Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(165)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/test/launcher/test_launcher.cc

Issue 197213015: [Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add function Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « base/process/launch_posix.cc ('k') | chrome/browser/chrome_main_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/test/launcher/test_launcher.h" 5 #include "base/test/launcher/test_launcher.h"
6 6
7 #if defined(OS_POSIX) 7 #if defined(OS_POSIX)
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #endif 9 #endif
10 10
(...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after
1019 if (!SetJobObjectLimitFlags(job_handle.Get(), 1019 if (!SetJobObjectLimitFlags(job_handle.Get(),
1020 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE | 1020 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE |
1021 JOB_OBJECT_LIMIT_BREAKAWAY_OK)) { 1021 JOB_OBJECT_LIMIT_BREAKAWAY_OK)) {
1022 LOG(ERROR) << "Could not SetJobObjectLimitFlags."; 1022 LOG(ERROR) << "Could not SetJobObjectLimitFlags.";
1023 return -1; 1023 return -1;
1024 } 1024 }
1025 1025
1026 new_options.job_handle = job_handle.Get(); 1026 new_options.job_handle = job_handle.Get();
1027 #endif // defined(OS_WIN) 1027 #endif // defined(OS_WIN)
1028 1028
1029 #if defined(OS_LINUX)
1030 // To prevent accidental privilege sharing to an untrusted child, processes
1031 // are started with PR_SET_NO_NEW_PRIVS. Do not set that here, since this
1032 // new child will be privileged and trusted.
1033 new_options.allow_new_privs = true;
1034 #endif
1035
1029 base::ProcessHandle process_handle; 1036 base::ProcessHandle process_handle;
1030 1037
1031 { 1038 {
1032 // Note how we grab the lock before the process possibly gets created. 1039 // Note how we grab the lock before the process possibly gets created.
1033 // This ensures that when the lock is held, ALL the processes are registered 1040 // This ensures that when the lock is held, ALL the processes are registered
1034 // in the set. 1041 // in the set.
1035 AutoLock lock(g_live_processes_lock.Get()); 1042 AutoLock lock(g_live_processes_lock.Get());
1036 1043
1037 if (!base::LaunchProcess(command_line, new_options, &process_handle)) 1044 if (!base::LaunchProcess(command_line, new_options, &process_handle))
1038 return -1; 1045 return -1;
(...skipping 30 matching lines...) Expand all
1069 1076
1070 g_live_processes.Get().erase(process_handle); 1077 g_live_processes.Get().erase(process_handle);
1071 } 1078 }
1072 1079
1073 base::CloseProcessHandle(process_handle); 1080 base::CloseProcessHandle(process_handle);
1074 1081
1075 return exit_code; 1082 return exit_code;
1076 } 1083 }
1077 1084
1078 } // namespace base 1085 } // namespace base
OLDNEW
« no previous file with comments | « base/process/launch_posix.cc ('k') | chrome/browser/chrome_main_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698