OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/prctl.h> | 9 #include <sys/prctl.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
133 CHECK(!HasOpenDirectory()); | 133 CHECK(!HasOpenDirectory()); |
134 | 134 |
135 // Get sandboxed. | 135 // Get sandboxed. |
136 CHECK(setuid_sandbox_client_->ChrootMe()); | 136 CHECK(setuid_sandbox_client_->ChrootMe()); |
137 CHECK(MaybeSetProcessNonDumpable()); | 137 CHECK(MaybeSetProcessNonDumpable()); |
138 CHECK(IsSandboxed()); | 138 CHECK(IsSandboxed()); |
139 layer_one_enabled_ = true; | 139 layer_one_enabled_ = true; |
140 } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) { | 140 } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) { |
141 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 141 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
142 // This relies on SealLayerOneSandbox() to be called later since this | 142 // This relies on SealLayerOneSandbox() to be called later since this |
143 // class is keeping a file descriptor to /proc/. | 143 // class is keeping a file descriptor to /proc/. |
jln (very slow on Chromium)
2015/05/28 09:02:33
Doesn't this comment apply to both the setuid sand
rickyz (no longer on Chrome)
2015/05/29 23:16:39
Yeah, removed this comment, it made more sense in
| |
144 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get())); | 144 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get())); |
145 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get())); | 145 |
146 // We do not drop CAP_SYS_ADMIN because we need it to place each child | |
147 // process in its own PID namespace later on. | |
jln (very slow on Chromium)
2015/05/28 09:02:33
This is unfortunate. This should be dropped as par
| |
148 std::vector<sandbox::Credentials::Capability> caps; | |
149 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); | |
150 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_.get(), caps)); | |
151 | |
146 CHECK(IsSandboxed()); | 152 CHECK(IsSandboxed()); |
147 layer_one_enabled_ = true; | 153 layer_one_enabled_ = true; |
148 } | 154 } |
149 } | 155 } |
150 | 156 |
151 void NaClSandbox::CheckForExpectedNumberOfOpenFds() { | 157 void NaClSandbox::CheckForExpectedNumberOfOpenFds() { |
152 // We expect to have the following FDs open: | 158 // We expect to have the following FDs open: |
153 // 1-3) stdin, stdout, stderr. | 159 // 1-3) stdin, stdout, stderr. |
154 // 4) The /dev/urandom FD used by base::GetUrandomFD(). | 160 // 4) The /dev/urandom FD used by base::GetUrandomFD(). |
155 // 5) A dummy pipe FD used to overwrite kSandboxIPCChannel. | 161 // 5) A dummy pipe FD used to overwrite kSandboxIPCChannel. |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
235 static const char kNoBpfMsg[] = | 241 static const char kNoBpfMsg[] = |
236 "The seccomp-bpf sandbox is not engaged for NaCl:"; | 242 "The seccomp-bpf sandbox is not engaged for NaCl:"; |
237 if (can_be_no_sandbox) | 243 if (can_be_no_sandbox) |
238 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; | 244 LOG(ERROR) << kNoBpfMsg << kItIsDangerousMsg; |
239 else | 245 else |
240 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; | 246 LOG(FATAL) << kNoBpfMsg << kItIsNotAllowedMsg; |
241 } | 247 } |
242 } | 248 } |
243 | 249 |
244 } // namespace nacl | 250 } // namespace nacl |
OLD | NEW |