Chromium Code Reviews Chromium Code Reviews
Issue 10826093:
Create a LinuxSandbox class (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/zygote/zygote_main_linux.cc |
| diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc |
| index f9b821b0873e7486f9b9454b43f52ba8edfa5512..0b9ff5613a0631dab2f0f5e3444bb4cecab52152 100644 |
| --- a/content/zygote/zygote_main_linux.cc |
| +++ b/content/zygote/zygote_main_linux.cc |
| @@ -28,8 +28,7 @@ |
| #include "crypto/nss_util.h" |
| #include "content/common/font_config_ipc_linux.h" |
| #include "content/common/pepper_plugin_registry.h" |
| -#include "content/common/sandbox_methods_linux.h" |
| -#include "content/common/seccomp_sandbox.h" |
| +#include "content/common/sandbox_linux.h" |
| #include "content/common/zygote_commands_linux.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/main_function_params.h" |
| @@ -452,27 +451,15 @@ bool ZygoteMain(const MainFunctionParams& params, |
| sandbox::InitLibcUrandomOverrides(); |
| #endif |
| - int proc_fd_for_seccomp = -1; |
| -#if defined(SECCOMP_SANDBOX) |
| - if (SeccompSandboxEnabled()) { |
| - // The seccomp sandbox needs access to files in /proc, which might be denied |
| - // after one of the other sandboxes have been started. So, obtain a suitable |
| - // file handle in advance. |
| - proc_fd_for_seccomp = open("/proc", O_DIRECTORY | O_RDONLY); |
| - if (proc_fd_for_seccomp < 0) { |
| - LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp " |
| - "sandboxing."; |
| - } |
| - } |
| -#endif // SECCOMP_SANDBOX |
| - |
| - scoped_ptr<sandbox::SetuidSandboxClient> |
| - setuid_sandbox(sandbox::SetuidSandboxClient::Create()); |
| + LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); |
| + // This will pre-initialize the various sandboxes that need it. |
| + // There need to be a corresponding call to PreinitializeSandboxFinish() |
| + // for each new process, this will be done in the Zygote child, once we know |
| + // our process type. |
| + linux_sandbox->PreinitializeSandbox(); |
| - if (setuid_sandbox == NULL) { |
| - LOG(FATAL) << "Failed to instantiate the setuid sandbox client."; |
| - return false; |
| - } |
| + sandbox::SetuidSandboxClient* setuid_sandbox = |
| + linux_sandbox->setuid_sandbox(); |
| if (forkdelegate != NULL) { |
| VLOG(1) << "ZygoteMain: initializing fork delegate"; |
| @@ -486,7 +473,8 @@ bool ZygoteMain(const MainFunctionParams& params, |
| // Turn on the SELinux or SUID sandbox. |
| bool using_suid_sandbox = false; |
| bool has_started_new_init = false; |
| - if (!EnterSandbox(setuid_sandbox.get(), |
| + |
| + if (!EnterSandbox(setuid_sandbox, |
| &using_suid_sandbox, |
| &has_started_new_init)) { |
| LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " |
| @@ -494,44 +482,15 @@ bool ZygoteMain(const MainFunctionParams& params, |
| return false; |
| } |
| - int sandbox_flags = 0; |
| - if (using_suid_sandbox) { |
| - sandbox_flags |= kSandboxLinuxSUID; |
| - if (setuid_sandbox->IsInNewPIDNamespace()) |
| - sandbox_flags |= kSandboxLinuxPIDNS; |
| - if (setuid_sandbox->IsInNewNETNamespace()) |
| - sandbox_flags |= kSandboxLinuxNetNS; |
| - } |
| - |
| - if ((sandbox_flags & kSandboxLinuxPIDNS) && !has_started_new_init) { |
| + if (setuid_sandbox->IsInNewNETNamespace() && !has_started_new_init) { |
|
Jorge Lucangeli Obes
2012/08/01 22:37:50
PID namespace?
jln (very slow on Chromium)
2012/08/01 22:48:11
Good catch, thanks!
|
| LOG(ERROR) << "The SUID sandbox created a new PID namespace but Zygote " |
| "is not the init process. Please, make sure the SUID " |
| "binary is up to date."; |
| } |
| -#if defined(SECCOMP_SANDBOX) |
| - // The seccomp sandbox will be turned on when the renderers start. But we can |
| - // already check if sufficient support is available so that we only need to |
| - // print one error message for the entire browser session. |
| - if (proc_fd_for_seccomp >= 0 && SeccompSandboxEnabled()) { |
| - if (!SupportsSeccompSandbox(proc_fd_for_seccomp)) { |
| - // There are a good number of users who cannot use the seccomp sandbox |
| - // (e.g. because their distribution does not enable seccomp mode by |
| - // default). While we would prefer to deny execution in this case, it |
| - // seems more realistic to continue in degraded mode. |
| - LOG(ERROR) << "WARNING! This machine lacks support needed for the " |
| - "Seccomp sandbox. Running renderers with Seccomp " |
| - "sandboxing disabled."; |
| - close(proc_fd_for_seccomp); |
| - proc_fd_for_seccomp = -1; |
| - } else { |
| - VLOG(1) << "Enabling experimental Seccomp sandbox."; |
| - sandbox_flags |= kSandboxLinuxSeccomp; |
| - } |
| - } |
| -#endif // SECCOMP_SANDBOX |
| + int sandbox_flags = linux_sandbox->GetStatus(); |
| - Zygote zygote(sandbox_flags, forkdelegate, proc_fd_for_seccomp); |
| + Zygote zygote(sandbox_flags, forkdelegate); |
| // This function call can return multiple times, once per fork(). |
| return zygote.ProcessRequests(); |
| } |
