Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 733303004: Linux sandbox: change API to start the sandbox (Closed)

Created:
6 years, 1 month ago by jln (very slow on Chromium)
Modified:
6 years ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, jln+watch_chromium.org, Jorge Lucangeli Obes, Mark Seaborn
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Linux sandbox: change API to start the sandbox This CL makes SupportsSandbox() more straightforward by returning the level of support in the kernel. One major advantage is that being single threaded is now checked right before engaging the sandbox. Now, StartSandbox() is required to be able to check the number of threads in the current process. For this the LinuxSandbox class in content/ and in nacl/ are modified to always pass a file descriptor to /proc/self/tasks/ to SandboxBPF::StartSandbox(). In content::LinuxSandbox, such a descriptor was only available in DEBUG builds for security reasons. We make sure to always close it, as long as InitializeSandbox() is called. However, a few fringe processes, such as the init process or the ASAN coverage helper need to close it manually. BUG=434820 Committed: https://crrev.com/bd4df41c57cbfa415675602e0befc8ca128a009a Cr-Commit-Position: refs/heads/master@{#305569}

Patch Set 1 #

Patch Set 2 : Fix Android build. #

Patch Set 3 : Additional small cleanup. #

Patch Set 4 : Fix nacl_loader_unittests building. #

Patch Set 5 : Fix includes. #

Patch Set 6 : Fix ASAN build. #

Patch Set 7 : Rebase #

Total comments: 4

Patch Set 8 : Address comments. #

Total comments: 4

Patch Set 9 : Rewrap comment. #

Total comments: 8

Patch Set 10 : Address nits from Jorge. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+198 lines, -176 lines) Patch
M components/nacl/loader/nonsfi/nonsfi_sandbox.h View 2 chunks +2 lines, -1 line 0 comments Download
M components/nacl/loader/nonsfi/nonsfi_sandbox.cc View 1 chunk +5 lines, -4 lines 0 comments Download
M components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h View 1 chunk +3 lines, -1 line 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc View 1 2 3 4 5 6 7 2 chunks +4 lines, -2 lines 0 comments Download
M components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc View 6 chunks +20 lines, -5 lines 0 comments Download
M content/common/sandbox_linux/bpf_gpu_policy_linux.cc View 1 2 3 4 5 6 7 1 chunk +1 line, -1 line 0 comments Download
M content/common/sandbox_linux/sandbox_init_linux.cc View 1 chunk +5 lines, -2 lines 0 comments Download
M content/common/sandbox_linux/sandbox_linux.h View 1 2 3 4 5 6 7 8 9 3 chunks +13 lines, -0 lines 0 comments Download
M content/common/sandbox_linux/sandbox_linux.cc View 1 2 3 4 5 6 7 8 chunks +31 lines, -23 lines 0 comments Download
M content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h View 2 chunks +5 lines, -2 lines 0 comments Download
M content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc View 1 2 9 chunks +20 lines, -16 lines 0 comments Download
M content/public/common/sandbox_init.h View 1 2 3 4 5 6 7 8 9 2 chunks +5 lines, -1 line 0 comments Download
M content/zygote/zygote_main_linux.cc View 1 2 3 4 5 7 chunks +32 lines, -12 lines 0 comments Download
M sandbox/linux/BUILD.gn View 1 2 3 4 5 6 7 1 chunk +1 line, -0 lines 0 comments Download
M sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc View 1 2 3 4 5 6 4 chunks +5 lines, -5 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf.h View 1 2 3 4 5 6 7 8 9 3 chunks +11 lines, -12 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf.cc View 1 2 3 4 5 6 7 chunks +31 lines, -79 lines 0 comments Download
M sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc View 1 chunk +1 line, -8 lines 0 comments Download
M sandbox/linux/services/thread_helpers.cc View 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 18 (5 generated)
jln (very slow on Chromium)
mdempsky: PTAL! There are some dragons in the Zygote code, but thankfully a problem there ...
6 years, 1 month ago (2014-11-20 00:40:27 UTC) #3
jln (very slow on Chromium)
Matthew: no urgency, but making sure that this didn't fall off of your radar. Let ...
6 years ago (2014-11-24 20:15:01 UTC) #4
mdempsky
LGTM From the commit message: > However, a few fring processes, such as the init ...
6 years ago (2014-11-24 21:58:23 UTC) #5
jln (very slow on Chromium)
Thanks, good suggestion! (even though unfortunately a lot of the difficult cases are fork + ...
6 years ago (2014-11-24 22:45:48 UTC) #6
jln (very slow on Chromium)
Nasko: do you mind looking at the small change in content/public/common/sandbox_init.h? Jorgelo: Mostly FYI (but ...
6 years ago (2014-11-24 22:49:33 UTC) #8
nasko
LGTM with a couple of nits. https://chromiumcodereview.appspot.com/733303004/diff/140001/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc File content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc (right): https://chromiumcodereview.appspot.com/733303004/diff/140001/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc#newcode160 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc:160: sandbox.set_proc_task_fd(proc_task_fd.release()); nit: Conceptually, ...
6 years ago (2014-11-24 23:01:02 UTC) #9
jln (very slow on Chromium)
Mark: FYI for NaCl, behavior there should be untouched.
6 years ago (2014-11-24 23:03:30 UTC) #10
jln (very slow on Chromium)
https://chromiumcodereview.appspot.com/733303004/diff/140001/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc File content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc (right): https://chromiumcodereview.appspot.com/733303004/diff/140001/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc#newcode160 content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc:160: sandbox.set_proc_task_fd(proc_task_fd.release()); On 2014/11/24 23:01:02, nasko wrote: > nit: Conceptually, ...
6 years ago (2014-11-24 23:26:03 UTC) #11
Jorge Lucangeli Obes
https://chromiumcodereview.appspot.com/733303004/diff/160001/content/common/sandbox_linux/sandbox_linux.h File content/common/sandbox_linux/sandbox_linux.h (right): https://chromiumcodereview.appspot.com/733303004/diff/160001/content/common/sandbox_linux/sandbox_linux.h#newcode55 content/common/sandbox_linux/sandbox_linux.h:55: // GetFileDescriptorsToClose() This formatting is super weird. https://chromiumcodereview.appspot.com/733303004/diff/160001/content/common/sandbox_linux/sandbox_linux.h#newcode63 content/common/sandbox_linux/sandbox_linux.h:63: ...
6 years ago (2014-11-24 23:48:34 UTC) #13
jln (very slow on Chromium)
Thanks Jorge! https://chromiumcodereview.appspot.com/733303004/diff/160001/content/common/sandbox_linux/sandbox_linux.h File content/common/sandbox_linux/sandbox_linux.h (right): https://chromiumcodereview.appspot.com/733303004/diff/160001/content/common/sandbox_linux/sandbox_linux.h#newcode55 content/common/sandbox_linux/sandbox_linux.h:55: // GetFileDescriptorsToClose() On 2014/11/24 23:48:33, Jorge Lucangeli ...
6 years ago (2014-11-25 01:30:48 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/733303004/180001
6 years ago (2014-11-25 01:32:27 UTC) #16
commit-bot: I haz the power
Committed patchset #10 (id:180001)
6 years ago (2014-11-25 02:32:40 UTC) #17
commit-bot: I haz the power
6 years ago (2014-11-25 02:33:21 UTC) #18
Message was sent while issue was closed. 
Patchset 10 (id:??) landed as
https://crrev.com/bd4df41c57cbfa415675602e0befc8ca128a009a
Cr-Commit-Position: refs/heads/master@{#305569}

Powered by Google App Engine
This is Rietveld 408576698