diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-15 18:15:08 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-15 18:15:08 +0000 |
| commit | abe3ad93b1996ad1b1aff121dbce6be533e579c3 (patch) | |
| tree | 635542dd62d6b7df4c05a3c39f2c737730e23376 /chrome/app | |
| parent | 89d156b666af4d4f4c83579be31e9092155bbaf7 (diff) | |
| download | chromium_src-abe3ad93b1996ad1b1aff121dbce6be533e579c3.zip chromium_src-abe3ad93b1996ad1b1aff121dbce6be533e579c3.tar.gz chromium_src-abe3ad93b1996ad1b1aff121dbce6be533e579c3.tar.bz2 | |
Linux: Add support for chrooted renderers.
http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
Without filesystem access from the renderers, we need another way of
dealing with fontconfig and font loading.
This add support for:
* An "SBX_D" environment variable in the renderers which is used to
signal the end of dynamic linking so that the chroot can be
enforced.
* A sandbox_host process, running outside the sandbox, to deal with
fontconfig requests from the renderers. See the wiki page for
the reasoning behind making it a separate process.
* A new, custom SkFontHost for Skia. Because this is Chrome
specific, it will live outside the upstream Skia tree. This
FontHost can be configured either to drive fontconfig directly
(for the browser process and for any unsandboxed renderers) or to
use an IPC system. Since the same SkFontHost has to be linked into
both the browser and renderer (they are the same binary), this
switch has to be made at run time.
Sandbox IPC calls are rare (a couple of dozen at page load time) and
add about 50us of overhead for each call.
(Reland of r17575 which was reverted in r17577)
http://codereview.chromium.org/112074
BUG=8081
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18405 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/app')
| -rw-r--r-- | chrome/app/chrome_dll_main.cc | 14 | ||||
| -rw-r--r-- | chrome/app/chrome_main_uitest.cc | 5 |
2 files changed, 3 insertions, 16 deletions
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index 4759d02..c22d05c 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -425,20 +425,6 @@ int ChromeMain(int argc, const char** argv) { InitCrashReporter(); #endif -#if defined(OS_POSIX) - // Bug 11776: we mistakenly created directories world-readable. - // Fix old instances of these directories manually. - // TODO(evanm): remove this code in a month or two. - if (user_data_dir.empty()) { - FilePath fix_dir; - CHECK(PathService::Get(chrome::DIR_USER_DATA, &fix_dir)); - struct stat statbuf; - CHECK(stat(fix_dir.value().c_str(), &statbuf) == 0); - if ((statbuf.st_mode & 0077) != 0) - CHECK(chmod(fix_dir.value().c_str(), 0700) == 0); - } -#endif - bool single_process = #if defined (GOOGLE_CHROME_BUILD) // This is an unsupported and not fully tested mode, so don't enable it for diff --git a/chrome/app/chrome_main_uitest.cc b/chrome/app/chrome_main_uitest.cc index f229751..ea0bbc7 100644 --- a/chrome/app/chrome_main_uitest.cc +++ b/chrome/app/chrome_main_uitest.cc @@ -19,8 +19,9 @@ TEST_F(ChromeMainTest, AppLaunch) { EXPECT_EQ(1, UITest::GetBrowserProcessCount()); } else { #if defined(OS_LINUX) - // On Linux we'll have three processes: browser, renderer and zygote. - EXPECT_EQ(3, UITest::GetBrowserProcessCount()); + // On Linux we'll have four processes: browser, renderer, zygote and + // sandbox helper. + EXPECT_EQ(4, UITest::GetBrowserProcessCount()); #else // We should have two instances of the browser process alive - // one is the Browser and the other is the Renderer. |