OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
6 #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
7 | 7 |
8 namespace content { | 8 namespace content { |
9 | 9 |
10 // These form a bitmask which describes the conditions of the Linux sandbox. | 10 // These form a bitmask which describes the conditions of the Linux sandbox. |
11 // Note: this doesn't strictly give you the current status, it states | 11 // Note: this doesn't strictly give you the current status, it states |
12 // what will be enabled when the relevant processes are initialized. | 12 // what will be enabled when the relevant processes are initialized. |
13 enum LinuxSandboxStatus { | 13 enum LinuxSandboxStatus { |
14 // SUID sandbox active. | 14 // SUID sandbox active. |
15 kSandboxLinuxSUID = 1 << 0, | 15 kSandboxLinuxSUID = 1 << 0, |
16 | 16 |
17 // SUID sandbox is using the PID namespace. | 17 // Sandbox is using a new PID namespace. |
18 kSandboxLinuxPIDNS = 1 << 1, | 18 kSandboxLinuxPIDNS = 1 << 1, |
19 | 19 |
20 // SUID sandbox is using the network namespace. | 20 // Sandbox is using a new network namespace. |
21 kSandboxLinuxNetNS = 1 << 2, | 21 kSandboxLinuxNetNS = 1 << 2, |
22 | 22 |
23 // seccomp-bpf sandbox active. | 23 // seccomp-bpf sandbox active. |
24 kSandboxLinuxSeccompBPF = 1 << 3, | 24 kSandboxLinuxSeccompBPF = 1 << 3, |
25 | 25 |
26 // The Yama LSM module is present and enforcing. | 26 // The Yama LSM module is present and enforcing. |
27 kSandboxLinuxYama = 1 << 4, | 27 kSandboxLinuxYama = 1 << 4, |
28 | 28 |
29 // seccomp-bpf sandbox is active and the kernel supports TSYNC. | 29 // seccomp-bpf sandbox is active and the kernel supports TSYNC. |
30 kSandboxLinuxSeccompTSYNC = 1 << 5, | 30 kSandboxLinuxSeccompTSYNC = 1 << 5, |
31 | 31 |
| 32 // User namespace sandbox active. |
| 33 kSandboxLinuxUserNS = 1 << 6, |
| 34 |
32 // A flag that denotes an invalid sandbox status. | 35 // A flag that denotes an invalid sandbox status. |
33 kSandboxLinuxInvalid = 1 << 31, | 36 kSandboxLinuxInvalid = 1 << 31, |
34 }; | 37 }; |
35 | 38 |
36 } // namespace content | 39 } // namespace content |
37 | 40 |
38 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ | 41 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
OLD | NEW |