Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(550)

Unified Diff: sandbox/linux/services/credentials.h

Issue 1158793003: Enable one PID namespace per process for NaCl processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Respond to comments. Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: sandbox/linux/services/credentials.h
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h
index 0001dc732802fe008719025554d4bdaac4f776fb..095d636d42712c2132fd7aa3d9e995836eb646fa 100644
--- a/sandbox/linux/services/credentials.h
+++ b/sandbox/linux/services/credentials.h
@@ -95,6 +95,9 @@ class SANDBOX_EXPORT Credentials {
// - DropAllCapabilities() must be called to prevent escapes.
static bool DropFileSystemAccess(int proc_fd) WARN_UNUSED_RESULT;
+ // Forks and drops capabilities in the child.
+ static pid_t ForkAndDropCapabilitiesInChild();
+
private:
DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials);
};

Powered by Google App Engine
This is Rietveld 408576698