| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" | 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" |
| 6 | 6 |
| 7 #include <sys/socket.h> | 7 #include <sys/socket.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/types.h> | 9 #include <sys/types.h> |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 159 int dummy_fd = -1; | 159 int dummy_fd = -1; |
| 160 if (using_suid_sandbox_) { | 160 if (using_suid_sandbox_) { |
| 161 dummy_fd = socket(PF_UNIX, SOCK_DGRAM, 0); | 161 dummy_fd = socket(PF_UNIX, SOCK_DGRAM, 0); |
| 162 CHECK(dummy_fd >= 0); | 162 CHECK(dummy_fd >= 0); |
| 163 fds_to_map.push_back(std::make_pair(dummy_fd, kZygoteIdFd)); | 163 fds_to_map.push_back(std::make_pair(dummy_fd, kZygoteIdFd)); |
| 164 } | 164 } |
| 165 | 165 |
| 166 base::ProcessHandle process = -1; | 166 base::ProcessHandle process = -1; |
| 167 base::LaunchOptions options; | 167 base::LaunchOptions options; |
| 168 options.fds_to_remap = &fds_to_map; | 168 options.fds_to_remap = &fds_to_map; |
| 169 options.allow_new_privs = using_suid_sandbox_; // Don't PR_SET_NO_NEW_PRIVS. |
| 169 base::LaunchProcess(cmd_line.argv(), options, &process); | 170 base::LaunchProcess(cmd_line.argv(), options, &process); |
| 170 CHECK(process != -1) << "Failed to launch zygote process"; | 171 CHECK(process != -1) << "Failed to launch zygote process"; |
| 171 | 172 |
| 172 if (using_suid_sandbox_) { | 173 if (using_suid_sandbox_) { |
| 173 // In the SUID sandbox, the real zygote is forked from the sandbox. | 174 // In the SUID sandbox, the real zygote is forked from the sandbox. |
| 174 // We need to look for it. | 175 // We need to look for it. |
| 175 // But first, wait for the zygote to tell us it's running. | 176 // But first, wait for the zygote to tell us it's running. |
| 176 // The sending code is in content/browser/zygote_main_linux.cc. | 177 // The sending code is in content/browser/zygote_main_linux.cc. |
| 177 std::vector<int> fds_vec; | 178 std::vector<int> fds_vec; |
| 178 const int kExpectedLength = sizeof(kZygoteHelloMessage); | 179 const int kExpectedLength = sizeof(kZygoteHelloMessage); |
| (...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 return RenderSandboxHostLinux::GetInstance()->pid(); | 529 return RenderSandboxHostLinux::GetInstance()->pid(); |
| 529 } | 530 } |
| 530 | 531 |
| 531 int ZygoteHostImpl::GetSandboxStatus() const { | 532 int ZygoteHostImpl::GetSandboxStatus() const { |
| 532 if (have_read_sandbox_status_word_) | 533 if (have_read_sandbox_status_word_) |
| 533 return sandbox_status_; | 534 return sandbox_status_; |
| 534 return 0; | 535 return 0; |
| 535 } | 536 } |
| 536 | 537 |
| 537 } // namespace content | 538 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 197213015:
[Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src