diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-07 06:09:38 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-07 06:09:38 +0000 |
| commit | a9c54a176540e3a8173d72a1794cac3855bc9ce0 (patch) | |
| tree | 7d316f2558c7e4f923d0c97ef45c4ed08b59cb45 /sandbox/linux/seccomp/sandbox.h | |
| parent | 282f4d24b40587c701ede40b014035ceffc9a3ea (diff) | |
| download | chromium_src-a9c54a176540e3a8173d72a1794cac3855bc9ce0.zip chromium_src-a9c54a176540e3a8173d72a1794cac3855bc9ce0.tar.gz chromium_src-a9c54a176540e3a8173d72a1794cac3855bc9ce0.tar.bz2 | |
Allow the seccomp sandbox to be enabled, even if the suid sandbox has
already put a chroot() jail around it. The only tricky part is access
to /proc/self/maps, but we can safely pass in an open file descriptor.
BUG=26527
Review URL: http://codereview.chromium.org/371047
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31372 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux/seccomp/sandbox.h')
| -rw-r--r-- | sandbox/linux/seccomp/sandbox.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sandbox/linux/seccomp/sandbox.h b/sandbox/linux/seccomp/sandbox.h index 4c5d10a..9873e9d 100644 --- a/sandbox/linux/seccomp/sandbox.h +++ b/sandbox/linux/seccomp/sandbox.h @@ -1,7 +1,8 @@ #ifndef SANDBOX_H__ #define SANDBOX_H__ -extern "C" int SupportsSeccompSandbox(); +extern "C" int SupportsSeccompSandbox(int proc_fd); +extern "C" void SeccompSandboxSetProcSelfMaps(int proc_self_maps); extern "C" void StartSeccompSandbox(); #endif // SANDBOX_H__ |