Linux sandbox: add basic Yama support

sandbox/linux/services/scoped_process.h

Index: sandbox/linux/services/scoped_process.h
diff --git a/sandbox/linux/services/scoped_process.h b/sandbox/linux/services/scoped_process.h
new file mode 100644
index 0000000000000000000000000000000000000000..e1aeca4bbfbd010e64d3c6f50b870c4654c65339
--- /dev/null
+++ b/sandbox/linux/services/scoped_process.h
@@ -0,0 +1,43 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_SCOPED_PROCESS_H_
+#define SANDBOX_LINUX_SERVICES_SCOPED_PROCESS_H_
+
+#include "base/basictypes.h"
+#include "base/callback.h"
+#include "base/process/process_handle.h"
+
+namespace sandbox {
+
+// fork() a child process that will run a Closure. After the Closure
+// has run, the child will exit. If this object goes out of scope, the child
+// will be destroyed, even if the closure did not finish running.
+class ScopedProcess {
+ public:
+  // |child_callback| will run in the child process. It can simply return
+  // in which case the child process will exit normally. Or it can use
+  // _exit(2) to exit.
+  explicit ScopedProcess(const base::Closure& child_callback);
+  ~ScopedProcess();
+
+  // Wait for the process to exit, that is, wait for the closure to finish
+  // running.
+  // |got_signaled| tells how to interpret the return value: either as an exit
+  // code, or as a signal number.
+  int WaitForExit(bool* got_signaled);
+  base::ProcessId GetPid() { return child_process_id_; }
+
+ private:
+  bool IsOriginalProcess();
+
+  base::Closure child_callback_;
+  base::ProcessId child_process_id_;
+  base::ProcessId process_id_;
+  DISALLOW_COPY_AND_ASSIGN(ScopedProcess);
+};
+
+}  // namespace sandbox
+
+#endif  // SANDBOX_LINUX_SERVICES_SCOPED_PROCESS_H_