Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(619)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/services/credentials.cc

Issue 868233011: Start all children in their own PID namespace. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Only drop capabilities if we have any. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/services/credentials.h ('K') | « sandbox/linux/services/credentials.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/services/credentials.cc
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index c8c679d8515e16db91e2636315f3974747b5066a..e8dd1d943cb0278b439f0efbc07d26f5416629d7 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -148,6 +148,21 @@ bool Credentials::DropAllCapabilities() {
return Credentials::DropAllCapabilities(proc_fd.get());
}
+// static
+bool Credentials::SetCapabilities(int proc_fd,
+ const std::vector<cap_value_t>& caps) {
+ DCHECK_LE(0, proc_fd);
+ CHECK(ThreadHelpers::IsSingleThreaded(proc_fd));
+
+ sandbox::ScopedCap cap(cap_init());
+ PCHECK(cap != nullptr);
+ cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED};
+ for (const cap_flag_t flag : flags) {
+ PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps[0], CAP_SET) == 0);
+ }
+ return cap_set_proc(cap.get()) == 0;
+}
+
bool Credentials::HasAnyCapability() {
ScopedCap current_cap(cap_get_proc());
CHECK(current_cap);
« sandbox/linux/services/credentials.h ('K') | « sandbox/linux/services/credentials.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698