diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-15 01:41:50 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-15 01:41:50 +0000 |
| commit | 214d0fde9003f6057ec81ba54929f4ea2d2da1fb (patch) | |
| tree | 47df0fc8b9d9b28f9ba4f79821c5c79e5104f6ed /chrome/browser/zygote_host_linux.cc | |
| parent | 880d489c99d671e440e5a7aecd6b69a7b3de57fe (diff) | |
| download | chromium_src-214d0fde9003f6057ec81ba54929f4ea2d2da1fb.zip chromium_src-214d0fde9003f6057ec81ba54929f4ea2d2da1fb.tar.gz chromium_src-214d0fde9003f6057ec81ba54929f4ea2d2da1fb.tar.bz2 | |
Linux: fix for developing on a machine with google-chrome packages installed.
The latest google-chrome packages contain a sandbox binary, which the
development builds of chromium will pick up on automatically. However,
for safety reasons, the sandbox binary will only exec a fixed chrome
binary location. Since development builds will be somewhere else in
the filesystem, this means that they will fail to start their zygote
processes and generally be very sad.
However, we /do/ want people developing with the sandbox, but we don't
want the general sandbox binary to be able to exec anything. We could
have chromium try and find its sandbox binary relative to the build
directory, but some people build on NFS and, since the sandbox binary
needs to be SUID, this won't work for them.
Instead, we add a new target: chrome_devel_sandbox which developers
can use. This builds a sandbox binary that will exec anything which is
owned by the running user. This alternative sandbox binary can be
selected by exporting CHROME_DEVEL_SANDBOX.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20709 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/zygote_host_linux.cc')
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index bc6eba1..d48f9da 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -47,17 +47,21 @@ ZygoteHost::ZygoteHost() { cmd_line.PrependWrapper(prefix); } + const char* sandbox_binary = getenv("CHROME_DEVEL_SANDBOX"); + if (!sandbox_binary) + sandbox_binary = kSandboxBinary; + struct stat st; - if (stat(kSandboxBinary, &st) == 0) { - if (access(kSandboxBinary, X_OK) == 0 && + if (stat(sandbox_binary, &st) == 0) { + if (access(sandbox_binary, X_OK) == 0 && (st.st_mode & S_ISUID) && (st.st_mode & S_IXOTH)) { - cmd_line.PrependWrapper(ASCIIToWide(kSandboxBinary)); + cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary)); } else { LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " "configured correctly. Rather than run without sandboxing " "I'm aborting now. You need to make sure that " - << kSandboxBinary << " is mode 4755."; + << sandbox_binary << " is mode 4755."; } } |