diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-30 17:34:50 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-30 17:34:50 +0000 |
| commit | 7743befc5958f307f693566b1bcd1a77a44ed7a8 (patch) | |
| tree | ea3b9457ef552671f767205213bfa023ac438b0b /components | |
| parent | fa4b726c964357821842cb55b498c457463553bf (diff) | |
| download | chromium_src-7743befc5958f307f693566b1bcd1a77a44ed7a8.zip chromium_src-7743befc5958f307f693566b1bcd1a77a44ed7a8.tar.gz chromium_src-7743befc5958f307f693566b1bcd1a77a44ed7a8.tar.bz2 | |
Linux NaCl: forward sandbox-related command line flags to the helper.
Forward a few command line flags to the NaCl helper from the browser.
Presently, we added:
--no-sandbox
--disable-seccomp-filter-sandbox
BUG=264942
R=mseaborn@chromium.org
Review URL: https://codereview.chromium.org/21022009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@214388 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components')
| -rw-r--r-- | components/nacl/zygote/nacl_fork_delegate_linux.cc | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc index c9efe31..8445342 100644 --- a/components/nacl/zygote/nacl_fork_delegate_linux.cc +++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc @@ -24,6 +24,7 @@ #include "components/nacl/common/nacl_helper_linux.h" #include "components/nacl/common/nacl_paths.h" #include "components/nacl/common/nacl_switches.h" +#include "content/public/common/content_switches.h" namespace { @@ -62,7 +63,7 @@ bool NonZeroSegmentBaseIsSlow() { } #endif -} +} // namespace. NaClForkDelegate::NaClForkDelegate() : status_(kNaClHelperUnused), @@ -112,14 +113,38 @@ void NaClForkDelegate::Init(const int sandboxdesc) { } else if (RunningOnValgrind()) { status_ = kNaClHelperValgrind; } else { - CommandLine cmd_line(CommandLine::NO_PROGRAM); + CommandLine::StringVector argv_to_launch; + { + CommandLine cmd_line(CommandLine::NO_PROGRAM); + if (kUseNaClBootstrap) + cmd_line.SetProgram(helper_bootstrap_exe); + else + cmd_line.SetProgram(helper_exe); + + // Append any switches that need to be forwarded to the NaCl helper. + static const char* kForwardSwitches[] = { + switches::kDisableSeccompFilterSandbox, + switches::kNoSandbox, + }; + const CommandLine& current_cmd_line = *CommandLine::ForCurrentProcess(); + cmd_line.CopySwitchesFrom(current_cmd_line, kForwardSwitches, + arraysize(kForwardSwitches)); + + // The command line needs to be tightly controlled to use + // |helper_bootstrap_exe|. So from now on, argv_to_launch should be + // modified directly. + argv_to_launch = cmd_line.argv(); + } if (kUseNaClBootstrap) { - cmd_line.SetProgram(helper_bootstrap_exe); - cmd_line.AppendArgPath(helper_exe); - cmd_line.AppendArgNative(kNaClHelperReservedAtZero); - cmd_line.AppendArgNative(kNaClHelperRDebug); - } else { - cmd_line.SetProgram(helper_exe); + // Arguments to the bootstrap helper which need to be at the start + // of the command line, right after the helper's path. + CommandLine::StringVector bootstrap_prepend; + bootstrap_prepend.push_back(helper_exe.value()); + bootstrap_prepend.push_back(kNaClHelperReservedAtZero); + bootstrap_prepend.push_back(kNaClHelperRDebug); + argv_to_launch.insert(argv_to_launch.begin() + 1, + bootstrap_prepend.begin(), + bootstrap_prepend.end()); } base::LaunchOptions options; options.fds_to_remap = &fds_to_map; @@ -135,7 +160,7 @@ void NaClForkDelegate::Init(const int sandboxdesc) { max_these_limits.insert(RLIMIT_AS); options.maximize_rlimits = &max_these_limits; - if (!base::LaunchProcess(cmd_line.argv(), options, NULL)) + if (!base::LaunchProcess(argv_to_launch, options, NULL)) status_ = kNaClHelperLaunchFailed; // parent and error cases are handled below } |