Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
index ff855b8a9cb131119963fd0829544b5f00e41b2b..0f144ce89c1b24d43b26ecb78a041dd7459686fc 100644 |
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc |
@@ -20,6 +20,11 @@ |
#error Big endian operation is untested and expected to be broken |
#endif |
+#ifndef SECCOMP_BPF_STANDALONE |
+#include "base/logging.h" |
+#include "base/posix/eintr_wrapper.h" |
+#endif |
+ |
#include "sandbox/linux/seccomp-bpf/codegen.h" |
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
#include "sandbox/linux/seccomp-bpf/syscall.h" |
@@ -30,7 +35,9 @@ namespace { |
void WriteFailedStderrSetupMessage(int out_fd) { |
const char* error_string = strerror(errno); |
- static const char msg[] = "Failed to set up stderr: "; |
+ static const char msg[] = "You have reproduced a puzzling issue.\n" |
+ "Please, report to crbug.com/152530!\n" |
+ "Failed to set up stderr: "; |
if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string && |
HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 && |
HANDLE_EINTR(write(out_fd, "\n", 1))) { |
@@ -151,9 +158,14 @@ bool Sandbox::RunFunctionInPolicy(void (*CodeInSandbox)(), |
// successfully turn on sandboxing. |
Die::EnableSimpleExit(); |
+ errno = 0; |
if (HANDLE_EINTR(close(fds[0]))) { |
+ // This call to close() has been failing in strange ways. See |
+ // crbug.com/152530. So we only fail in debug mode now. |
+#if !defined(NDEBUG) |
WriteFailedStderrSetupMessage(fds[1]); |
SANDBOX_DIE(NULL); |
+#endif |
} |
if (HANDLE_EINTR(dup2(fds[1], 2)) != 2) { |
// Stderr could very well be a file descriptor to .xsession-errors, or |
@@ -163,10 +175,19 @@ bool Sandbox::RunFunctionInPolicy(void (*CodeInSandbox)(), |
// If dup2 fails here, we will continue normally, this means that our |
// parent won't cause a fatal failure if something writes to stderr in |
// this child. |
+#if !defined(NDEBUG) |
+ // In DEBUG builds, we still want to get a report. |
+ WriteFailedStderrSetupMessage(fds[1]); |
+ SANDBOX_DIE(NULL); |
+#endif |
} |
if (HANDLE_EINTR(close(fds[1]))) { |
+ // This call to close() has been failing in strange ways. See |
+ // crbug.com/152530. So we only fail in debug mode now. |
+#if !defined(NDEBUG) |
WriteFailedStderrSetupMessage(fds[1]); |
SANDBOX_DIE(NULL); |
+#endif |
} |
evaluators_.clear(); |