Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(321)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 938223004: Linux sandbox: better APIs with /proc/ arguments (Closed)

Created:
5 years, 10 months ago by jln (very slow on Chromium)
Modified:
5 years, 10 months ago
Reviewers:
mdempsky
CC:
chromium-reviews, darin-cc_chromium.org, jam, rickyz+watch_chromium.org, jln+watch_chromium.org, rickyz (no longer on Chrome)
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Linux sandbox: better APIs with /proc/ arguments Unify sandbox:: APIs to always take /proc/ file descriptors instead of /proc/self/ or /proc/self/task/. Moreover, require |proc_fd| arguments to critical APIs rather than rely on the caller to perform the right checks. A descriptor to /proc is a better choice than a descriptor to /proc/self/* because it keeps the same semantics after a fork(). BUG=312380, 457377 TBR=nasko Committed: https://crrev.com/4d91216184b506a9f0a623919862250f65d4f3e4 Cr-Commit-Position: refs/heads/master@{#317757}

Patch Set 1 #

Total comments: 1

Patch Set 2 : #

Patch Set 3 : Fix invalid proc_fd_ usage. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+188 lines, -187 lines) Patch
M components/nacl/loader/nonsfi/nonsfi_sandbox.h View 1 chunk +1 line, -1 line 0 comments Download
M components/nacl/loader/nonsfi/nonsfi_sandbox.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h View 1 chunk +1 line, -1 line 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc View 1 2 4 chunks +11 lines, -22 lines 0 comments Download
M content/common/sandbox_linux/sandbox_init_linux.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M content/common/sandbox_linux/sandbox_linux.cc View 5 chunks +22 lines, -25 lines 0 comments Download
M content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h View 1 chunk +2 lines, -2 lines 0 comments Download
M content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc View 8 chunks +9 lines, -9 lines 0 comments Download
M content/public/common/sandbox_init.h View 1 chunk +2 lines, -2 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf.h View 2 chunks +4 lines, -4 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf.cc View 6 chunks +11 lines, -11 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc View 1 chunk +1 line, -1 line 0 comments Download
M sandbox/linux/services/credentials.h View 2 chunks +13 lines, -7 lines 0 comments Download
M sandbox/linux/services/credentials.cc View 4 chunks +15 lines, -2 lines 0 comments Download
M sandbox/linux/services/credentials_unittest.cc View 3 chunks +6 lines, -4 lines 0 comments Download
M sandbox/linux/services/namespace_sandbox_unittest.cc View 2 chunks +2 lines, -1 line 0 comments Download
M sandbox/linux/services/proc_util.h View 2 chunks +6 lines, -8 lines 0 comments Download
M sandbox/linux/services/proc_util.cc View 3 chunks +21 lines, -25 lines 0 comments Download
M sandbox/linux/services/proc_util_unittest.cc View 1 2 chunks +9 lines, -9 lines 0 comments Download
M sandbox/linux/services/thread_helpers.h View 1 chunk +5 lines, -6 lines 0 comments Download
M sandbox/linux/services/thread_helpers.cc View 4 chunks +20 lines, -20 lines 0 comments Download
M sandbox/linux/services/thread_helpers_unittests.cc View 1 chunk +21 lines, -21 lines 0 comments Download

Messages

Total messages: 9 (3 generated)
jln (very slow on Chromium)
Matthew: PTAL! https://codereview.chromium.org/938223004/diff/1/content/common/sandbox_linux/sandbox_linux.cc File content/common/sandbox_linux/sandbox_linux.cc (right): https://codereview.chromium.org/938223004/diff/1/content/common/sandbox_linux/sandbox_linux.cc#newcode81 content/common/sandbox_linux/sandbox_linux.cc:81: // TODO(jln): get rid of this ugly ...
5 years, 10 months ago (2015-02-24 01:45:38 UTC) #2
mdempsky
lgtm
5 years, 10 months ago (2015-02-24 02:19:53 UTC) #3
jln (very slow on Chromium)
On 2015/02/24 02:19:53, mdempsky wrote: > lgtm Thanks Matthew! Nasko: TBR for content/public/common/sandbox_init.h
5 years, 10 months ago (2015-02-24 04:59:52 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/938223004/40001
5 years, 10 months ago (2015-02-24 05:03:28 UTC) #7
commit-bot: I haz the power
Committed patchset #3 (id:40001)
5 years, 10 months ago (2015-02-24 05:54:40 UTC) #8
commit-bot: I haz the power
5 years, 10 months ago (2015-02-24 05:55:29 UTC) #9
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/4d91216184b506a9f0a623919862250f65d4f3e4
Cr-Commit-Position: refs/heads/master@{#317757}

Powered by Google App Engine
This is Rietveld 408576698