chromium_src.git - central chromium sources

diff options

author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-05-24 15:19:01 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-05-24 15:19:01 +0000
commit	a8ad46902facb0bbacb80deb5dbae9af15f48f2e (patch)
tree	f57122a5aaccd5530a8a97d71787e0ce044b7bfa /chrome/browser/defaults.cc
parent	34fb7a75707023ab174735edb21afd609423efb3 (diff)
download	chromium_src-a8ad46902facb0bbacb80deb5dbae9af15f48f2e.zip chromium_src-a8ad46902facb0bbacb80deb5dbae9af15f48f2e.tar.gz chromium_src-a8ad46902facb0bbacb80deb5dbae9af15f48f2e.tar.bz2

Add NEWNS and NEWNET to the SUID sandbox.

This patch attempts to fork off the sandboxed process with the additional NEWNS and NEWNET flags. If these flags aren't supported at runtime then the code will degrade to the current behaviour. NEWNS starts children in a new mount namespace so that they cannot affect the parent's mounts. (This is a little bit useless every little helps.) NEWNET starts children in a new network space, initially with no network devices and this stops sandboxed processes from talking to the network. Additionally, children exist in their own namespaces for UNIX domain sockets and the abstract namespace. http://codereview.chromium.org/2108020/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48040 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'chrome/browser/defaults.cc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: