DescriptionNamespace sandbox: add important security checks
When engaging the namespace sandbox, add important checks that the process
is single threaded and has no directory file descriptor open.
As part of this change, move the function engaging the namespace
sandbox from the Zygote to the LinuxSandbox class.
BUG=457377, 312380
Committed: https://crrev.com/b94f6817d3a0e20ec5c3393a4eb13dd360acbd4e
Cr-Commit-Position: refs/heads/master@{#315932}
Patch Set 1 #Patch Set 2 : Update NaCl as well. #Patch Set 3 : Rebase #Patch Set 4 : include <errno.h> #Patch Set 5 : Rename files to _linux.* #Patch Set 6 : Better documentation. #
Total comments: 12
Patch Set 7 : Address comments. #
Total comments: 2
Patch Set 8 : Rebase #
Messages
Total messages: 18 (7 generated)
|