sandbox/linux/services/namespace_sandbox.cc - Issue 881733002: Add namespace sandbox class.

Side by Side Diff: sandbox/linux/services/namespace_sandbox.cc

Issue 881733002: Add namespace sandbox class. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Misc small changes Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "sandbox/linux/services/namespace_sandbox.h"

	6

	7 #include <sched.h>

	8 #include <stdlib.h>

	9 #include <unistd.h>

	10

	11 #include <string>

	12

	13 #include "base/bind.h"

	14 #include "base/environment.h"

	15 #include "base/logging.h"

	16 #include "base/posix/eintr_wrapper.h"

	17 #include "base/strings/stringprintf.h"

	18 #include "sandbox/linux/services/namespace_utils.h"

	19

	20 namespace sandbox {

	21

	22 namespace {

	23 const char kPipeValue = '\xcc';

	24

	25 void SetEnvironForNamespaceType(base::EnvironmentMap* environ,

	26 base::NativeEnvironmentString env_var,

	27 bool value) {

	28 // An empty string causes the env var to be unset in the child process.

	29 (*environ)[env_var] = value ? "1" : "";

	30 }

	31

	32 const char kSandboxUSERNSEnvironmentVarName[] = "SBX_USER_NS";

	33 const char kSandboxPIDNSEnvironmentVarName[] = "SBX_PID_NS";

	34 const char kSandboxNETNSEnvironmentVarName[] = "SBX_NET_NS";

	35

	36 } // namespace

	37

	38 NamespaceSandbox::NamespaceSandbox() {

	39 }

	40

	41 NamespaceSandbox::~NamespaceSandbox() {

	42 }

	43

	44 void NamespaceSandbox::SetupLaunchOptions(

	45 base::LaunchOptions* options,

	46 base::FileHandleMappingVector* fds_to_remap) {

	47 int clone_flags = 0;

	48 int ns_types[] = {CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET};

	49 for (const int ns_type : ns_types) {

	50 if (NamespaceUtils::KernelSupportsUnprivilegedNamespace(ns_type)) {

	51 clone_flags \|= ns_type;

	52 }

	53 }

	54

	55 CHECK(clone_flags & CLONE_NEWUSER);

	56

	57 base::EnvironmentMap* environ = &options->environ;
	jln (very slow on Chromium) 2015/01/28 02:34:39 DCHECK environ? DCHECK environ? rickyz (no longer on Chrome) 2015/01/29 00:57:48 Don't think this is needed since environ isn't a p Show quoted text On 2015/01/28 02:34:39, jln wrote: > DCHECK environ? Don't think this is needed since environ isn't a pointer (seems LaunchOptions is a little inconsistent about using pointers or embedding classes).
	58 SetEnvironForNamespaceType(environ, kSandboxUSERNSEnvironmentVarName,
	jln (very slow on Chromium) 2015/01/28 02:34:39 For loop? For loop? rickyz (no longer on Chrome) 2015/01/29 00:57:48 Done. Show quoted text On 2015/01/28 02:34:39, jln wrote: > For loop? Done.
	59 clone_flags & CLONE_NEWUSER);

	60 SetEnvironForNamespaceType(environ, kSandboxPIDNSEnvironmentVarName,

	61 clone_flags & CLONE_NEWPID);

	62 SetEnvironForNamespaceType(environ, kSandboxNETNSEnvironmentVarName,

	63 clone_flags & CLONE_NEWNET);

	64

	65 int fds[2];

	66 PCHECK(pipe(fds) == 0);

	67 read_fd_.reset(fds[0]);

	68 write_fd_.reset(fds[1]);

	69 fds_to_remap->push_back(std::make_pair(read_fd_.get(), read_fd_.get()));

	70 read_from_pipe_delegate_.set_fd(read_fd_.get());

	71 options->pre_exec_delegate = &read_from_pipe_delegate_;

	72 options->clone_flags = clone_flags;

	73 }

	74

	75 void NamespaceSandbox::PrepareSandboxedProcess(base::ProcessId pid) {

	76 read_fd_.reset();
	jln (very slow on Chromium) 2015/01/28 02:34:38 This should destruct the ReadFromPipeDelegate inst This should destruct the ReadFromPipeDelegate instead, no? rickyz (no longer on Chrome) 2015/01/29 00:57:48 See the other comment about read_fd_ ownership - t Show quoted text On 2015/01/28 02:34:38, jln wrote: > This should destruct the ReadFromPipeDelegate instead, no? See the other comment about read_fd_ ownership - the summary is that I didn't want ReadFromPipeDelegate to own it because ReadFromPipeDelegate is only meaningful in the child, and ReadFromPipeDelegate won't ever be destroyed in the child.
	77

	78 const std::string uid_map_path = base::StringPrintf("/proc/%d/uid_map", pid);

	79 const std::string gid_map_path = base::StringPrintf("/proc/%d/gid_map", pid);

	80 NamespaceUtils::WriteToIdMapFile(uid_map_path.c_str(), getuid());

	81 NamespaceUtils::WriteToIdMapFile(gid_map_path.c_str(), getgid());

	82

	83 PCHECK(HANDLE_EINTR(write(write_fd_.get(), &kPipeValue, 1)) == 1);

	84 write_fd_.reset();

	85 }

	86

	87 bool NamespaceSandbox::InNewUserNamespace() {

	88 return getenv(kSandboxUSERNSEnvironmentVarName) != nullptr;

	89 }

	90

	91 bool NamespaceSandbox::InNewPidNamespace() {

	92 return getenv(kSandboxPIDNSEnvironmentVarName) != nullptr;

	93 }

	94

	95 bool NamespaceSandbox::InNewNetNamespace() {

	96 return getenv(kSandboxNETNSEnvironmentVarName) != nullptr;

	97 }

	98

	99 NamespaceSandbox::ReadFromPipeDelegate::ReadFromPipeDelegate() : fd_(-1) {

	100 }

	101

	102 NamespaceSandbox::ReadFromPipeDelegate::~ReadFromPipeDelegate() {

	103 }

	104

	105 void NamespaceSandbox::ReadFromPipeDelegate::RunAsyncSafe() {

	106 char c;

	107 RAW_CHECK(HANDLE_EINTR(read(fd_, &c, 1)) == 1);

	108 RAW_CHECK(IGNORE_EINTR(close(fd_)) == 0);

	109 RAW_CHECK(c == kPipeValue);

	110 }

	111

	112 void NamespaceSandbox::ReadFromPipeDelegate::set_fd(int fd) {

	113 fd_ = fd;

	114 }

	115

	116 } // namespace sandbox

OLD	NEW