diff options
| author | piman@google.com <piman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-22 00:40:48 +0000 |
|---|---|---|
| committer | piman@google.com <piman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-22 00:40:48 +0000 |
| commit | 4730db95815ec2cd4d12063a14cff7cbbeb5fe61 (patch) | |
| tree | 42d41fc0c4a3dc043b1bee04b607c3be9febef4f | |
| parent | 61b8ad79a502d0b3666305307e3cba9208a6c2e9 (diff) | |
| download | chromium_src-4730db95815ec2cd4d12063a14cff7cbbeb5fe61.zip chromium_src-4730db95815ec2cd4d12063a14cff7cbbeb5fe61.tar.gz chromium_src-4730db95815ec2cd4d12063a14cff7cbbeb5fe61.tar.bz2 | |
linux: add command-line flag to allow debugging of sandboxed processes
Review URL: http://codereview.chromium.org/159124
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21248 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 3 | ||||
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 16 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 3 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 2 |
4 files changed, 20 insertions, 4 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index b055834..9f9e4aa 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -64,6 +64,9 @@ ZygoteHost::ZygoteHost() { browser_command_line.GetSwitchValue(switches::kZygoteCmdPrefix); cmd_line.PrependWrapper(prefix); } + if (browser_command_line.HasSwitch(switches::kAllowSandboxDebugging)) { + cmd_line.AppendSwitch(switches::kAllowSandboxDebugging); + } const char* sandbox_binary = NULL; struct stat st; diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index 2d410fb..3d3df87 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -19,6 +19,7 @@ #include "chrome/browser/zygote_host_linux.h" #include "chrome/common/chrome_descriptors.h" +#include "chrome/common/chrome_switches.h" #include "chrome/common/main_function_params.h" #include "chrome/common/process_watcher.h" #include "chrome/common/sandbox_methods_linux.h" @@ -337,10 +338,17 @@ static bool MaybeEnterChroot() { // However, now that we have a zygote model, only the (trusted) zygote // exists at this point and we can set the non-dumpable flag which is // inherited by all our renderer children. - prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); - if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { - LOG(ERROR) << "Failed to set non-dumpable flag"; - return false; + // + // Note: a non-dumpable process can't be debugged. To debug sandbox-related + // issues, one can specify --allow-sandbox-debugging to let the process be + // dumpable. + const CommandLine& command_line = *CommandLine::ForCurrentProcess(); + if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { + prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); + if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { + LOG(ERROR) << "Failed to set non-dumpable flag"; + return false; + } } } else { SkiaFontConfigUseDirectImplementation(); diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 6528ae1..85b08a1 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -557,4 +557,7 @@ const wchar_t kEnableLocalStorage[] = L"enable-local-storage"; // Enable session storage. Still buggy. const wchar_t kEnableSessionStorage[] = L"enable-session-storage"; +// Allows debugging of sandboxed processes (see zygote_main_linux.cc). +const wchar_t kAllowSandboxDebugging[] = L"allow-sandbox-debugging"; + } // namespace switches diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 3af9fb2..0727da2 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -215,6 +215,8 @@ extern const wchar_t kEnableLocalStorage[]; extern const wchar_t kEnableSessionStorage[]; +extern const wchar_t kAllowSandboxDebugging[]; + } // namespace switches #endif // CHROME_COMMON_CHROME_SWITCHES_H_ |