Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2035)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 733303004: Linux sandbox: change API to start the sandbox (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rewrap comment. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/sandbox_linux/sandbox_init_linux.cc ('k') | content/common/sandbox_linux/sandbox_linux.cc » ('j') | content/public/common/sandbox_init.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/sandbox_linux.h
diff --git a/content/common/sandbox_linux/sandbox_linux.h b/content/common/sandbox_linux/sandbox_linux.h
index a5a232277e9f87843da45b7f001a6fabef45578c..804e18f2586d7da73e66f02e616fbf7c4b463b7f 100644
--- a/content/common/sandbox_linux/sandbox_linux.h
+++ b/content/common/sandbox_linux/sandbox_linux.h
@@ -6,6 +6,7 @@
#define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
#include <string>
+#include <vector>
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
@@ -49,8 +50,21 @@ class LinuxSandbox {
// Do some initialization that can only be done before any of the sandboxes
// are enabled. If using the setuid sandbox, this should be called manually
// before the setuid sandbox is engaged.
+ // Security: When this runs, it is imperative that either InitializeSandbox()
+ // runs as well or that all file descriptors returned in
+ // GetFileDescriptorsToClose()
Jorge Lucangeli Obes 2014/11/24 23:48:33 This formatting is super weird.
jln (very slow on Chromium) 2014/11/25 01:30:48 Yeah, sorry clang-format seems to always start a n
+ // get closed.
+ // Otherwise file descriptors that bypass the security of the setuid sandbox
+ // would be kept open. One must be particularly careful if a process performs
+ // a fork().
void PreinitializeSandbox();
+ // Return a list of file descriptors to close if PreinitializeSandbox() ran
+ // but
Jorge Lucangeli Obes 2014/11/24 23:48:33 Ditto. Are you trying to keep function names in th
jln (very slow on Chromium) 2014/11/25 01:30:48 Done.
+ // InitializeSandbox won't. Avoid using.
+ // TODO(jln): get rid of this hack.
+ std::vector<int> GetFileDescriptorsToClose();
+
// Initialize the sandbox with the given pre-built configuration. Currently
// seccomp-bpf and address space limitations (the setuid sandbox works
// differently and is set-up in the Zygote). This will instantiate the
@@ -132,6 +146,7 @@ class LinuxSandbox {
bool pre_initialized_;
bool seccomp_bpf_supported_; // Accurate if pre_initialized_.
bool yama_is_enforcing_; // Accurate if pre_initialized_.
+ bool initialize_sandbox_ran_; // InitializeSandbox() was called.
scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
#if defined(ANY_OF_AMTLU_SANITIZER)
scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
« no previous file with comments | « content/common/sandbox_linux/sandbox_init_linux.cc ('k') | content/common/sandbox_linux/sandbox_linux.cc » ('j') | content/public/common/sandbox_init.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698