diff options
author | earthdok <earthdok@chromium.org> | 2015-01-27 15:04:08 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-01-27 23:06:25 +0000 |
commit | 748e135c3a799a9a51cdbb1d8a8955c36569db02 (patch) | |
tree | ce93e4db3b10a631f711875fcdeb03bb1983755c /testing/test_env.py | |
parent | d6a9562f0f84619a12d2c259aece8f6574defaa2 (diff) | |
download | chromium_src-748e135c3a799a9a51cdbb1d8a8955c36569db02.zip chromium_src-748e135c3a799a9a51cdbb1d8a8955c36569db02.tar.gz chromium_src-748e135c3a799a9a51cdbb1d8a8955c36569db02.tar.bz2 |
Remove obsolete sandbox disabling logic from testing/test_env.py.
This mirrors the change made to build/runtest.py in
https://codereview.chromium.org/881743004
BUG=245376
R=stip@chromium.org, jln@chromium.org
TBR=mseaborn@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/880053003
Cr-Commit-Position: refs/heads/master@{#313392}
Diffstat (limited to 'testing/test_env.py')
-rwxr-xr-x | testing/test_env.py | 48 |
1 files changed, 11 insertions, 37 deletions
diff --git a/testing/test_env.py b/testing/test_env.py index bfb58b8..3ff56dc 100755 --- a/testing/test_env.py +++ b/testing/test_env.py @@ -17,43 +17,17 @@ CHROME_SANDBOX_ENV = 'CHROME_DEVEL_SANDBOX' CHROME_SANDBOX_PATH = '/opt/chromium/chrome_sandbox' -def should_enable_sandbox(cmd, sandbox_path): - """Return a boolean indicating that the current slave is capable of using the - sandbox and should enable it. This should return True iff the slave is a - Linux host with the sandbox file present and configured correctly.""" - if not (sys.platform.startswith('linux') and - os.path.exists(sandbox_path)): - return False - - # Copy the check in tools/build/scripts/slave/runtest.py. - if '--lsan=1' in cmd: - return False - - sandbox_stat = os.stat(sandbox_path) - if ((sandbox_stat.st_mode & stat.S_ISUID) and - (sandbox_stat.st_mode & stat.S_IRUSR) and - (sandbox_stat.st_mode & stat.S_IXUSR) and - (sandbox_stat.st_uid == 0)): - return True - return False - - -def get_sandbox_env(cmd, env, verbose=False): - """Checks enables the sandbox if it is required, otherwise it disables it. - Returns the environment flags to set.""" +def get_sandbox_env(env): + """Returns the environment flags needed for the SUID sandbox to work.""" extra_env = {} chrome_sandbox_path = env.get(CHROME_SANDBOX_ENV, CHROME_SANDBOX_PATH) - - if should_enable_sandbox(cmd, chrome_sandbox_path): - if verbose: - print 'Enabling sandbox. Setting environment variable:' - print ' %s="%s"' % (CHROME_SANDBOX_ENV, chrome_sandbox_path) - extra_env[CHROME_SANDBOX_ENV] = chrome_sandbox_path - else: - if verbose: - print 'Disabling sandbox. Setting environment variable:' - print ' CHROME_DEVEL_SANDBOX=""' - extra_env['CHROME_DEVEL_SANDBOX'] = '' + # The above would silently disable the SUID sandbox if the env value were + # an empty string. We don't want to allow that. http://crbug.com/245376 + # TODO(jln): Remove this check once it's no longer possible to disable the + # sandbox that way. + if not chrome_sandbox_path: + chrome_sandbox_path = CHROME_SANDBOX_PATH + extra_env[CHROME_SANDBOX_ENV] = chrome_sandbox_path return extra_env @@ -135,7 +109,7 @@ def run_executable(cmd, env): """Runs an executable with: - environment variable CR_SOURCE_ROOT set to the root directory. - environment variable LANGUAGE to en_US.UTF-8. - - environment variable CHROME_DEVEL_SANDBOX set if need + - environment variable CHROME_DEVEL_SANDBOX set - Reuses sys.executable automatically. """ extra_env = {} @@ -144,7 +118,7 @@ def run_executable(cmd, env): # Used by base/base_paths_linux.cc as an override. Just make sure the default # logic is used. env.pop('CR_SOURCE_ROOT', None) - extra_env.update(get_sandbox_env(cmd, env)) + extra_env.update(get_sandbox_env(env)) # Copy logic from tools/build/scripts/slave/runtest.py. asan = '--asan=1' in cmd |