Index: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc |
diff --git a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc |
index dfe177c8a0e02d89af96a4c2baf83f71287a30cd..9fd81bcfae958dd44beee4ba363bbb604060917e 100644 |
--- a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc |
+++ b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc |
@@ -48,15 +48,6 @@ bool IsSandboxed() { |
return true; |
} |
-// Open a new file descriptor to /proc/self/task/ by using |
-// |proc_fd|. |
-base::ScopedFD GetProcSelfTask(int proc_fd) { |
- base::ScopedFD proc_self_task(HANDLE_EINTR( |
- openat(proc_fd, "self/task/", O_RDONLY | O_DIRECTORY | O_CLOEXEC))); |
- PCHECK(proc_self_task.is_valid()); |
- return proc_self_task.Pass(); |
-} |
- |
bool MaybeSetProcessNonDumpable() { |
const base::CommandLine& command_line = |
*base::CommandLine::ForCurrentProcess(); |
@@ -122,8 +113,7 @@ NaClSandbox::~NaClSandbox() { |
bool NaClSandbox::IsSingleThreaded() { |
CHECK(proc_fd_.is_valid()); |
- base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get())); |
- return sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get()); |
+ return sandbox::ThreadHelpers::IsSingleThreaded(proc_fd_.get()); |
} |
bool NaClSandbox::HasOpenDirectory() { |
@@ -149,11 +139,10 @@ void NaClSandbox::InitializeLayerOneSandbox() { |
layer_one_enabled_ = true; |
} else if (sandbox::NamespaceSandbox::InNewUserNamespace()) { |
CHECK(sandbox::Credentials::MoveToNewUserNS()); |
- // This relies on SealLayerOneSandbox() to be called later. |
- CHECK(!HasOpenDirectory()); |
- CHECK(sandbox::Credentials::DropFileSystemAccess()); |
- CHECK(IsSingleThreaded()); |
- CHECK(sandbox::Credentials::DropAllCapabilities()); |
+ // This relies on SealLayerOneSandbox() to be called later since this |
+ // class is keeping a file descriptor to /proc/. |
+ CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get())); |
+ CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get())); |
CHECK(IsSandboxed()); |
layer_one_enabled_ = true; |
} |
@@ -189,19 +178,19 @@ void NaClSandbox::InitializeLayerTwoSandbox(bool uses_nonsfi_mode) { |
RestrictAddressSpaceUsage(); |
- base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get())); |
- |
+ // Pass proc_fd_ ownership to the BPF sandbox, which guarantees it will |
+ // be closed. There is no point in keeping it around since the BPF policy |
+ // will prevent its usage. |
if (uses_nonsfi_mode) { |
- layer_two_enabled_ = |
- nacl::nonsfi::InitializeBPFSandbox(proc_self_task.Pass()); |
+ layer_two_enabled_ = nacl::nonsfi::InitializeBPFSandbox(proc_fd_.Pass()); |
layer_two_is_nonsfi_ = true; |
} else { |
- layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_self_task.Pass()); |
+ layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_fd_.Pass()); |
} |
} |
void NaClSandbox::SealLayerOneSandbox() { |
- if (!layer_two_enabled_) { |
+ if (proc_fd_.is_valid() && !layer_two_enabled_) { |
// If nothing prevents us, check that there is no superfluous directory |
// open. |
CHECK(!HasOpenDirectory()); |