diff options
author | thestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-04 04:07:33 +0000 |
---|---|---|
committer | thestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-04 04:07:33 +0000 |
commit | da11a4be3902edcdfb5c2f29925e068ebce36a67 (patch) | |
tree | 87e1a0f45234d74bb16a3ac31a34d8f97ce2a9a3 /chrome/app/chrome_dll_main.cc | |
parent | b862327fcecf4e282bcaf033354ba9073d9777e4 (diff) | |
download | chromium_src-da11a4be3902edcdfb5c2f29925e068ebce36a67.zip chromium_src-da11a4be3902edcdfb5c2f29925e068ebce36a67.tar.gz chromium_src-da11a4be3902edcdfb5c2f29925e068ebce36a67.tar.bz2 |
Add support for getting the real process id from within the suid sandbox. The browser processes gets the real process ids, so they look correct in the task manager. When it asks the zygote to reap a process, we use the process ids internal to the sandbox.
While we are at it, reap the sandbox process after it clones the zygote and figure out zygote's actual process id. Save the actual process id rather than that of the sandbox.
BUG=20012,20714,23072
TEST=Process IDs for renderers should be correct in the task manager and you should be able to use the end process button to kill them.
Review URL: http://codereview.chromium.org/262020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30938 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/app/chrome_dll_main.cc')
-rw-r--r-- | chrome/app/chrome_dll_main.cc | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index f46ec70..22e95d2 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -18,8 +18,8 @@ #elif defined(OS_POSIX) #include <locale.h> #include <signal.h> -#include <sys/types.h> #include <sys/stat.h> +#include <sys/types.h> #include <unistd.h> #endif @@ -27,6 +27,7 @@ #include <gdk/gdk.h> #include <glib.h> #include <gtk/gtk.h> +#include <stdlib.h> #include <string.h> #endif @@ -58,6 +59,7 @@ #if defined(OS_LINUX) #include "base/nss_init.h" #include "chrome/browser/renderer_host/render_sandbox_host_linux.h" +#include "chrome/browser/zygote_host_linux.h" #endif #if defined(OS_MACOSX) @@ -385,7 +387,7 @@ int ChromeMain(int argc, char** argv) { browser_pid = static_cast<base::ProcessId>(StringToInt(WideToASCII(channel_name))); - DCHECK(browser_pid != 0); + DCHECK_NE(browser_pid, 0); #else browser_pid = base::GetCurrentProcId(); #endif @@ -579,8 +581,29 @@ int ChromeMain(int argc, char** argv) { #endif } else if (process_type.empty()) { #if defined(OS_LINUX) - // Tickle the sandbox host so it forks now. - Singleton<RenderSandboxHostLinux>().get(); + const char* sandbox_binary = NULL; + struct stat st; + + // In Chromium branded builds, developers can set an environment variable to + // use the development sandbox. See + // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment + if (stat("/proc/self/exe", &st) == 0 && st.st_uid == getuid()) + sandbox_binary = getenv("CHROME_DEVEL_SANDBOX"); + +#if defined(LINUX_SANDBOX_PATH) + if (!sandbox_binary) + sandbox_binary = LINUX_SANDBOX_PATH; +#endif + + std::string sandbox_cmd; + if (sandbox_binary) + sandbox_cmd = sandbox_binary; + + // Tickle the sandbox host and zygote host so they fork now. + RenderSandboxHostLinux* shost = Singleton<RenderSandboxHostLinux>().get(); + shost->Init(sandbox_cmd); + ZygoteHost* zhost = Singleton<ZygoteHost>().get(); + zhost->Init(sandbox_cmd); // We want to be sure to init NSPR on the main thread. base::EnsureNSPRInit(); @@ -595,7 +618,7 @@ int ChromeMain(int argc, char** argv) { // gtk_init() can change |argc| and |argv|. gtk_init(&argc, &argv); SetUpGLibLogHandler(); -#endif +#endif // defined(OS_LINUX) ScopedOleInitializer ole_initializer; rv = BrowserMain(main_params); |