diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-26 04:16:58 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-26 04:16:58 +0000 |
| commit | 6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b (patch) | |
| tree | 9ef514f2ff6af7b7546bcd4aca9b06940fed4fa0 /sandbox/linux | |
| parent | b55d24ae87d4f7287771d71c0d53346536dd0300 (diff) | |
| download | chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.zip chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.tar.gz chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.tar.bz2 | |
Linux: do not associate SIGSYS with the StackDumpSignalHandler
On Linux, SIGSYS is reserved for the kernel's seccomp-bpf feature, so
don't set a handler for it before engaging the sandbox.
When we engage the sandbow we DLOG(FATAL) if there is an existing
signal handler for SIGSYS.
BUG=355453
NOTRY=true
Review URL: https://codereview.chromium.org/209323012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259471 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux')
| -rw-r--r-- | sandbox/linux/seccomp-bpf/trap.cc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc index 553a904..f8b64c9 100644 --- a/sandbox/linux/seccomp-bpf/trap.cc +++ b/sandbox/linux/seccomp-bpf/trap.cc @@ -82,8 +82,11 @@ Trap::Trap() } if (!IsDefaultSignalAction(old_sa)) { - // TODO(jln): make this FATAL, at least in DEBUG mode. - LOG(ERROR) << "Existing signal handler when trying to install SIGSYS"; + static const char kExistingSIGSYSMsg[] = + "Existing signal handler when trying to install SIGSYS. SIGSYS needs " + "to be reserved for seccomp-bpf."; + DLOG(FATAL) << kExistingSIGSYSMsg; + LOG(ERROR) << kExistingSIGSYSMsg; } // Unmask SIGSYS |