Linux Sandbox: handle O_CREAT properly in broker process.

sandbox/linux/services/broker_process.cc

Index: sandbox/linux/services/broker_process.cc
diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc
index f51533cc20caddd3f55077615d831c1ab2c545d1..cbd9ececbc4cbd4376aae36a072f22ea10f71e95 100644
--- a/sandbox/linux/services/broker_process.cc
+++ b/sandbox/linux/services/broker_process.cc
@@ -67,6 +67,11 @@ bool IsAllowedOpenFlags(int flags) {
     return false;
   }
 
+  // We only support a 2-parameters open, so we forbid O_CREAT.

[Markus (顧孟勤), 2013/01/09 05:38:47]

We might have to support O_CREAT at some point. But I am fine with adding that
code when it is actually needed.

The way your CL looks like right now, that definitely keeps things simpler.

+  if (flags & O_CREAT) {
+    return false;
+  }
+
   // Some flags affect the behavior of the current process. We don't support
   // them and don't allow them for now.
   if (flags & ForCurrentProcessFlagsMask()) {
@@ -288,7 +293,9 @@ bool BrokerProcess::HandleOpenRequest(int reply_ipc,
     // O_CLOEXEC doesn't hurt (even though we won't execve()), and this
     // property won't be passed to the client.
     // We may want to think about O_NONBLOCK as well.
-    int opened_fd = open(file_to_open, flags | O_CLOEXEC);
+    // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't
+    // hurt to always pass a third argument though.
+    int opened_fd = open(file_to_open, flags | O_CLOEXEC, 0);
     if (opened_fd < 0) {
       write_pickle.WriteInt(-errno);
     } else {