| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/namespace_sandbox.h" | 5 #include "sandbox/linux/services/namespace_sandbox.h" |
| 6 | 6 |
| 7 #include <sys/types.h> | 7 #include <sys/types.h> |
| 8 #include <sys/wait.h> | 8 #include <sys/wait.h> |
| 9 #include <unistd.h> | 9 #include <unistd.h> |
| 10 | 10 |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 } | 83 } |
| 84 | 84 |
| 85 MULTIPROCESS_TEST_MAIN(ChrootMe) { | 85 MULTIPROCESS_TEST_MAIN(ChrootMe) { |
| 86 CHECK(!RootDirectoryIsEmpty()); | 86 CHECK(!RootDirectoryIsEmpty()); |
| 87 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 87 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
| 88 CHECK(sandbox::Credentials::DropFileSystemAccess()); | 88 CHECK(sandbox::Credentials::DropFileSystemAccess()); |
| 89 CHECK(RootDirectoryIsEmpty()); | 89 CHECK(RootDirectoryIsEmpty()); |
| 90 return 0; | 90 return 0; |
| 91 } | 91 } |
| 92 | 92 |
| 93 TEST_F(NamespaceSandboxTest, ChrootAndDropCapabilities) { | 93 // Temporarily disabled on ASAN due to crbug.com/451603. |
| 94 TEST_F(NamespaceSandboxTest, DISABLE_ON_ASAN(ChrootAndDropCapabilities)) { |
| 94 TestProc("ChrootMe"); | 95 TestProc("ChrootMe"); |
| 95 } | 96 } |
| 96 | 97 |
| 97 MULTIPROCESS_TEST_MAIN(NestedNamespaceSandbox) { | 98 MULTIPROCESS_TEST_MAIN(NestedNamespaceSandbox) { |
| 98 base::FileHandleMappingVector fds_to_remap = { | 99 base::FileHandleMappingVector fds_to_remap = { |
| 99 std::make_pair(STDOUT_FILENO, STDOUT_FILENO), | 100 std::make_pair(STDOUT_FILENO, STDOUT_FILENO), |
| 100 std::make_pair(STDERR_FILENO, STDERR_FILENO), | 101 std::make_pair(STDERR_FILENO, STDERR_FILENO), |
| 101 }; | 102 }; |
| 102 base::LaunchOptions launch_options; | 103 base::LaunchOptions launch_options; |
| 103 launch_options.fds_to_remap = &fds_to_remap; | 104 launch_options.fds_to_remap = &fds_to_remap; |
| 104 base::Process process = NamespaceSandbox::LaunchProcess( | 105 base::Process process = NamespaceSandbox::LaunchProcess( |
| 105 base::CommandLine(base::FilePath("/bin/true")), launch_options); | 106 base::CommandLine(base::FilePath("/bin/true")), launch_options); |
| 106 CHECK(process.IsValid()); | 107 CHECK(process.IsValid()); |
| 107 | 108 |
| 108 const int kDummyExitCode = 42; | 109 const int kDummyExitCode = 42; |
| 109 int exit_code = kDummyExitCode; | 110 int exit_code = kDummyExitCode; |
| 110 CHECK(process.WaitForExit(&exit_code)); | 111 CHECK(process.WaitForExit(&exit_code)); |
| 111 CHECK_EQ(0, exit_code); | 112 CHECK_EQ(0, exit_code); |
| 112 return 0; | 113 return 0; |
| 113 } | 114 } |
| 114 | 115 |
| 115 TEST_F(NamespaceSandboxTest, NestedNamespaceSandbox) { | 116 TEST_F(NamespaceSandboxTest, NestedNamespaceSandbox) { |
| 116 TestProc("NestedNamespaceSandbox"); | 117 TestProc("NestedNamespaceSandbox"); |
| 117 } | 118 } |
| 118 | 119 |
| 119 } // namespace | 120 } // namespace |
| 120 | 121 |
| 121 } // namespace sandbox | 122 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 903273002:
Update from https://crrev.com/315085 (Closed)
Base URL: git@github.com:domokit/mojo.git@master