diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-06 01:21:08 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-06 01:21:08 +0000 |
| commit | 8504fe5baf7b3e97e4d26ba4cb2b4e368c12586d (patch) | |
| tree | 59090155473cc3e0bc2aba32ccfc32d765ae9c92 /content/utility | |
| parent | 69f30677d6fbd1b0e00ff348f2810725f66f9a2c (diff) | |
| download | chromium_src-8504fe5baf7b3e97e4d26ba4cb2b4e368c12586d.zip chromium_src-8504fe5baf7b3e97e4d26ba4cb2b4e368c12586d.tar.gz chromium_src-8504fe5baf7b3e97e4d26ba4cb2b4e368c12586d.tar.bz2 | |
Linux: initialize the sandbox in the utility process.
We initialize the new Linux sandbox in the utility process. We don't
have a useful policy for this process at the moment, so we only apply
a basic blacklist of system calls.
BUG=93109
Review URL: https://chromiumcodereview.appspot.com/10920057
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155087 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/utility')
| -rw-r--r-- | content/utility/utility_main.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/content/utility/utility_main.cc b/content/utility/utility_main.cc index 711b7bc..6aeff1d 100644 --- a/content/utility/utility_main.cc +++ b/content/utility/utility_main.cc @@ -10,6 +10,7 @@ #include "content/common/child_process.h" #include "content/public/common/content_switches.h" #include "content/public/common/main_function_params.h" +#include "content/public/common/sandbox_init.h" #include "content/utility/utility_thread_impl.h" #if defined(OS_WIN) @@ -25,6 +26,11 @@ int UtilityMain(const content::MainFunctionParams& parameters) { base::SystemMonitor system_monitor; HighResolutionTimerManager hi_res_timer_manager; +#if defined(OS_LINUX) + // Initialize the sandbox before any thread is created. + content::InitializeSandbox(); +#endif + ChildProcess utility_process; utility_process.set_main_thread(new UtilityThreadImpl()); |