| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
| 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
| 7 | 7 |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 // Should be called every time a Zygote child died. | 75 // Should be called every time a Zygote child died. |
| 76 void ZygoteChildDied(pid_t process); | 76 void ZygoteChildDied(pid_t process); |
| 77 | 77 |
| 78 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the | 78 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the |
| 79 // included file descriptors will also be passed. The caller is responsible | 79 // included file descriptors will also be passed. The caller is responsible |
| 80 // for acquiring |control_lock_|. | 80 // for acquiring |control_lock_|. |
| 81 bool SendMessage(const Pickle& data, const std::vector<int>* fds); | 81 bool SendMessage(const Pickle& data, const std::vector<int>* fds); |
| 82 | 82 |
| 83 ssize_t ReadReply(void* buf, size_t buflen); | 83 ssize_t ReadReply(void* buf, size_t buflen); |
| 84 | 84 |
| 85 // Whether we should use the namespace sandbox instead of the setuid sandbox. |
| 86 // Currently, the namespace sandbox is enabled when sandboxing is not |
| 87 // disabled, the enable-namespace-sandbox switch is set, user namespaces are |
| 88 // supported, and seccomp BPF is supported. |
| 89 bool ShouldUseNamespaceSandbox(); |
| 90 |
| 85 int control_fd_; // the socket to the zygote | 91 int control_fd_; // the socket to the zygote |
| 86 // A lock protecting all communication with the zygote. This lock must be | 92 // A lock protecting all communication with the zygote. This lock must be |
| 87 // acquired before sending a command and released after the result has been | 93 // acquired before sending a command and released after the result has been |
| 88 // received. | 94 // received. |
| 89 base::Lock control_lock_; | 95 base::Lock control_lock_; |
| 90 pid_t pid_; | 96 pid_t pid_; |
| 91 bool init_; | 97 bool init_; |
| 92 bool using_suid_sandbox_; | 98 bool using_suid_sandbox_; |
| 93 std::string sandbox_binary_; | 99 std::string sandbox_binary_; |
| 94 bool have_read_sandbox_status_word_; | 100 bool have_read_sandbox_status_word_; |
| 95 int sandbox_status_; | 101 int sandbox_status_; |
| 96 // A lock protecting list_of_running_zygote_children_ and | 102 // A lock protecting list_of_running_zygote_children_ and |
| 97 // should_teardown_after_last_child_exits_. | 103 // should_teardown_after_last_child_exits_. |
| 98 base::Lock child_tracking_lock_; | 104 base::Lock child_tracking_lock_; |
| 99 std::set<pid_t> list_of_running_zygote_children_; | 105 std::set<pid_t> list_of_running_zygote_children_; |
| 100 bool should_teardown_after_last_child_exits_; | 106 bool should_teardown_after_last_child_exits_; |
| 101 }; | 107 }; |
| 102 | 108 |
| 103 } // namespace content | 109 } // namespace content |
| 104 | 110 |
| 105 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ | 111 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 897723005:
Allow using the namespace sandbox in zygote host. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master