summaryrefslogtreecommitdiffstats
path: root/content/zygote
Commit message (Collapse)AuthorAgeFilesLines
* Support for loading libpeerconnection dynamically instead of statically.tommi@chromium.org2013-05-011-0/+4
| | | | | | | | | | | | | | | | | | | | This means that instead of using shared_library as the target type for libpeerconnection, we'll support loadable_module. This fixes issues with test binaries that would otherwise unnecessarily depend on libpeerconnection in shared builds. The renderer now loads and initializes the module just before initializing the sandbox. I'm also enabling logging in the module since we can now do that after the process CommandLine instance has been initialized. The output directory on linux is now always the lib/ subfolder of the build directory. This is so that FILES.cfg and installer scripts will find it reliably. Make builds would previuosly put it in lib.target/ whereas ninja already used lib/. (lib/ is also the folder the installer will use) BUG=232402,233173,235379,235380 R=jam@chromium.org, jln@chromium.org, mark@chromium.org, ronghuawu@chromium.org Review URL: https://codereview.chromium.org/14021012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@197679 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: more paranoid checks at initializationjln@chromium.org2013-05-012-7/+1
| | | | | | | | | | | | | | | | We're worried that InitializeSandbox() will be called multithreaded, so we make sure to keep a file descriptor to /proc around, in Debug mode, to be able to count threads. Now that seccomp-legacy has been removed, we also simplify the code around pre-initialization. BUG=162334 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/14411008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@197520 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: make CHROMIUM_SELINUX compile againjln@chromium.org2013-04-301-1/+1
| | | | | | | | | | | https://codereview.chromium.org/12764009 broke CHROMIUM_SELINUX compilation. TBR=reed1 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/14579002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@197416 0039d316-1c4b-4281-b951-d872f2087c98
* Fix issue 233464 by defining Zygote::kMagicSandboxIPCDescriptor in ↵glider@chromium.org2013-04-241-0/+2
| | | | | | | | | | zygote_linux.cc BUG=233464 Review URL: https://codereview.chromium.org/14362025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@196168 0039d316-1c4b-4281-b951-d872f2087c98
* Fix ZygoteMain() prototype: it returns a bool, not an intmdempsky@google.com2013-04-132-0/+20
| | | | | | Review URL: https://chromiumcodereview.appspot.com/14076006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@194064 0039d316-1c4b-4281-b951-d872f2087c98
* re-land 187283 -- switch to skia's version of SkFontHost_fontconfigreed@google.com2013-03-121-5/+5
| | | | | | | add suppressions.txt to account for global typeface cache Review URL: https://codereview.chromium.org/12764009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@187572 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 187283reed@google.com2013-03-111-5/+5
| | | | | | | | | | | | | | | | | memcheck reported errors which need to be investigated > Call version of SkFontHost_fontconfig in Skia (cloned from here). > Retool the direct/remove plumbing to use SkFontConfigInterface. > > This change allows Skia to interate on the details of SkFontHost w/o having > to synchromize with chrome on each change. It also means Skia's internal testing > can exercise exactly the same config that Chrome does. > Review URL: https://codereview.chromium.org/12391070 TBR=reed@google.com Review URL: https://codereview.chromium.org/12771003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@187287 0039d316-1c4b-4281-b951-d872f2087c98
* Call version of SkFontHost_fontconfig in Skia (cloned from here).reed@google.com2013-03-111-5/+5
| | | | | | | | | | | Retool the direct/remove plumbing to use SkFontConfigInterface. This change allows Skia to interate on the details of SkFontHost w/o having to synchromize with chrome on each change. It also means Skia's internal testing can exercise exactly the same config that Chrome does. Review URL: https://codereview.chromium.org/12391070 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@187283 0039d316-1c4b-4281-b951-d872f2087c98
* content_shell: fix linux ENABLE_PLUGIN=0 buildmsb@chromium.org2013-02-271-1/+2
| | | | | | | | | | | | | | | Fixes the following build errors: ../../../../../../../home/mandeep/chrome_root/src/content/zygote/zygote_main_linux.cc:280: error: undefined reference to 'content::PepperPluginRegistry::PreloadModules()' obj/content/libcontent_app.a(obj/content/app/content_app.content_main_runner.o):content_main_runner.cc:function content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*)::kMainFunctions: error: undefined reference to 'content::PpapiPluginMain(content::MainFunctionParams const&)' BUG=none Review URL: https://chromiumcodereview.appspot.com/12316078 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@184836 0039d316-1c4b-4281-b951-d872f2087c98
* Move file_path.h to base/files.brettw@chromium.org2013-02-241-1/+1
| | | | | | TBR=sky git-svn-id: svn://svn.chromium.org/chrome/trunk/src@184344 0039d316-1c4b-4281-b951-d872f2087c98
* Use SOCK_SEQPACKET for synchronous IPC.glider@google.com2013-01-182-10/+10
| | | | | | | | | | | | | | This is a copy of https://codereview.chromium.org/11738003 by mnissler@chromium.org SOCK_DGRAM fails in case the other end of the connection dies before sending a reply. This causes recvmsg() calls on the socket to hang, which results in stuck processes sticking around after running tests. BUG=chromium:166528 TEST=No more stuck --type=zygote processes in browser_tests and content_browsertests. Review URL: https://codereview.chromium.org/11823024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@177638 0039d316-1c4b-4281-b951-d872f2087c98
* NaCl: Clean up file descriptor setup in nacl_helper on linuxmseaborn@chromium.org2013-01-101-2/+1
| | | | | | | | | | | | | | | | | There is no need to be using dup2() to set up an FD with a fixed number; this risks overwriting an FD. The point of base::GlobalDescriptors is that it provides a level of indirection that allows any FD number to be used. Remove kNaClBrowserDescriptor. Remove the browserdesc argument that is not used for anything other than an assertion and so isn't needed. BUG=https://code.google.com/p/nativeclient/issues/detail?id=2096 TEST=NaCl tests in browser_tests Review URL: https://codereview.chromium.org/11819021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@176106 0039d316-1c4b-4281-b951-d872f2087c98
* NaCl: Remove unused "sandboxed_" field and argument from NaClForkDelegatemseaborn@chromium.org2013-01-091-2/+1
| | | | | | | | | BUG=none TEST=any NaCl test on Linux Review URL: https://codereview.chromium.org/11819022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175901 0039d316-1c4b-4281-b951-d872f2087c98
* Roll ICU and convert include style to standard Chromium style,phajdan.jr@chromium.org2013-01-071-1/+1
| | | | | | | | | | i.e. third_party/... BUG=165264 Review URL: https://codereview.chromium.org/11734021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175399 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: inform the Zygote when it's waiting on a dead processjln@chromium.org2012-12-061-2/+17
| | | | | | | | | | | | | | | | | If the browser calls ProcessDied() and asks the Zygote to wait (without blocking) on a dead process, the kernel might not be done destroying it and the Zygote may mistakenly claim that the process is alive. We now inform the Zygote over the IPC that the process is already dead so that it can wait synchroneously. BUG=157458 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11316261 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@171450 0039d316-1c4b-4281-b951-d872f2087c98
* Move eintr_wrapper.h from base to base/posixbrettw@chromium.org2012-11-142-2/+2
| | | | | | Review URL: https://codereview.chromium.org/11366229 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@167739 0039d316-1c4b-4281-b951-d872f2087c98
* Move global_descriptors to base/posix.brettw@chromium.org2012-11-091-1/+1
| | | | | | | | | | This file represents a posix-only concept. BUG= Review URL: https://codereview.chromium.org/11293210 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@167008 0039d316-1c4b-4281-b951-d872f2087c98
* Move content's a plugin, ppapi_plugin, utility, and worker subdirectories to ↵jam@chromium.org2012-10-211-1/+1
| | | | | | | | the content namespace. Review URL: https://codereview.chromium.org/11231016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@163210 0039d316-1c4b-4281-b951-d872f2087c98
* linux: Crash browser on too-big messages to zygote.derat@chromium.org2012-10-121-2/+1
| | | | | | | | | | | | | | | | | | | This adds CHECKs to the browser if it attempts to send a message to the zygote that exceeds the maximum message size (which causes an EMSGSIZE error in the zygote) or that contains too many file descriptors. I'm hoping that this will help make the source of the problem more apparent when we hit the message size limit, which we appear to have done multiple times (it was originally 1 KB and is now 2 KB). BUG=154409 Review URL: https://chromiumcodereview.appspot.com/11108019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161645 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-83/+20
| | | | | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. (Note: this is a re-land of https://chromiumcodereview.appspot.com/10826093/ with a trivial fix for ARM architectures). BUG= TBR=piman@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10843059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149734 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 149692 - Create a LinuxSandbox class.mazda@chromium.org2012-08-023-20/+83
| | | | | | | | | | | | | | | | | | | | r149692 broke ChromiumOS (tegra2) build. The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10837081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149705 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-83/+20
| | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149692 0039d316-1c4b-4281-b951-d872f2087c98
* Create a new SetuidSandboxClient class.jln@chromium.org2012-07-231-57/+27
| | | | | | | | | | | | We move the setuid sandbox "client" code to its own location in /sandbox/linux/suid/client and we create a SetuidSandboxClient class to use it. NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10807059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147993 0039d316-1c4b-4281-b951-d872f2087c98
* Share the zygote's fopen overrides with nacl_helper.ncbray@chromium.org2012-07-131-134/+2
| | | | | | | | | | | | | | This will allow ChromeOS's version of NSS to initialize inside of nacl_helper without killing the process, which in turn allows validation caching to be enabled on ChromeOS. BUG= https://code.google.com/p/chromium/issues/detail?id=134538 TEST= none Review URL: https://chromiumcodereview.appspot.com/10736017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146498 0039d316-1c4b-4281-b951-d872f2087c98
* Add Julien Tinnes as OWNER of Linux sandboxing and Zygotejln@chromium.org2012-07-091-2/+1
| | | | | | | | | | | | | | Add Chris Evans as OWNER of sandbox/ Set noparent in sandbox/ BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10753003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145756 0039d316-1c4b-4281-b951-d872f2087c98
* clang: -Wunused-private-field cleanups, linux editionthakis@chromium.org2012-07-032-1/+5
| | | | | | | | | | BUG=none TEST=none TBR=owners Review URL: https://chromiumcodereview.appspot.com/10694068 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145319 0039d316-1c4b-4281-b951-d872f2087c98
* Omit -w from ASan CFLAGS and fix a warning.eugenis@chromium.org2012-06-141-0/+3
| | | | | | | | | | | BUG=None TEST=nothing breaks TBR=cevans@chromium.org Review URL: https://chromiumcodereview.appspot.com/10535162 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142151 0039d316-1c4b-4281-b951-d872f2087c98
* Setuid sandbox API versioningjln@chromium.org2012-06-051-2/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We introduce API versioning to the setuid sandbox and issue warnings when the versions Chrome and the Sandbox expect are different. 1. The Zygote launcher in the browser will export the API version it expects to the environment. 2. The setuid sandbox will match its own version with the one in the environment. 3. Afterwards, it will export the API it provides to the environment for the sandboxed process. 4. The Zygote (the sandboxed process) will in turn check for the API number. The double check is needed because a version of the browser or of the setuid sandbox that does check for API could co-exist with a version that does not. The various utilities that are part of the setuid sandbox are not versioned because they have callers that are external to Chrome (in ChromeOS). When environment variables are not found, we assume version 0. Since the API is for now set to 0, this change will not produce any warning at the moment. BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10492006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140456 0039d316-1c4b-4281-b951-d872f2087c98
* Tighten up DEPS some more. NaCl/service process code are including internal ↵jam@chromium.org2012-06-042-4/+4
| | | | | | | | | content files. Fix the instances other sandbox stuff, which I'll do in a followup. BUG=98716 Review URL: https://chromiumcodereview.appspot.com/10512010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140346 0039d316-1c4b-4281-b951-d872f2087c98
* Fix SELinux build after refactoring of the zygote ↵phajdan.jr@chromium.org2012-06-022-25/+25
| | | | | | | | | | (https://chromiumcodereview.appspot.com/10356144). This is just moving code without changes. BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10453114 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140184 0039d316-1c4b-4281-b951-d872f2087c98
* Zygote Init: close all file descriptors properlyjln@chromium.org2012-06-011-3/+6
| | | | | | | | | | | | | The file descriptor for the socketpair used for the Zygote init process to synchronize with its child was not closed properly. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10456079 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139983 0039d316-1c4b-4281-b951-d872f2087c98
* Created new OWNERS file for content/zygote/*. Added markus@chromium andmarkus@chromium.org2012-06-011-0/+4
| | | | | | | | | | | cevans@chromium as initial owners. Will add jln@chromium as soon as possible. BUG=n/a TEST=n/a Review URL: https://chromiumcodereview.appspot.com/10459052 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139936 0039d316-1c4b-4281-b951-d872f2087c98
* Cleanup: Remove the C version of GetUrandomFD()mseaborn@chromium.org2012-05-301-5/+4
| | | | | | | | | | | | | | | | | | | I originally added this in a #includable-from-C header so that it could be #included from NaCl-side code. However, having NaCl #include Chromium headers is not a clean interface, and this has since been replaced by runtime dependency injection. We move the function to a C++ header and put it into a namespace. Also fix the error return value for UrandomFD() so that it can't be confused with stdin. BUG=http://code.google.com/p/nativeclient/issues/detail?id=2655 TEST=build Review URL: https://chromiumcodereview.appspot.com/10446043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139537 0039d316-1c4b-4281-b951-d872f2087c98
* Zygote: warn if setuid sandbox is acting as initjln@chromium.org2012-05-261-8/+19
| | | | | | | | | | | | | | | | On Linux, when the setuid sandbox is used, Zygote now acts as the init process for the new PID namespace. Log an error if for some reason we didn't get to become init. One reason could be using certain older versions of the setuid binary that acted as init. BUG= TEST="Run Chrome with a deprecated setuid sandbox binary" Review URL: https://chromiumcodereview.appspot.com/10452025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139191 0039d316-1c4b-4281-b951-d872f2087c98
* Roll the revision of the seccomp sandbox forward. In the process, we alsomarkus@chromium.org2012-05-232-7/+9
| | | | | | | | | | | | fixed a missing include file in the zygote, that effectively disabled the entire sandbox. This apparently happened recently, when the zygote code was refactored. BUG=n/a TEST=SECCOMP_SANDBOX_DEBUGGING=1 ./out/Debug/chrome --enable-seccomp-sandbox, then verify that the sandbox is actually activated; it should be printing log data to the console Review URL: https://chromiumcodereview.appspot.com/10407036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138521 0039d316-1c4b-4281-b951-d872f2087c98
* Have Zygote fork a init-like process if requiredjln@chromium.org2012-05-231-0/+83
| | | | | | | | | | | | | | When we use the setuid sandbox, Zygote may get launched in a new PID namespace, with pid == 1. In that case we need to act as a init process and reap zombies. BUG=125821,109944 TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10417019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138409 0039d316-1c4b-4281-b951-d872f2087c98
* Zygote: create variables for magic fd numbersjln@chromium.org2012-05-221-3/+1
| | | | | | | | | | | | | | The magic number "7" was used across source files to denote the file descriptor for the dummy fd. BUG=None TEST=None NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10392176 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138269 0039d316-1c4b-4281-b951-d872f2087c98
* zygote: Redirect 64-bit libc localtime and localtime_r routines.hshi@chromium.org2012-05-161-2/+60
| | | | | | | | | | BUG=128053 TEST=locally tested on lumpy Review URL: https://chromiumcodereview.appspot.com/10399043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137560 0039d316-1c4b-4281-b951-d872f2087c98
* Split the Zygote class out of zygote_main_linux and into its own file.brettw@chromium.org2012-05-133-507/+633
| | | | | | | | | | | | | | | | | | | Reland of 135902 but with a file that was missing from the final commit. Original review=http://codereview.chromium.org/10383056 This is mostly just copying code. There were a few things I changed because some file-static state was shared between functions in the class and other functions in zygote_main_linux: - I changed g_proc_fd to be an argument to the constructor of the Zygote class. - I removed the global g_using_suid_sandbox and make EnterSandbox have an out param that returns this value. Then I set the sandbox_flags based on that flag rather than the myserious SBX_D environment variable (this variable is used to compute the using_suid_sandbox flag except it may not actually work on some systems, so I think the new code is more correct. Since the flag is set according to the sandbox state, I have the Zygote object check for the presence of this in the sandbox_flags member rather than the old globla. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10356144 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136791 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 135902 - Split the Zygote class out of zygote_main_linux and into its ↵jennb@chromium.org2012-05-082-600/+0
| | | | | | | | | | | | | | | | | | | | | | | | | own file. Causes Linux ChromiumOS Tests failures http://build.chromium.org/p/chromium.chromiumos/builders/Linux%20ChromiumOS%20Tests%20%28dbg%29%283%29/builds/2647 This is mostly just copying code. There were a few things I changed because some file-static state was shared between functions in the class and other functions in zygote_main_linux: - I changed g_proc_fd to be an argument to the constructor of the Zygote class. - I removed the global g_using_suid_sandbox and make EnterSandbox have an out param that returns this value. Then I set the sandbox_flags based on that flag rather than the myserious SBX_D environment variable (this variable is used to compute the using_suid_sandbox flag except it may not actually work on some systems, so I think the new code is more correct. Since the flag is set according to the sandbox state, I have the Zygote object check for the presence of this in the sandbox_flags member rather than the old globla. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10383056 TBR=brettw@chromium.org Review URL: https://chromiumcodereview.appspot.com/10383074 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135910 0039d316-1c4b-4281-b951-d872f2087c98
* Split the Zygote class out of zygote_main_linux and into its own file.brettw@chromium.org2012-05-082-0/+600
| | | | | | | | | | | | | | | | | This is mostly just copying code. There were a few things I changed because some file-static state was shared between functions in the class and other functions in zygote_main_linux: - I changed g_proc_fd to be an argument to the constructor of the Zygote class. - I removed the global g_using_suid_sandbox and make EnterSandbox have an out param that returns this value. Then I set the sandbox_flags based on that flag rather than the myserious SBX_D environment variable (this variable is used to compute the using_suid_sandbox flag except it may not actually work on some systems, so I think the new code is more correct. Since the flag is set according to the sandbox state, I have the Zygote object check for the presence of this in the sandbox_flags member rather than the old globla. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10383056 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135902 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Linux zygote stuff into its own per-process directory.brettw@chromium.org2012-05-081-0/+1017
The zygote is really a separate process and doesn't belong in the browser subdirectory. I separated out the common constants used for communication into content/[public/]/common so the zygote code doesn't depend on browser. This leaves zygote_main_linux alone in its own directory. I'm going to be doing some more refactoring and probably adding a new file or two here. This does not yet add a new build target for the zygot process. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10388013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135891 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-03-12 19:08:44 +0000