diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-05 00:41:35 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-05 00:41:35 +0000 |
| commit | 576748e8df1fdb8a21958671fe860946f12c82f5 (patch) | |
| tree | 39ee1e687827696ad9f93e295663f0d16fd4f9d5 /content/zygote | |
| parent | a20c8117da469beddfa765577255f5f5b7c28939 (diff) | |
| download | chromium_src-576748e8df1fdb8a21958671fe860946f12c82f5.zip chromium_src-576748e8df1fdb8a21958671fe860946f12c82f5.tar.gz chromium_src-576748e8df1fdb8a21958671fe860946f12c82f5.tar.bz2 | |
Linux Zygote: add sanity checks and cleanup
- Put FontConfigIPC creation in PreSandboxInit().
- Add a sanity check for being single threaded.
BUG=269816
R=markus@chromium.org
Review URL: https://codereview.chromium.org/23830004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221320 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/zygote')
| -rw-r--r-- | content/zygote/zygote_main_linux.cc | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc index 1f0e9f5..3ae08e5 100644 --- a/content/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -16,10 +16,7 @@ #include "base/basictypes.h" #include "base/command_line.h" -#include "base/containers/hash_tables.h" -#include "base/files/file_path.h" #include "base/linux_util.h" -#include "base/memory/scoped_ptr.h" #include "base/native_library.h" #include "base/pickle.h" #include "base/posix/eintr_wrapper.h" @@ -304,6 +301,8 @@ static void PreSandboxInit() { #if defined(ENABLE_WEBRTC) InitializeWebRtcModule(); #endif + SkFontConfigInterface::SetGlobal( + new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref(); } // Do nothing here @@ -384,16 +383,22 @@ static bool CreateInitProcessReaper() { // This will set the *using_suid_sandbox variable to true if the SUID sandbox // is enabled. This does not necessarily exclude other types of sandboxing. -static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox, - bool* using_suid_sandbox, bool* has_started_new_init) { +static bool EnterSuidSandbox(LinuxSandbox* linux_sandbox, + bool* using_suid_sandbox, + bool* has_started_new_init) { *using_suid_sandbox = false; *has_started_new_init = false; + + sandbox::SetuidSandboxClient* setuid_sandbox = + linux_sandbox->setuid_sandbox_client(); + if (!setuid_sandbox) return false; PreSandboxInit(); - SkFontConfigInterface::SetGlobal( - new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref(); + + // Check that the pre-sandbox initialization didn't spawn threads. + DCHECK(linux_sandbox->IsSingleThreaded()); if (setuid_sandbox->IsSuidSandboxChild()) { // Use the SUID sandbox. This still allows the seccomp sandbox to @@ -461,9 +466,6 @@ bool ZygoteMain(const MainFunctionParams& params, // This will pre-initialize the various sandboxes that need it. linux_sandbox->PreinitializeSandbox(); - sandbox::SetuidSandboxClient* setuid_sandbox = - linux_sandbox->setuid_sandbox_client(); - if (forkdelegate != NULL) { VLOG(1) << "ZygoteMain: initializing fork delegate"; forkdelegate->Init(Zygote::kMagicSandboxIPCDescriptor); @@ -475,14 +477,17 @@ bool ZygoteMain(const MainFunctionParams& params, bool using_suid_sandbox = false; bool has_started_new_init = false; - if (!EnterSandbox(setuid_sandbox, - &using_suid_sandbox, - &has_started_new_init)) { + if (!EnterSuidSandbox(linux_sandbox, + &using_suid_sandbox, + &has_started_new_init)) { LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " << errno << ")"; return false; } + sandbox::SetuidSandboxClient* setuid_sandbox = + linux_sandbox->setuid_sandbox_client(); + if (setuid_sandbox->IsInNewPIDNamespace() && !has_started_new_init) { LOG(ERROR) << "The SUID sandbox created a new PID namespace but Zygote " "is not the init process. Please, make sure the SUID " |