OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 // Should be called every time a Zygote child died. | 75 // Should be called every time a Zygote child died. |
76 void ZygoteChildDied(pid_t process); | 76 void ZygoteChildDied(pid_t process); |
77 | 77 |
78 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the | 78 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the |
79 // included file descriptors will also be passed. The caller is responsible | 79 // included file descriptors will also be passed. The caller is responsible |
80 // for acquiring |control_lock_|. | 80 // for acquiring |control_lock_|. |
81 bool SendMessage(const Pickle& data, const std::vector<int>* fds); | 81 bool SendMessage(const Pickle& data, const std::vector<int>* fds); |
82 | 82 |
83 ssize_t ReadReply(void* buf, size_t buflen); | 83 ssize_t ReadReply(void* buf, size_t buflen); |
84 | 84 |
| 85 // Whether we should use the namespace sandbox instead of the setuid sandbox. |
| 86 // Currently, the namespace sandbox is enabled when sandboxing is not |
| 87 // disabled, the enable-namespace-sandbox switch is set, user namespaces are |
| 88 // supported, and seccomp BPF is supported. |
| 89 bool ShouldUseNamespaceSandbox(); |
| 90 |
85 int control_fd_; // the socket to the zygote | 91 int control_fd_; // the socket to the zygote |
86 // A lock protecting all communication with the zygote. This lock must be | 92 // A lock protecting all communication with the zygote. This lock must be |
87 // acquired before sending a command and released after the result has been | 93 // acquired before sending a command and released after the result has been |
88 // received. | 94 // received. |
89 base::Lock control_lock_; | 95 base::Lock control_lock_; |
90 pid_t pid_; | 96 pid_t pid_; |
91 bool init_; | 97 bool init_; |
92 bool using_suid_sandbox_; | 98 bool using_suid_sandbox_; |
93 std::string sandbox_binary_; | 99 std::string sandbox_binary_; |
94 bool have_read_sandbox_status_word_; | 100 bool have_read_sandbox_status_word_; |
95 int sandbox_status_; | 101 int sandbox_status_; |
96 // A lock protecting list_of_running_zygote_children_ and | 102 // A lock protecting list_of_running_zygote_children_ and |
97 // should_teardown_after_last_child_exits_. | 103 // should_teardown_after_last_child_exits_. |
98 base::Lock child_tracking_lock_; | 104 base::Lock child_tracking_lock_; |
99 std::set<pid_t> list_of_running_zygote_children_; | 105 std::set<pid_t> list_of_running_zygote_children_; |
100 bool should_teardown_after_last_child_exits_; | 106 bool should_teardown_after_last_child_exits_; |
101 }; | 107 }; |
102 | 108 |
103 } // namespace content | 109 } // namespace content |
104 | 110 |
105 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 111 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
OLD | NEW |