summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_init_linux.cc
diff options
context:
space:
mode:
authorjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-02 20:38:04 +0000
committerjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-02 20:38:04 +0000
commit3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1 (patch)
treef640e2b6c6112d799d35bcdd8d987132813418ea /content/common/sandbox_init_linux.cc
parenta00ca09cd8f799f984f2856aaeac3308dc948071 (diff)
downloadchromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.zip
chromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.tar.gz
chromium_src-3c52f8ede1c294f704fdcb162c7a02fb4eb7e7f1.tar.bz2
Create a LinuxSandbox class.
The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149692 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r--content/common/sandbox_init_linux.cc20
1 files changed, 2 insertions, 18 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index c7066c62..b9cafa2 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -32,6 +32,7 @@
#include "base/file_util.h"
#include "base/logging.h"
#include "base/time.h"
+#include "content/common/sandbox_linux.h"
#include "content/public/common/content_switches.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
@@ -538,23 +539,6 @@ bool InitializeBpfSandbox_x86(const CommandLine& command_line,
return true;
}
-bool InitializeLegacySandbox_x86(const CommandLine& command_line,
- const std::string& process_type) {
-#if defined(SECCOMP_SANDBOX)
- // Start the old seccomp mode 1 (sandbox/linux/seccomp-legacy).
- if (process_type == switches::kRendererProcess && SeccompSandboxEnabled()) {
- // N.b. SupportsSeccompSandbox() returns a cached result, as we already
- // called it earlier in the zygote. Thus, it is OK for us to not pass in
- // a file descriptor for "/proc".
- if (SupportsSeccompSandbox(-1)) {
- StartSeccompSandbox();
- return true;
- }
- }
-#endif
- return false;
-}
-
} // anonymous namespace
#endif // defined(__i386__) || defined(__x86_64__)
@@ -571,7 +555,7 @@ void InitializeSandbox() {
// First, try to enable seccomp-legacy.
seccomp_legacy_started =
- InitializeLegacySandbox_x86(command_line, process_type);
+ LinuxSandbox::GetInstance()->StartSeccompLegacy(process_type);
if (seccomp_legacy_started)
LogSandboxStarted("seccomp-legacy", process_type);