Issue 11569028: Linux Sandbox: Basic support for GPU broker.

Issue 11569028: Linux Sandbox: Basic support for GPU broker. (Closed)

Created:
8 years ago by jln (very slow on Chromium)

Modified:
8 years ago

Reviewers:
Jorge Lucangeli Obes, Markus (顧孟勤)

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam, agl, jln+watch_chromium.org, Markus (顧孟勤), Zhenyao Mo

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Linux Sandbox: Basic support for GPU broker. We add a GPU broker process to make sure we can open certain files once the sandbox is started. We do not need to allow open() in the GPU policy in certain configuration anymore, which creates an effective GPU sandbox. BUG=166111 NOTRY=true Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=173233

Patch Set 1 #

Total comments: 4

Patch Set 2 : Add a sandbox callback for the broker process. #

Total comments: 1

Patch Set 3 : Address a few nits. #

Created: 8 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+93 lines, -93 lines)			Patch
M	content/common/sandbox_seccomp_bpf_linux.cc	View	1 2	8 chunks	+84 lines, -86 lines	0 comments	Download
M	sandbox/linux/services/broker_process.h	View	1	2 chunks	+4 lines, -3 lines	0 comments	Download
M	sandbox/linux/services/broker_process.cc	View	1 2	2 chunks	+5 lines, -4 lines	0 comments	Download

Messages

Total messages: 8 (0 generated)

Expand Messages | Collapse Messages

jln (very slow on Chromium)

Jorge, this is a tentative patch to make use of the broker process for the ...

8 years ago (2012-12-14 09:07:52 UTC) #1

Jorge Lucangeli Obes

This looks like it actually works. https://chromiumcodereview.appspot.com/11569028/diff/1/content/common/sandbox_seccomp_bpf_linux.cc File content/common/sandbox_seccomp_bpf_linux.cc (right): https://chromiumcodereview.appspot.com/11569028/diff/1/content/common/sandbox_seccomp_bpf_linux.cc#newcode1309 content/common/sandbox_seccomp_bpf_linux.cc:1309: void InitGpu64BrokerProcess(BrokerProcess** broker_process) ...

8 years ago (2012-12-14 19:13:22 UTC) #2

Markus (顧孟勤)

Yepp. That generally all looks OK https://chromiumcodereview.appspot.com/11569028/diff/5001/content/common/sandbox_seccomp_bpf_linux.cc File content/common/sandbox_seccomp_bpf_linux.cc (right): https://chromiumcodereview.appspot.com/11569028/diff/5001/content/common/sandbox_seccomp_bpf_linux.cc#newcode108 content/common/sandbox_seccomp_bpf_linux.cc:108: intptr_t GpuOpenSIGSYS_Handler(const struct ...

8 years ago (2012-12-14 20:23:29 UTC) #3

jln (very slow on Chromium)

PTAL, I uploaded a new version where the broker process is also sandboxed. https://chromiumcodereview.appspot.com/11569028/diff/1/content/common/sandbox_seccomp_bpf_linux.cc File ...

8 years ago (2012-12-14 20:30:25 UTC) #4

Jorge Lucangeli Obes

On 2012/12/14 22:06:11, Markus (顧孟勤) wrote: > lgtm lgtm, the two features that require open() ...

8 years ago (2012-12-14 22:16:24 UTC) #6

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jln@chromium.org/11569028/8003

8 years ago (2012-12-14 22:44:08 UTC) #7

Message was sent while issue was closed.

Change committed as 173233

Expand Messages | Collapse Messages