Linux sandbox: change API to start the sandbox

content/common/sandbox_linux/sandbox_linux.h

Index: content/common/sandbox_linux/sandbox_linux.h
diff --git a/content/common/sandbox_linux/sandbox_linux.h b/content/common/sandbox_linux/sandbox_linux.h
index a5a232277e9f87843da45b7f001a6fabef45578c..6b1fafcab13242e2af19ba9277341740ddaf9fbb 100644
--- a/content/common/sandbox_linux/sandbox_linux.h
+++ b/content/common/sandbox_linux/sandbox_linux.h
@@ -6,6 +6,7 @@
 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
 
 #include <string>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
@@ -49,8 +50,21 @@ class LinuxSandbox {
   // Do some initialization that can only be done before any of the sandboxes
   // are enabled. If using the setuid sandbox, this should be called manually
   // before the setuid sandbox is engaged.
+  // Security: When this runs, it is imperative that either InitializeSandbox()
+  // runs as well or that all file descriptors returned in
+  // GetFileDescriptorsToClose()
+  // get closed.
+  // Otherwise file descriptors that bypass the security of the setuid sandbox
+  // would be kept open. One must be particularly careful if a process performs
+  // a fork().
   void PreinitializeSandbox();
 
+  // Return a list of file descriptors to close if PreinitializeSandbox() ran
+  // but
+  // InitializeSandbox won't. Avoid using.
+  // TODO(jln): get rid of this hack.
+  std::vector<int> GetFileDescriptorsToClose();
+
   // Initialize the sandbox with the given pre-built configuration. Currently
   // seccomp-bpf and address space limitations (the setuid sandbox works
   // differently and is set-up in the Zygote). This will instantiate the