 chunks +9 lines, -40 lines 0 comments Download
M sandbox/linux/suid/client/setuid_sandbox_client.cc View 1 2 3 4 6 chunks +11 lines, -173 lines 0 comments Download
M sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc View 1 2 3 4 2 chunks +2 lines, -57 lines 0 comments Download
A + sandbox/linux/suid/client/setuid_sandbox_host.h View 1 2 3 4 2 chunks +18 lines, -50 lines 0 comments Download
A + sandbox/linux/suid/client/setuid_sandbox_host.cc View 1 2 3 4 8 chunks +16 lines, -134 lines 0 comments Download
A + sandbox/linux/suid/client/setuid_sandbox_host_unittest.cc View 1 2 3 4 3 chunks +13 lines, -42 lines 0 comments Download

Messages

Total messages: 21 (7 generated)
mdempsky
(Note this CL includes the changes from https://codereview.chromium.org/885673007/ and https://codereview.chromium.org/902533002/; I'll sync and resolve once ...
5 years, 10 months ago (2015-02-04 09:03:26 UTC) #2
rickyz (no longer on Chrome)
lgtm This makes the class much easier to understand. Before this, I had to spend ...
5 years, 10 months ago (2015-02-04 10:46:00 UTC) #3
mdempsky
https://codereview.chromium.org/877153005/diff/40001/sandbox/linux/suid/client/setuid_sandbox_client.cc File sandbox/linux/suid/client/setuid_sandbox_client.cc (right): https://codereview.chromium.org/877153005/diff/40001/sandbox/linux/suid/client/setuid_sandbox_client.cc#newcode24 sandbox/linux/suid/client/setuid_sandbox_client.cc:24: base::ScopedFD self_exe(HANDLE_EINTR(open("/", O_RDONLY))); On 2015/02/04 10:46:00, rickyz wrote: > ...
5 years, 10 months ago (2015-02-04 10:53:29 UTC) #5
hidehiko
LGTM. Thank you very much for your quick work! https://codereview.chromium.org/877153005/diff/60001/sandbox/linux/suid/client/setuid_sandbox_client.cc File sandbox/linux/suid/client/setuid_sandbox_client.cc (right): https://codereview.chromium.org/877153005/diff/60001/sandbox/linux/suid/client/setuid_sandbox_client.cc#newcode64 sandbox/linux/suid/client/setuid_sandbox_client.cc:64: ...
5 years, 10 months ago (2015-02-04 15:40:05 UTC) #6
jln (very slow on Chromium)
lgtm And +1 to hidehiko's comment to make env a scoped_ptr, but up to you. ...
5 years, 10 months ago (2015-02-04 23:28:25 UTC) #7
mdempsky
https://codereview.chromium.org/877153005/diff/60001/sandbox/linux/suid/client/setuid_sandbox_client.cc File sandbox/linux/suid/client/setuid_sandbox_client.cc (right): https://codereview.chromium.org/877153005/diff/60001/sandbox/linux/suid/client/setuid_sandbox_client.cc#newcode64 sandbox/linux/suid/client/setuid_sandbox_client.cc:64: SetuidSandboxClient* SetuidSandboxClient::Create() { On 2015/02/04 15:40:05, hidehiko wrote: > ...
5 years, 10 months ago (2015-02-05 03:02:08 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/877153005/80001
5 years, 10 months ago (2015-02-05 03:14:32 UTC) #11
commit-bot: I haz the power
Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/40606)
5 years, 10 months ago (2015-02-05 03:20:42 UTC) #13
mdempsky
mseaborn: TBR'ing you for trivial refactoring to components/nacl/zygote/nacl_fork_delegate_linux.cc nasko: TBR'ing you for trivial refactoring to ...
5 years, 10 months ago (2015-02-05 03:22:31 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/877153005/80001
5 years, 10 months ago (2015-02-05 03:24:26 UTC) #17
commit-bot: I haz the power
Committed patchset #5 (id:80001)
5 years, 10 months ago (2015-02-05 03:29:54 UTC) #18
commit-bot: I haz the power
Patchset 5 (id:??) landed as https://crrev.com/3cc942a3dfecc18e0b20fdc509a9608644b67036 Cr-Commit-Position: refs/heads/master@{#314734}
5 years, 10 months ago (2015-02-05 03:31:06 UTC) #19
nasko
Retroactive LGTM on content/
5 years, 10 months ago (2015-02-05 18:03:09 UTC) #20
Mark Seaborn
5 years, 10 months ago (2015-02-05 23:54:47 UTC) #21
Message was sent while issue was closed. 
LGTM for components/nacl/zygote/nacl_fork_delegate_linux.cc, for the record.

Powered by Google App Engine
This is Rietveld 408576698