Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 11073003: Allow mremap() for the Seccomp-BPF sandbox in renderers. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Allow mremap() only in renderers. Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <asm/unistd.h> 5 #include <asm/unistd.h>
6 #include <dlfcn.h> 6 #include <dlfcn.h>
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/audit.h> 9 #include <linux/audit.h>
10 #include <linux/filter.h> 10 #include <linux/filter.h>
(...skipping 1230 matching lines...) Expand 10 before | Expand all | Expand 10 after
1241 1241
1242 ErrorCode RendererOrWorkerProcessPolicy_x86_64(int sysno) { 1242 ErrorCode RendererOrWorkerProcessPolicy_x86_64(int sysno) {
1243 switch (sysno) { 1243 switch (sysno) {
1244 case __NR_ioctl: // TODO(jln) investigate legitimate use in the renderer 1244 case __NR_ioctl: // TODO(jln) investigate legitimate use in the renderer
1245 // and see if alternatives can be used. 1245 // and see if alternatives can be used.
1246 case __NR_fdatasync: 1246 case __NR_fdatasync:
1247 case __NR_fsync: 1247 case __NR_fsync:
1248 #if defined(__i386__) || defined(__x86_64__) 1248 #if defined(__i386__) || defined(__x86_64__)
1249 case __NR_getrlimit: 1249 case __NR_getrlimit:
1250 #endif 1250 #endif
1251 case __NR_mremap: // See crbug.com/149834.
1251 case __NR_pread64: 1252 case __NR_pread64:
1252 case __NR_pwrite64: 1253 case __NR_pwrite64:
1253 case __NR_sched_get_priority_max: 1254 case __NR_sched_get_priority_max:
1254 case __NR_sched_get_priority_min: 1255 case __NR_sched_get_priority_min:
1255 case __NR_sched_getparam: 1256 case __NR_sched_getparam:
1256 case __NR_sched_getscheduler: 1257 case __NR_sched_getscheduler:
1257 case __NR_sched_setscheduler: 1258 case __NR_sched_setscheduler:
1258 case __NR_setpriority: 1259 case __NR_setpriority:
1259 case __NR_sysinfo: 1260 case __NR_sysinfo:
1260 case __NR_times: 1261 case __NR_times:
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after
1443 // Process-specific policy. 1444 // Process-specific policy.
1444 ShouldEnableSeccompBpf(process_type) && 1445 ShouldEnableSeccompBpf(process_type) &&
1445 SupportsSandbox()) { 1446 SupportsSandbox()) {
1446 return StartBpfSandbox(command_line, process_type); 1447 return StartBpfSandbox(command_line, process_type);
1447 } 1448 }
1448 #endif 1449 #endif
1449 return false; 1450 return false;
1450 } 1451 }
1451 1452
1452 } // namespace content 1453 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698