sandbox/linux/seccomp-bpf/sandbox_bpf.cc - Issue 935333002: Update from https://crrev.com/316786

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Issue 935333002: Update from https://crrev.com/316786 (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

index d51fa78149c994f92a0894a5a45c8689ae64b760..31975a1b98e33539d60a977cf70e789d09ecd6d5 100644

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc

@@ -27,16 +27,18 @@

#include "sandbox/linux/bpf_dsl/dump_bpf.h"

#include "sandbox/linux/bpf_dsl/policy.h"

#include "sandbox/linux/bpf_dsl/policy_compiler.h"

+#include "sandbox/linux/bpf_dsl/seccomp_macros.h"

#include "sandbox/linux/bpf_dsl/syscall_set.h"

#include "sandbox/linux/seccomp-bpf/die.h"

#include "sandbox/linux/seccomp-bpf/errorcode.h"

-#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"

#include "sandbox/linux/seccomp-bpf/syscall.h"

#include "sandbox/linux/seccomp-bpf/trap.h"

#include "sandbox/linux/seccomp-bpf/verifier.h"

-#include "sandbox/linux/services/linux_syscalls.h"

+#include "sandbox/linux/services/proc_util.h"

#include "sandbox/linux/services/syscall_wrappers.h"

#include "sandbox/linux/services/thread_helpers.h"

+#include "sandbox/linux/system_headers/linux_seccomp.h"

+#include "sandbox/linux/system_headers/linux_syscalls.h"

namespace sandbox {

@@ -116,13 +118,16 @@ bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level) {

return false;

}

+ if (!proc_task_fd_.is_valid()) {

+ SetProcTaskFd(ProcUtil::OpenProcSelfTask());

+ }

const bool supports_tsync = KernelSupportsSeccompTsync();

if (seccomp_level == SeccompLevel::SINGLE_THREADED) {

- if (!IsSingleThreaded(proc_task_fd_.get())) {

- SANDBOX_DIE("Cannot start sandbox; process is already multi-threaded");

- return false;

- }

+ // Wait for /proc/self/task/ to update if needed and assert the

+ // process is single threaded.

+ ThreadHelpers::AssertSingleThreaded(proc_task_fd_.get());

} else if (seccomp_level == SeccompLevel::MULTI_THREADED) {

if (IsSingleThreaded(proc_task_fd_.get())) {

SANDBOX_DIE("Cannot start sandbox; "

« no previous file with comments | « sandbox/linux/seccomp-bpf/linux_seccomp.h ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('j') | no next file with comments »