Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_main_linux.cc

Issue 940603003: Linux Sandbox: always discover Zygote PID properly (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix typo. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/zygote/zygote_linux.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/zygote/zygote_main.h" 5 #include "content/zygote/zygote_main.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after
526 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( 526 if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
527 switches::kNoSandbox)) { 527 switches::kNoSandbox)) {
528 // This will pre-initialize the various sandboxes that need it. 528 // This will pre-initialize the various sandboxes that need it.
529 linux_sandbox->PreinitializeSandbox(); 529 linux_sandbox->PreinitializeSandbox();
530 } 530 }
531 531
532 const bool using_setuid_sandbox = 532 const bool using_setuid_sandbox =
533 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild(); 533 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild();
534 const bool using_namespace_sandbox = 534 const bool using_namespace_sandbox =
535 sandbox::NamespaceSandbox::InNewUserNamespace(); 535 sandbox::NamespaceSandbox::InNewUserNamespace();
536 const bool using_layer1_sandbox =
537 using_setuid_sandbox || using_namespace_sandbox;
536 538
537 if (using_setuid_sandbox) { 539 if (using_setuid_sandbox) {
538 linux_sandbox->setuid_sandbox_client()->CloseDummyFile(); 540 linux_sandbox->setuid_sandbox_client()->CloseDummyFile();
541 }
539 542
543 if (using_layer1_sandbox) {
540 // Let the ZygoteHost know we're booting up. 544 // Let the ZygoteHost know we're booting up.
541 CHECK(UnixDomainSocket::SendMsg(kZygoteSocketPairFd, 545 CHECK(UnixDomainSocket::SendMsg(kZygoteSocketPairFd,
542 kZygoteBootMessage, 546 kZygoteBootMessage,
543 sizeof(kZygoteBootMessage), 547 sizeof(kZygoteBootMessage),
544 std::vector<int>())); 548 std::vector<int>()));
545 } 549 }
546 550
547 VLOG(1) << "ZygoteMain: initializing " << fork_delegates.size() 551 VLOG(1) << "ZygoteMain: initializing " << fork_delegates.size()
548 << " fork delegates"; 552 << " fork delegates";
549 const bool using_layer1_sandbox =
550 using_setuid_sandbox || using_namespace_sandbox;
551 for (ZygoteForkDelegate* fork_delegate : fork_delegates) { 553 for (ZygoteForkDelegate* fork_delegate : fork_delegates) {
552 fork_delegate->Init(GetSandboxFD(), using_layer1_sandbox); 554 fork_delegate->Init(GetSandboxFD(), using_layer1_sandbox);
553 } 555 }
554 556
555 const std::vector<int> sandbox_fds_to_close_post_fork = 557 const std::vector<int> sandbox_fds_to_close_post_fork =
556 linux_sandbox->GetFileDescriptorsToClose(); 558 linux_sandbox->GetFileDescriptorsToClose();
557 559
558 fds_to_close_post_fork.insert(fds_to_close_post_fork.end(), 560 fds_to_close_post_fork.insert(fds_to_close_post_fork.end(),
559 sandbox_fds_to_close_post_fork.begin(), 561 sandbox_fds_to_close_post_fork.begin(),
560 sandbox_fds_to_close_post_fork.end()); 562 sandbox_fds_to_close_post_fork.end());
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
593 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; 595 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS;
594 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); 596 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged);
595 597
596 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, 598 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children,
597 extra_fds); 599 extra_fds);
598 // This function call can return multiple times, once per fork(). 600 // This function call can return multiple times, once per fork().
599 return zygote.ProcessRequests(); 601 return zygote.ProcessRequests();
600 } 602 }
601 603
602 } // namespace content 604 } // namespace content
OLDNEW
« no previous file with comments | « content/zygote/zygote_linux.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698