Linux Sandbox: move init processes to new session id.

The setuid sandbox creates new PID namespaces. Make sure to have the new init processes be inside a new session id and process group so that children can't signal processes outside of the PID namespace. BUG=446680 Review URL: https://codereview.chromium.org/837083002 Cr-Commit-Position: refs/heads/master@{#310394}
author: jln <jln@chromium.org> 2015-01-07 14:35:38 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-01-07 22:37:19 +0000
commit: f48cead580e6c82a8f3c4ac2a493249da780ee28 (patch)
tree: 58f3427c46e625120e8bdc48e82a7226b51e9b71 /content/zygote
parent: 534e4c722de293815407d06f9f4ad2b78cabee65 (diff)
download: chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.zip
chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.tar.gz
chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
index 8f89580..31fb34e 100644
--- a/content/zygote/zygote_main_linux.cc
+++ b/content/zygote/zygote_main_linux.cc
@@ -417,6 +417,8 @@ static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
         "\n\n";
   }
 
+  CHECK(setuid_sandbox->CreateNewSession());
+
   if (!setuid_sandbox->ChrootMe())
     return false;
author	jln <jln@chromium.org>	2015-01-07 14:35:38 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-01-07 22:37:19 +0000
commit	f48cead580e6c82a8f3c4ac2a493249da780ee28 (patch)
tree	58f3427c46e625120e8bdc48e82a7226b51e9b71 /content/zygote
parent	534e4c722de293815407d06f9f4ad2b78cabee65 (diff)
download	chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.zip chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.tar.gz chromium_src-f48cead580e6c82a8f3c4ac2a493249da780ee28.tar.bz2