sandbox/linux/suid/sandbox.c - Issue 10807059: Refactor the setuid sandbox client code to its own class.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/suid/sandbox.c

Issue 10807059: Refactor the setuid sandbox client code to its own class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address reviewer's comments and other minor nits. Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/suid/sandbox.c

diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c

index 9c2ecde09a15f28e20d2d4344344b220e6ccf3c8..32435a7ad89f2a6440f855ebbd56b4824c92cc7e 100644

--- a/sandbox/linux/suid/sandbox.c

+++ b/sandbox/linux/suid/sandbox.c

@@ -4,7 +4,7 @@

// http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox

-#include "sandbox.h"

+#include "common/sandbox.h"

#define _GNU_SOURCE

#include <asm/unistd.h>

@@ -31,7 +31,7 @@

#include "linux_util.h"

#include "process_util.h"

-#include "suid_unsafe_environment_variables.h"

+#include "common/suid_unsafe_environment_variables.h"

#if !defined(CLONE_NEWPID)

#define CLONE_NEWPID 0x20000000

@@ -40,22 +40,6 @@

#define CLONE_NEWNET 0x40000000

#endif

-static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";

-static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID";

-// Should be kept in sync with base/linux_util.h

-static const long kSUIDSandboxApiNumber = 1;

-static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ";

-static const char kSandboxEnvironmentApiProvides[] = "SBX_CHROME_API_PRV";

-// This number must be kept in sync with common/zygote_commands_linux.h

-static const int kZygoteIdFd = 7;

-// These are the magic byte values which the sandboxed process uses to request

-// that it be chrooted.

-static const char kMsgChrootMe = 'C';

-static const char kMsgChrootSuccessful = 'O';

static bool DropRoot();

#define HANDLE_EINTR(x) TEMP_FAILURE_RETRY(x)

@@ -280,15 +264,15 @@ static bool MoveToNewNamespaces() {

FatalError("close");

if (kCloneExtraFlags[i] & CLONE_NEWPID) {

- setenv("SBX_PID_NS", "", 1 /* overwrite */);

+ setenv(kSandboxPIDNSEnvironmentVarName, "", 1 /* overwrite */);

} else {

- unsetenv("SBX_PID_NS");

+ unsetenv(kSandboxPIDNSEnvironmentVarName);

}

if (kCloneExtraFlags[i] & CLONE_NEWNET) {

- setenv("SBX_NET_NS", "", 1 /* overwrite */);

+ setenv(kSandboxNETNSEnvironmentVarName, "", 1 /* overwrite */);

} else {

- unsetenv("SBX_NET_NS");

+ unsetenv(kSandboxNETNSEnvironmentVarName);

}

break;

« no previous file with comments | « sandbox/linux/suid/sandbox.h ('k') | sandbox/linux/suid/suid_unsafe_environment_variables.h » ('j') | no next file with comments »