| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ | 5 #ifndef SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ |
| 6 #define SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ | 6 #define SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ |
| 7 | 7 |
| 8 #include <string> |
| 9 #include <vector> |
| 10 |
| 8 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 9 #include "base/macros.h" | 12 #include "base/macros.h" |
| 10 #include "base/process/launch.h" | 13 #include "base/process/launch.h" |
| 11 #include "base/process/process.h" | 14 #include "base/process/process.h" |
| 12 #include "sandbox/sandbox_export.h" | 15 #include "sandbox/sandbox_export.h" |
| 13 | 16 |
| 14 namespace sandbox { | 17 namespace sandbox { |
| 15 | 18 |
| 16 // Helper class for starting a process inside a new user, PID, and network | 19 // Helper class for starting a process inside a new user, PID, and network |
| 17 // namespace. Before using a namespace sandbox, check for namespaces support | 20 // namespace. Before using a namespace sandbox, check for namespaces support |
| (...skipping 16 matching lines...) Expand all Loading... |
| 34 public: | 37 public: |
| 35 // Launch a new process inside its own user/PID/network namespaces (depending | 38 // Launch a new process inside its own user/PID/network namespaces (depending |
| 36 // on kernel support). Requires at a minimum that user namespaces are | 39 // on kernel support). Requires at a minimum that user namespaces are |
| 37 // supported (use Credentials::CanCreateProcessInNewUserNS to check this). | 40 // supported (use Credentials::CanCreateProcessInNewUserNS to check this). |
| 38 // | 41 // |
| 39 // pre_exec_delegate and clone_flags fields of LaunchOptions should be nullptr | 42 // pre_exec_delegate and clone_flags fields of LaunchOptions should be nullptr |
| 40 // and 0, respectively, since this function makes a copy of options and | 43 // and 0, respectively, since this function makes a copy of options and |
| 41 // overrides them. | 44 // overrides them. |
| 42 static base::Process LaunchProcess(const base::CommandLine& cmdline, | 45 static base::Process LaunchProcess(const base::CommandLine& cmdline, |
| 43 const base::LaunchOptions& options); | 46 const base::LaunchOptions& options); |
| 47 static base::Process LaunchProcess(const std::vector<std::string>& argv, |
| 48 const base::LaunchOptions& options); |
| 44 | 49 |
| 45 // Returns whether the namespace sandbox created a new user, PID, and network | 50 // Returns whether the namespace sandbox created a new user, PID, and network |
| 46 // namespace. In particular, InNewUserNamespace should return true iff the | 51 // namespace. In particular, InNewUserNamespace should return true iff the |
| 47 // process was started via this class. | 52 // process was started via this class. |
| 48 static bool InNewUserNamespace(); | 53 static bool InNewUserNamespace(); |
| 49 static bool InNewPidNamespace(); | 54 static bool InNewPidNamespace(); |
| 50 static bool InNewNetNamespace(); | 55 static bool InNewNetNamespace(); |
| 51 | 56 |
| 52 private: | 57 private: |
| 53 DISALLOW_IMPLICIT_CONSTRUCTORS(NamespaceSandbox); | 58 DISALLOW_IMPLICIT_CONSTRUCTORS(NamespaceSandbox); |
| 54 }; | 59 }; |
| 55 | 60 |
| 56 } // namespace sandbox | 61 } // namespace sandbox |
| 57 | 62 |
| 58 #endif // SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ | 63 #endif // SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 897723005:
Allow using the namespace sandbox in zygote host. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master