content/common/sandbox_init_linux.cc - Issue 13814027: Linux: make current InitializeSandbox() private.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/common/sandbox_init_linux.cc

Issue 13814027: Linux: make current InitializeSandbox() private. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Remove sandbox_init_linux.cc Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include <string>

6

7 #include "base/command_line.h"

8 #include "base/logging.h"

9 #include "content/common/sandbox_linux.h"

10 #include "content/public/common/content_switches.h"

11 #include "content/public/common/sandbox_init.h"

12

13 namespace content {

14

15 // TODO(jln): have call sites provide a process / policy type to

16 // InitializeSandbox().

17 bool InitializeSandbox() {

18 bool seccomp_legacy_started = false;

19 bool seccomp_bpf_started = false;

20 LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();

21 const std::string process_type =

22 CommandLine::ForCurrentProcess()->GetSwitchValueASCII(

23 switches::kProcessType);

24

25 // No matter what, it's always an error to call InitializeSandbox() after

26 // threads have been created.

27 if (!linux_sandbox->IsSingleThreaded()) {

28 std::string error_message = "InitializeSandbox() called with multiple "

29 "threads in process " + process_type;

30 // TODO(jln): change this into a CHECK() once we are more comfortable it

31 // does not trigger.

32 LOG(ERROR) << error_message;

33 return false;

34 }

35

36 // Attempt to limit the future size of the address space of the process.

37 linux_sandbox->LimitAddressSpace(process_type);

38

39 // First, try to enable seccomp-bpf.

40 seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);

41

42 // If that fails, try to enable seccomp-legacy.

43 if (!seccomp_bpf_started) {

44 seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);

45 }

46

47 return seccomp_legacy_started \|\| seccomp_bpf_started;

48 }

49

50 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/common/sandbox_linux.h » ('j') | no next file with comments »