Index: content/common/sandbox_linux/sandbox_linux.cc |
diff --git a/content/common/sandbox_linux/sandbox_linux.cc b/content/common/sandbox_linux/sandbox_linux.cc |
index 480b2654f3df2bf79eea18923bfbcbee6c262002..998a0fe0b49fda8f1fac98a425d01f800cef2d6b 100644 |
--- a/content/common/sandbox_linux/sandbox_linux.cc |
+++ b/content/common/sandbox_linux/sandbox_linux.cc |
@@ -32,6 +32,7 @@ |
#include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
#include "content/public/common/content_switches.h" |
#include "content/public/common/sandbox_linux.h" |
+#include "sandbox/linux/services/namespace_sandbox.h" |
#include "sandbox/linux/services/proc_util.h" |
#include "sandbox/linux/services/thread_helpers.h" |
#include "sandbox/linux/services/yama.h" |
@@ -115,8 +116,7 @@ LinuxSandbox::LinuxSandbox() |
seccomp_bpf_with_tsync_supported_(false), |
yama_is_enforcing_(false), |
initialize_sandbox_ran_(false), |
- setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) |
-{ |
+ setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { |
if (setuid_sandbox_client_ == NULL) { |
LOG(FATAL) << "Failed to instantiate the setuid sandbox client."; |
} |
@@ -213,6 +213,12 @@ int LinuxSandbox::GetStatus() { |
sandbox_status_flags_ |= kSandboxLinuxPIDNS; |
if (setuid_sandbox_client_->IsInNewNETNamespace()) |
sandbox_status_flags_ |= kSandboxLinuxNetNS; |
+ } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) { |
+ sandbox_status_flags_ |= kSandboxLinuxUserNS; |
+ if (sandbox::NamespaceSandbox::InNewPidNamespace()) |
+ sandbox_status_flags_ |= kSandboxLinuxPIDNS; |
+ if (sandbox::NamespaceSandbox::InNewNetNamespace()) |
+ sandbox_status_flags_ |= kSandboxLinuxNetNS; |
} |
// We report whether the sandbox will be activated when renderers, workers |