sandbox/linux/services/namespace_sandbox.h - Issue 1158793003: Enable one PID namespace per process for NaCl processes.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/services/namespace_sandbox.h

Issue 1158793003: Enable one PID namespace per process for NaCl processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Respond to comments. Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/services/namespace_sandbox.h

diff --git a/sandbox/linux/services/namespace_sandbox.h b/sandbox/linux/services/namespace_sandbox.h

index 80097fb16afa625415070e8e581540e514e67abf..7c6bf6dfd3b6cd6f7661ee2a7bfb258819a7627c 100644

--- a/sandbox/linux/services/namespace_sandbox.h

+++ b/sandbox/linux/services/namespace_sandbox.h

@@ -38,8 +38,6 @@ namespace sandbox {

class SANDBOX_EXPORT NamespaceSandbox {

public:

#if !defined(OS_NACL_NONSFI)

- static const int kDefaultExitCode = 1;

// Launch a new process inside its own user/PID/network namespaces (depending

// on kernel support). Requires at a minimum that user namespaces are

// supported (use Credentials::CanCreateProcessInNewUserNS to check this).

@@ -70,8 +68,8 @@ class SANDBOX_EXPORT NamespaceSandbox {

// SIGHUP, SIGINT, SIGABRT, SIGQUIT, SIGPIPE, SIGTERM, SIGUSR1, SIGUSR2

- // that exits with kDefaultExitCode. These are signals whose default action is

- // to terminate the program (apart from SIGILL, SIGFPE, and SIGSEGV, which

+ // that exits with SignalExitCode(sig). These are signals whose default action

+ // is to terminate the program (apart from SIGILL, SIGFPE, and SIGSEGV, which

// will still terminate the process if e.g. an illegal instruction is

// encountered, etc.).

@@ -85,6 +83,8 @@ class SANDBOX_EXPORT NamespaceSandbox {

static bool InstallTerminationSignalHandler(int sig, int exit_code);

#endif // !defined(OS_NACL_NONSFI)

+ static inline int SignalExitCode(int sig) { return -sig & 0xff; }

jln (very slow on Chromium) 2015/06/09 21:18:10 Let's add a comment to describe this. Mention that

rickyz (no longer on Chrome) 2015/06/09 22:55:25 Done.

// Returns whether the namespace sandbox created a new user, PID, and network

// namespace. In particular, InNewUserNamespace should return true iff the

// process was started via this class.

« no previous file with comments | « sandbox/linux/services/credentials.cc ('k') | sandbox/linux/services/namespace_sandbox.cc » ('j') | no next file with comments »