Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(359)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10383274: Sandbox policy fixes for all known remaining issues. (Closed)

Created:
8 years, 7 months ago by Chris Evans
Modified:
8 years, 7 months ago
CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam, jochen+watch-content_chromium.org
Visibility:
Public.

Description

Sandbox policy fixes for all known remaining issues. BUG=129088 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=138180

Patch Set 1 #

Total comments: 1

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+14 lines, -4 lines) Patch
M content/common/sandbox_init_linux.cc View 1 6 chunks +14 lines, -4 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Chris Evans
8 years, 7 months ago (2012-05-21 23:47:02 UTC) #1
jln (very slow on Chromium)
https://chromiumcodereview.appspot.com/10383274/diff/1/content/common/sandbox_init_linux.cc File content/common/sandbox_init_linux.cc (right): https://chromiumcodereview.appspot.com/10383274/diff/1/content/common/sandbox_init_linux.cc#newcode266 content/common/sandbox_init_linux.cc:266: EmitAllowSyscall(__NR_clone, program); We can't allow clone with EmitAllowSignalSelf I ...
8 years, 7 months ago (2012-05-22 00:04:34 UTC) #2
jln (very slow on Chromium)
8 years, 7 months ago (2012-05-22 00:14:16 UTC) #3 
LGTM

After offline discussion:

1. add a comment on top of EmitAllowSignalSelf explaining that it only works if
clone() is restricted to CLONE_THREAD
2. a comment above the clone policy with a TODO: inspect flags for CLONE_THREAD.

Powered by Google App Engine
This is Rietveld 408576698