diff options
author | jln <jln@chromium.org> | 2015-02-24 15:47:50 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-02-24 23:49:00 +0000 |
commit | a808341e8c2ff9350ede2546dffcf5eb1e9addb4 (patch) | |
tree | b67436f8755032a4cf7cbaad2b64db693bfd5ac5 /sandbox | |
parent | c6fba2038847af745dc3c7a853fb8fd50adb0917 (diff) | |
download | chromium_src-a808341e8c2ff9350ede2546dffcf5eb1e9addb4.zip chromium_src-a808341e8c2ff9350ede2546dffcf5eb1e9addb4.tar.gz chromium_src-a808341e8c2ff9350ede2546dffcf5eb1e9addb4.tar.bz2 |
Linux Sandbox: make sure Credentials test pass on TSAN
Disable some failing tests and remove security check for
being single threaded.
Looks like TSAN may fundamentally not be compatible with
unprivileged namespaces, presumably because the kernel won't let
use them if sharing CLONE_FS and friends with non-threads.
BUG=461492
TBR=mdempsky
Review URL: https://codereview.chromium.org/952993005
Cr-Commit-Position: refs/heads/master@{#317921}
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/linux/services/credentials.cc | 11 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.h | 1 | ||||
-rw-r--r-- | sandbox/linux/tests/unit_tests.h | 8 |
3 files changed, 20 insertions, 0 deletions
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc index c8c679d..6f84a66 100644 --- a/sandbox/linux/services/credentials.cc +++ b/sandbox/linux/services/credentials.cc @@ -22,6 +22,7 @@ #include "base/process/launch.h" #include "base/template_util.h" #include "base/third_party/valgrind/valgrind.h" +#include "build/build_config.h" #include "sandbox/linux/services/namespace_utils.h" #include "sandbox/linux/services/proc_util.h" #include "sandbox/linux/services/syscall_wrappers.h" @@ -133,7 +134,11 @@ void CheckCloneNewUserErrno(int error) { bool Credentials::DropAllCapabilities(int proc_fd) { DCHECK_LE(0, proc_fd); +#if !defined(THREAD_SANITIZER) + // With TSAN, accept to break the security model as it is a testing + // configuration. CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); +#endif ScopedCap cap(cap_init()); CHECK(cap); @@ -172,6 +177,12 @@ bool Credentials::CanCreateProcessInNewUserNS() { return false; } +#if defined(THREAD_SANITIZER) + // With TSAN, processes will always have threads running and can never + // enter a new user namespace with MoveToNewUserNS(). + return false; +#endif + // This is roughly a fork(). const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0); diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h index 6b37d49..9143561 100644 --- a/sandbox/linux/services/credentials.h +++ b/sandbox/linux/services/credentials.h @@ -56,6 +56,7 @@ class SANDBOX_EXPORT Credentials { // change. // If this call succeeds, the current process will be granted a full set of // capabilities in the new namespace. + // This will fail if the process is not mono-threaded. static bool MoveToNewUserNS() WARN_UNUSED_RESULT; // Remove the ability of the process to access the file system. File diff --git a/sandbox/linux/tests/unit_tests.h b/sandbox/linux/tests/unit_tests.h index 6f150ac..bf0a44f 100644 --- a/sandbox/linux/tests/unit_tests.h +++ b/sandbox/linux/tests/unit_tests.h @@ -38,6 +38,14 @@ bool IsRunningOnValgrind(); #define DISABLE_ON_TSAN(test_name) test_name #endif // defined(THREAD_SANITIZER) +#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ + defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ + defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) +#define DISABLE_ON_SANITIZERS(test_name) DISABLED_##test_name +#else +#define DISABLE_ON_SANITIZERS(test_name) test_name +#endif + #if defined(OS_ANDROID) #define DISABLE_ON_ANDROID(test_name) DISABLED_##test_name #else |