Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(931)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_linux.cc

Issue 940603003: Linux Sandbox: always discover Zygote PID properly (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix typo. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/zygote/zygote_linux.h ('k') | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/zygote/zygote_linux.h" 5 #include "content/zygote/zygote_linux.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <string.h> 8 #include <string.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel. 99 // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel.
100 // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC 100 // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
101 101
102 // We need to accept SIGCHLD, even though our handler is a no-op because 102 // We need to accept SIGCHLD, even though our handler is a no-op because
103 // otherwise we cannot wait on children. (According to POSIX 2001.) 103 // otherwise we cannot wait on children. (According to POSIX 2001.)
104 struct sigaction action; 104 struct sigaction action;
105 memset(&action, 0, sizeof(action)); 105 memset(&action, 0, sizeof(action));
106 action.sa_handler = &SIGCHLDHandler; 106 action.sa_handler = &SIGCHLDHandler;
107 CHECK(sigaction(SIGCHLD, &action, NULL) == 0); 107 CHECK(sigaction(SIGCHLD, &action, NULL) == 0);
108 108
109 if (UsingSUIDSandbox()) { 109 if (UsingSUIDSandbox() || UsingNSSandbox()) {
110 // Let the ZygoteHost know we are ready to go. 110 // Let the ZygoteHost know we are ready to go.
111 // The receiving code is in content/browser/zygote_host_linux.cc. 111 // The receiving code is in content/browser/zygote_host_linux.cc.
112 bool r = UnixDomainSocket::SendMsg(kZygoteSocketPairFd, 112 bool r = UnixDomainSocket::SendMsg(kZygoteSocketPairFd,
113 kZygoteHelloMessage, 113 kZygoteHelloMessage,
114 sizeof(kZygoteHelloMessage), 114 sizeof(kZygoteHelloMessage),
115 std::vector<int>()); 115 std::vector<int>());
116 #if defined(OS_CHROMEOS) 116 #if defined(OS_CHROMEOS)
117 LOG_IF(WARNING, !r) << "Sending zygote magic failed"; 117 LOG_IF(WARNING, !r) << "Sending zygote magic failed";
118 // Exit normally on chromeos because session manager may send SIGTERM 118 // Exit normally on chromeos because session manager may send SIGTERM
119 // right after the process starts and it may fail to send zygote magic 119 // right after the process starts and it may fail to send zygote magic
(...skipping 20 matching lines...) Expand all
140 return false; 140 return false;
141 } 141 }
142 *process_info = it->second; 142 *process_info = it->second;
143 return true; 143 return true;
144 } 144 }
145 145
146 bool Zygote::UsingSUIDSandbox() const { 146 bool Zygote::UsingSUIDSandbox() const {
147 return sandbox_flags_ & kSandboxLinuxSUID; 147 return sandbox_flags_ & kSandboxLinuxSUID;
148 } 148 }
149 149
150 bool Zygote::UsingNSSandbox() const {
151 return sandbox_flags_ & kSandboxLinuxUserNS;
152 }
153
150 bool Zygote::HandleRequestFromBrowser(int fd) { 154 bool Zygote::HandleRequestFromBrowser(int fd) {
151 ScopedVector<base::ScopedFD> fds; 155 ScopedVector<base::ScopedFD> fds;
152 char buf[kZygoteMaxMessageLength]; 156 char buf[kZygoteMaxMessageLength];
153 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); 157 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds);
154 158
155 if (len == 0 || (len == -1 && errno == ECONNRESET)) { 159 if (len == 0 || (len == -1 && errno == ECONNRESET)) {
156 // EOF from the browser. We should die. 160 // EOF from the browser. We should die.
157 // TODO(earthdok): call __sanititizer_cov_dump() here to obtain code 161 // TODO(earthdok): call __sanititizer_cov_dump() here to obtain code
158 // coverage for the Zygote. Currently it's not possible because of 162 // coverage for the Zygote. Currently it's not possible because of
159 // confusion over who is responsible for closing the file descriptor. 163 // confusion over who is responsible for closing the file descriptor.
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
581 PickleIterator iter) { 585 PickleIterator iter) {
582 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) != 586 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) !=
583 sizeof(sandbox_flags_)) { 587 sizeof(sandbox_flags_)) {
584 PLOG(ERROR) << "write"; 588 PLOG(ERROR) << "write";
585 } 589 }
586 590
587 return false; 591 return false;
588 } 592 }
589 593
590 } // namespace content 594 } // namespace content
OLDNEW
« no previous file with comments | « content/zygote/zygote_linux.h ('k') | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698