diff options
author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-02 20:38:04 +0000 |
---|---|---|
committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-02 20:38:04 +0000 |
commit | 3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1 (patch) | |
tree | f640e2b6c6112d799d35bcdd8d987132813418ea /content/common/sandbox_init_linux.cc | |
parent | a00ca09cd8f799f984f2856aaeac3308dc948071 (diff) | |
download | chromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.zip chromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.tar.gz chromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.tar.bz2 |
Create a LinuxSandbox class.
The LinuxSandbox class aims to become the central place for Linux
sandboxing inside content/.
For now, this refactors mostly code from the Zygote.
BUG=
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/10826093
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149692 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r-- | content/common/sandbox_init_linux.cc | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index c7066c62..b9cafa2 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -32,6 +32,7 @@ #include "base/file_util.h" #include "base/logging.h" #include "base/time.h" +#include "content/common/sandbox_linux.h" #include "content/public/common/content_switches.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" @@ -538,23 +539,6 @@ bool InitializeBpfSandbox_x86(const CommandLine& command_line, return true; } -bool InitializeLegacySandbox_x86(const CommandLine& command_line, - const std::string& process_type) { -#if defined(SECCOMP_SANDBOX) - // Start the old seccomp mode 1 (sandbox/linux/seccomp-legacy). - if (process_type == switches::kRendererProcess && SeccompSandboxEnabled()) { - // N.b. SupportsSeccompSandbox() returns a cached result, as we already - // called it earlier in the zygote. Thus, it is OK for us to not pass in - // a file descriptor for "/proc". - if (SupportsSeccompSandbox(-1)) { - StartSeccompSandbox(); - return true; - } - } -#endif - return false; -} - } // anonymous namespace #endif // defined(__i386__) || defined(__x86_64__) @@ -571,7 +555,7 @@ void InitializeSandbox() { // First, try to enable seccomp-legacy. seccomp_legacy_started = - InitializeLegacySandbox_x86(command_line, process_type); + LinuxSandbox::GetInstance()->StartSeccompLegacy(process_type); if (seccomp_legacy_started) LogSandboxStarted("seccomp-legacy", process_type); |