Chromium Code Reviews Chromium Code Reviews
Issue 1519753002:
Linux Sandbox: make renderers dumpable (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dirent.h> | 5 #include <dirent.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/time.h> | 9 #include <sys/time.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 21 #include "base/files/scoped_file.h" | 21 #include "base/files/scoped_file.h" |
| 22 #include "base/logging.h" | 22 #include "base/logging.h" |
| 23 #include "base/macros.h" | 23 #include "base/macros.h" |
| 24 #include "base/memory/scoped_ptr.h" | 24 #include "base/memory/scoped_ptr.h" |
| 25 #include "base/memory/singleton.h" | 25 #include "base/memory/singleton.h" |
| 26 #include "base/posix/eintr_wrapper.h" | 26 #include "base/posix/eintr_wrapper.h" |
| 27 #include "base/strings/string_number_conversions.h" | 27 #include "base/strings/string_number_conversions.h" |
| 28 #include "base/sys_info.h" | 28 #include "base/sys_info.h" |
| 29 #include "base/time/time.h" | 29 #include "base/time/time.h" |
| 30 #include "build/build_config.h" | 30 #include "build/build_config.h" |
| 31 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h" | |
| 32 #include "content/common/sandbox_linux/sandbox_linux.h" | 31 #include "content/common/sandbox_linux/sandbox_linux.h" |
| 33 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 32 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
| 34 #include "content/public/common/content_switches.h" | 33 #include "content/public/common/content_switches.h" |
| 35 #include "content/public/common/sandbox_linux.h" | 34 #include "content/public/common/sandbox_linux.h" |
| 36 #include "sandbox/linux/services/credentials.h" | 35 #include "sandbox/linux/services/credentials.h" |
| 37 #include "sandbox/linux/services/namespace_sandbox.h" | 36 #include "sandbox/linux/services/namespace_sandbox.h" |
| 38 #include "sandbox/linux/services/proc_util.h" | 37 #include "sandbox/linux/services/proc_util.h" |
| 39 #include "sandbox/linux/services/resource_limits.h" | 38 #include "sandbox/linux/services/resource_limits.h" |
| 40 #include "sandbox/linux/services/thread_helpers.h" | 39 #include "sandbox/linux/services/thread_helpers.h" |
| 41 #include "sandbox/linux/services/yama.h" | 40 #include "sandbox/linux/services/yama.h" |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 178 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 177 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
| 179 // Note: this requires SealSandbox() to be called later in this process to be | 178 // Note: this requires SealSandbox() to be called later in this process to be |
| 180 // safe, as this class is keeping a file descriptor to /proc/. | 179 // safe, as this class is keeping a file descriptor to /proc/. |
| 181 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); | 180 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); |
| 182 | 181 |
| 183 // We do not drop CAP_SYS_ADMIN because we need it to place each child process | 182 // We do not drop CAP_SYS_ADMIN because we need it to place each child process |
| 184 // in its own PID namespace later on. | 183 // in its own PID namespace later on. |
| 185 std::vector<sandbox::Credentials::Capability> caps; | 184 std::vector<sandbox::Credentials::Capability> caps; |
| 186 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); | 185 caps.push_back(sandbox::Credentials::Capability::SYS_ADMIN); |
| 187 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps)); | 186 CHECK(sandbox::Credentials::SetCapabilities(proc_fd_, caps)); |
| 188 | |
| 189 // This needs to happen after moving to a new user NS, since doing so involves | |
| 190 // writing the UID/GID map. | |
| 191 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); | |
|
rickyz (no longer on Chrome)
2015/12/11 02:04:44
Do we care about the crash test handler that insta
jln (very slow on Chromium)
2015/12/11 17:53:43
Yeah, it's kind of ugly, but one can always pass -
| |
| 192 } | 187 } |
| 193 | 188 |
| 194 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { | 189 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { |
| 195 std::vector<int> fds; | 190 std::vector<int> fds; |
| 196 if (proc_fd_ >= 0) { | 191 if (proc_fd_ >= 0) { |
| 197 fds.push_back(proc_fd_); | 192 fds.push_back(proc_fd_); |
| 198 } | 193 } |
| 199 return fds; | 194 return fds; |
| 200 } | 195 } |
| 201 | 196 |
| (...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 446 | 441 |
| 447 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 442 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
| 448 DCHECK(thread); | 443 DCHECK(thread); |
| 449 base::ScopedFD proc_fd(OpenProc(proc_fd_)); | 444 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
| 450 PCHECK(proc_fd.is_valid()); | 445 PCHECK(proc_fd.is_valid()); |
| 451 CHECK( | 446 CHECK( |
| 452 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); | 447 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
| 453 } | 448 } |
| 454 | 449 |
| 455 } // namespace content | 450 } // namespace content |
| OLD | NEW |
