Seccomp Sandbox: detect a bug with old glibcs

With some version of the Seccomp BPF kernel patch, an old glibc and a kernel using vsyscall=emulate would cause a SIGKILL under a seccomp BPF policy. We now detect this condition in supportsSeccompSandbox(). BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10703183 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146902 0039d316-1c4b-4281-b951-d872f2087c98
author: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-07-16 21:57:35 +0000
committer: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-07-16 21:57:35 +0000
commit: 70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8 (patch)
tree: b142a2de4d51baa191b905b17dda0a3850ba2eba /sandbox/linux/seccomp-bpf/sandbox_bpf.h
parent: d7e04f6545160d93b31f6a270117373c617761f8 (diff)
download: chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.zip
chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.tar.gz
chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index d545dd2..d97aeaf 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -343,7 +343,13 @@ class Sandbox {
   typedef std::map<std::pair<TrapFnc, const void *>, int> TrapIds;
 
   static ErrorCode probeEvaluator(int signo) __attribute__((const));
+  static void      probeProcess(void);
+  static ErrorCode allowAllEvaluator(int signo);
+  static void      tryVsyscallProcess(void);
   static bool      kernelSupportSeccompBPF(int proc_fd);
+  static bool      RunFunctionInPolicy(void (*function)(),
+                                       EvaluateSyscall syscallEvaluator,
+                                       int proc_fd);
   static bool      isSingleThreaded(int proc_fd);
   static bool      disableFilesystem();
   static void      policySanityChecks(EvaluateSyscall syscallEvaluator,
author	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-07-16 21:57:35 +0000
committer	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-07-16 21:57:35 +0000
commit	70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8 (patch)
tree	b142a2de4d51baa191b905b17dda0a3850ba2eba /sandbox/linux/seccomp-bpf/sandbox_bpf.h
parent	d7e04f6545160d93b31f6a270117373c617761f8 (diff)
download	chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.zip chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.tar.gz chromium_src-70d19da03e8edc5610bc5c8fff5cc1fbca5e37c8.tar.bz2