summaryrefslogtreecommitdiffstats
path: root/sandbox
diff options
context:
space:
mode:
authormarkus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-23 00:19:29 +0000
committermarkus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-23 00:19:29 +0000
commit811430d640be417604665d1f73a4d02e9eb50f56 (patch)
tree0f6d48017cbb412ed370ad305ff8ed493256e51c /sandbox
parentf5aaac9ce64cc36c17fbb06757e59465e0af1f02 (diff)
downloadchromium_src-811430d640be417604665d1f73a4d02e9eb50f56.zip
chromium_src-811430d640be417604665d1f73a4d02e9eb50f56.tar.gz
chromium_src-811430d640be417604665d1f73a4d02e9eb50f56.tar.bz2
If /tmp is not a POSIX file system, try to use /dev/shm for creating our
temporary directory. BUG=30926 TEST=tested with tmpfs, ext3 and NFS Review URL: http://codereview.chromium.org/650177 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39679 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r--sandbox/linux/suid/sandbox.c61
1 files changed, 58 insertions, 3 deletions
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index 9ff55dc..e4968c9 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -23,6 +23,7 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <sys/vfs.h>
#include <unistd.h>
#include "linux_util.h"
@@ -33,6 +34,28 @@
#define CLONE_NEWPID 0x20000000
#endif
+#if !defined(BTRFS_SUPER_MAGIC)
+#define BTRFS_SUPER_MAGIC 0x9123683E
+#endif
+#if !defined(EXT2_SUPER_MAGIC)
+#define EXT2_SUPER_MAGIC 0xEF53
+#endif
+#if !defined(EXT3_SUPER_MAGIC)
+#define EXT3_SUPER_MAGIC 0xEF53
+#endif
+#if !defined(EXT4_SUPER_MAGIC)
+#define EXT4_SUPER_MAGIC 0xEF53
+#endif
+#if !defined(REISERFS_SUPER_MAGIC)
+#define REISERFS_SUPER_MAGIC 0x52654973
+#endif
+#if !defined(TMPFS_MAGIC)
+#define TMPFS_MAGIC 0x01021994
+#endif
+#if !defined(XFS_SUPER_MAGIC)
+#define XFS_SUPER_MAGIC 0x58465342
+#endif
+
static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
// These are the magic byte values which the sandboxed process uses to request
@@ -60,10 +83,40 @@ static int CloneChrootHelperProcess() {
return -1;
}
+ // Some people mount /tmp on a non-POSIX filesystem (e.g. NFS). This
+ // breaks all sorts of assumption in our code. So, if we don't recognize the
+ // filesystem, we will try to use an alternative location for our temp
+ // directory.
+ char tempDirectoryTemplate[80] = "/tmp/chrome-sandbox-chroot-XXXXXX";
+ struct statfs sfs;
+ if (!statfs("/tmp", &sfs) &&
+ sfs.f_type != BTRFS_SUPER_MAGIC &&
+ sfs.f_type != EXT2_SUPER_MAGIC &&
+ sfs.f_type != EXT3_SUPER_MAGIC &&
+ sfs.f_type != EXT4_SUPER_MAGIC &&
+ sfs.f_type != REISERFS_SUPER_MAGIC &&
+ sfs.f_type != TMPFS_MAGIC &&
+ sfs.f_type != XFS_SUPER_MAGIC) {
+ // If /dev/shm exists, it is supposed to be a tmpfs filesystem. While we
+ // are not actually using it for shared memory, moving our temp directory
+ // into a known tmpfs filesystem is preferable over using a potentially
+ // unreliable non-POSIX filesystem.
+ if (!statfs("/dev/shm", &sfs) && sfs.f_type == TMPFS_MAGIC) {
+ *tempDirectoryTemplate = '\000';
+ strncat(tempDirectoryTemplate, "/dev/shm/chrome-sandbox-chroot-XXXXXX",
+ sizeof(tempDirectoryTemplate) - 1);
+ } else {
+ // Neither /tmp is a well-known POSIX filesystem, nor /dev/shm is a
+ // tmpfs. After all, we now use /tmp as the location of our temp
+ // directory, but we quite likely fail the moment we try to access it
+ // through chroot_dir_fd. If so, we will print a verbose error message
+ // (see below)
+ }
+ }
+
// We create a temp directory for our chroot. Nobody should ever write into
// it, so it's root:root mode 000.
- char kTempDirectoryTemplate[] = "/tmp/chrome-sandbox-chroot-XXXXXX";
- const char* temp_dir = mkdtemp(kTempDirectoryTemplate);
+ const char* temp_dir = mkdtemp(tempDirectoryTemplate);
if (!temp_dir) {
perror("Failed to create temp directory for chroot");
return -1;
@@ -90,7 +143,9 @@ static int CloneChrootHelperProcess() {
}
if (fchown(chroot_dir_fd, 0 /* root */, 0 /* root */)) {
- perror("fchown");
+ fprintf(stderr, "Could not set up sandbox work directory. Maybe, /tmp is "
+ "a non-POSIX filesystem and /dev/shm doesn't exist "
+ "either. Consider mounting a \"tmpfs\" on /tmp.\n");
return -1;
}