Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(335)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.h

Issue 885443002: Roll Chrome into Mojo. (Closed) Base URL: https://github.com/domokit/mojo.git@master
Patch Set: Rebase to ToT mojo Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc ('k') | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
7 7
8 #include "build/build_config.h" 8 #include "build/build_config.h"
9 // Link errors are tedious to track, raise a compile-time error instead. 9 // Link errors are tedious to track, raise a compile-time error instead.
10 #if defined(OS_ANDROID) 10 #if defined(OS_ANDROID)
(...skipping 21 matching lines...) Expand all
32 // of the current process. 32 // of the current process.
33 static bool HasAnyCapability(); 33 static bool HasAnyCapability();
34 // Returns the capabilities of the current process in textual form, as 34 // Returns the capabilities of the current process in textual form, as
35 // documented in libcap2's cap_to_text(3). This is mostly useful for 35 // documented in libcap2's cap_to_text(3). This is mostly useful for
36 // debugging and tests. 36 // debugging and tests.
37 static scoped_ptr<std::string> GetCurrentCapString(); 37 static scoped_ptr<std::string> GetCurrentCapString();
38 38
39 // Returns whether the kernel supports CLONE_NEWUSER and whether it would be 39 // Returns whether the kernel supports CLONE_NEWUSER and whether it would be
40 // possible to immediately move to a new user namespace. There is no point 40 // possible to immediately move to a new user namespace. There is no point
41 // in using this method right before calling MoveToNewUserNS(), simply call 41 // in using this method right before calling MoveToNewUserNS(), simply call
42 // MoveToNewUserNS() immediately. This method is only useful to test kernel 42 // MoveToNewUserNS() immediately. This method is only useful to test the
43 // support ahead of time. 43 // ability to move to a user namespace ahead of time.
44 static bool SupportsNewUserNS(); 44 static bool CanCreateProcessInNewUserNS();
45 45
46 // Move the current process to a new "user namespace" as supported by Linux 46 // Move the current process to a new "user namespace" as supported by Linux
47 // 3.8+ (CLONE_NEWUSER). 47 // 3.8+ (CLONE_NEWUSER).
48 // The uid map will be set-up so that the perceived uid and gid will not 48 // The uid map will be set-up so that the perceived uid and gid will not
49 // change. 49 // change.
50 // If this call succeeds, the current process will be granted a full set of 50 // If this call succeeds, the current process will be granted a full set of
51 // capabilities in the new namespace. 51 // capabilities in the new namespace.
52 static bool MoveToNewUserNS() WARN_UNUSED_RESULT; 52 static bool MoveToNewUserNS() WARN_UNUSED_RESULT;
53 53
54 // Remove the ability of the process to access the file system. File 54 // Remove the ability of the process to access the file system. File
55 // descriptors which are already open prior to calling this API remain 55 // descriptors which are already open prior to calling this API remain
56 // available. 56 // available.
57 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT. 57 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT.
58 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API. 58 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API.
59 // Make sure to call DropAllCapabilities() after this call to prevent 59 // Make sure to call DropAllCapabilities() after this call to prevent
60 // escapes. 60 // escapes.
61 // To be secure, the caller must ensure that any directory file descriptors 61 // To be secure, the caller must ensure that any directory file descriptors
62 // are closed (for example, by checking the result of 62 // are closed (for example, by checking the result of
63 // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing 63 // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing
64 // that file descriptor). Otherwise it may be possible to escape the chroot. 64 // that file descriptor). Otherwise it may be possible to escape the chroot.
65 static bool DropFileSystemAccess() WARN_UNUSED_RESULT; 65 static bool DropFileSystemAccess() WARN_UNUSED_RESULT;
66 66
67 private: 67 private:
68 DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials); 68 DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials);
69 }; 69 };
70 70
71 } // namespace sandbox. 71 } // namespace sandbox.
72 72
73 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ 73 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc ('k') | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698