summaryrefslogtreecommitdiffstats
path: root/sandbox/linux
Commit message (Collapse)AuthorAgeFilesLines
* Minor fix for gcc builidng problem.shenhan@google.com2012-10-191-1/+2
| | | | | | | | | | | | Added explicit type conversion in initilization list. BUG=None TEST=Built using gcc 4.7. Review URL: https://chromiumcodereview.appspot.com/11193050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162945 0039d316-1c4b-4281-b951-d872f2087c98
* SANDBOX-BPF: Initial version of the updated code generator.markus@chromium.org2012-10-1914-153/+1469
| | | | | | | | | | | | | | | | | | | | | | | | | | | New code generator that is more generic and can automatically reorder instructions to meet the constraints of BPF programs. Previously, we were very careful to emit instructions in just the right order so that there would only ever be forward jumps. As we add more features to our BPF programs, this code is getting fragile. So, instead, we now use standard compiler techniques; we first build a graph of all the instructions, then we split them into basic blocks, we perform some basic optimizations (at the moment, this is just the merging of common tails of instructions), we sort the basic blocks topologically, and then we reassemble all the blocks into a BPF program. There should be no functional change, but this code is the pre-requisite for upcoming changes. BUG=130662 TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10690011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162924 0039d316-1c4b-4281-b951-d872f2087c98
* Add a platform-specific syscall number iterator.jorgelo@chromium.org2012-10-159-107/+401
| | | | | | | | | | | | | | | Avoid needlessly expensive scanning of system call ranges. This CL improves how we deal with discontiguous ranges of system call numbers. (Original CL by markus@chromium.org) TEST=sandbox_linux_unittests on x86_64 and ARM BUG=148856 Review URL: https://chromiumcodereview.appspot.com/11096012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161943 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: handle EINTR in error reporting setup.jln@chromium.org2012-10-111-3/+8
| | | | | | | | | | | | | | | Wrap dup2 with HANDLE_EINTR in the error reporting set-up for the BPF support detection process. We also print errno as an attempt to obtain more information on this puzzling bug. BUG=152530 Review URL: https://chromiumcodereview.appspot.com/11103021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161443 0039d316-1c4b-4281-b951-d872f2087c98
* Fix sandbox_bpf_unittest compile on ARMjorgelo@chromium.org2012-09-151-1/+1
| | | | | | | | | | BUG=None TEST=Compile and run sandbox_linux_unittests on ARM. Review URL: https://chromiumcodereview.appspot.com/10908270 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156944 0039d316-1c4b-4281-b951-d872f2087c98
* Refactored ErrorCode into it's own class. Removed operators and made themmarkus@chromium.org2012-08-3113-162/+449
| | | | | | | | | | | | | | | | explicit functions. Added code that allows testing of the sandbox infrastructure with Valgrind (this currently only works when building with the Makefile; we still need to decide if and how we want to expose this to our unittests). Added a way to unittest the ErrorCode class. BUG=n/a TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10833044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154397 0039d316-1c4b-4281-b951-d872f2087c98
* Simplified unit testing of sandboxing code. We now have helper methods that ↵markus@chromium.org2012-08-2713-229/+453
| | | | | | | | | | | | | | | | | | | | | run all tests inside their own processes. And we have another set of helpers that ensure we actually set a sandboxing policy and don't forget to start the sandbox prior to running the tests. Also simplified the handling of unexpected failure and termination of the sandbox'd process. TODO: we still don't have a good story for testing fatal errors. We will eventually need some form of exit tests. BUG=n/a TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10878033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153555 0039d316-1c4b-4281-b951-d872f2087c98
* Add full ARM syscall list.jorgelo@chromium.org2012-08-212-12/+1361
| | | | | | | | | | BUG=141157 TEST=Build and boot on daisy, check about:sandbox for "Seccomp-BPF Yes". Review URL: https://chromiumcodereview.appspot.com/10837316 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152448 0039d316-1c4b-4281-b951-d872f2087c98
* Add ARM syscalls to syscall sets.jorgelo@chromium.org2012-08-171-0/+4
| | | | | | | | | | BUG=141157 TEST=Build and boot on daisy. Review URL: https://chromiumcodereview.appspot.com/10830348 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152164 0039d316-1c4b-4281-b951-d872f2087c98
* Correct style issues in Linux sandbox code.jln@chromium.org2012-08-173-7/+10
| | | | | | | | NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10818015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152123 0039d316-1c4b-4281-b951-d872f2087c98
* Add basic ARM policy to seccomp-bpf sandbox.jorgelo@chromium.org2012-08-151-0/+28
| | | | | | | | | | BUG=141157 TEST=about:sandbox on daisy shows "Seccomp-BPF Yes". Review URL: https://chromiumcodereview.appspot.com/10836243 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151650 0039d316-1c4b-4281-b951-d872f2087c98
* Add basic ARM support to the seccomp-bpf sandbox.jorgelo@chromium.org2012-08-104-31/+86
| | | | | | | | | | BUG=141157 TEST=unit tests on daisy. Review URL: https://chromiumcodereview.appspot.com/10827223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151007 0039d316-1c4b-4281-b951-d872f2087c98
* Setuid sandbox unittest: fix environment.jln@chromium.org2012-08-091-0/+12
| | | | | | | | | | | Don't pollute LD_PRELOAD in the environment after a test runs. BUG= Review URL: https://chromiumcodereview.appspot.com/10823251 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150739 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp: always call setSandboxPolicy in unittest.jln@chromium.org2012-08-091-1/+6
| | | | | | | | | | | | In seccomp-bpf unittest, we now call setSandboxPolicy even if we have no kernel support for seccomp-bpf. BUG=141545 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10837178 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150690 0039d316-1c4b-4281-b951-d872f2087c98
* Remove X32 syscalls numbers from x86_64_linux_syscalls.hjln@chromium.org2012-08-071-116/+0
| | | | | | | | | | | | | | | There was a bug where X32 syscalls were included in x86_64_linux_syscalls.h. Thankfully, the "#if defined" guard prevented those lines from actually doing anything. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826190 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150428 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: add our own headers for system call numbers.jln@chromium.org2012-08-073-0/+2801
| | | | | | | | | BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10825227 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150390 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-3/+19
| | | | | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. (Note: this is a re-land of https://chromiumcodereview.appspot.com/10826093/ with a trivial fix for ARM architectures). BUG= TBR=piman@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10843059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149734 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 149692 - Create a LinuxSandbox class.mazda@chromium.org2012-08-023-19/+3
| | | | | | | | | | | | | | | | | | | | r149692 broke ChromiumOS (tegra2) build. The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10837081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149705 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-3/+19
| | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149692 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox unit test: log BPF supportjln@chromium.org2012-07-311-1/+11
| | | | | | | | | | Write whether or not the kernel supports seccomp BPF on stdout when running unit tests. Review URL: https://chromiumcodereview.appspot.com/10834075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149233 0039d316-1c4b-4281-b951-d872f2087c98
* Fix gcc 4.7 building problems - cont 2.shenhan@google.com2012-07-262-0/+2
| | | | | | | | | | | | | | | | | (The gcc 4.7 building problems keep popping up as I sync the repo, so there are several "fix gcc 4.7 .." cls.) Fixes include - - added static_cast for narrowing conversion in simple(short) initiliazation lists - added explicit <unistd.h> inclusion BUG=None TEST=Built successfully using GCC-4.7 under linux and under chromeos chroot. Review URL: https://chromiumcodereview.appspot.com/10833017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148519 0039d316-1c4b-4281-b951-d872f2087c98
* Fixed coverity defects pertaining to pass-by-value use where ↵orenb@chromium.org2012-07-252-2/+2
| | | | | | | | | | | | | | pass-by-reference is preferred CID_COUNT=3 CID=(104210, 104215),104237,104238 BUG= TEST= TBR=jln,bolms,brettw Review URL: https://chromiumcodereview.appspot.com/10825016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148437 0039d316-1c4b-4281-b951-d872f2087c98
* Coverity: Initialize member variables.jhawkins@chromium.org2012-07-251-1/+4
| | | | | | | | | | | | | CID_COUNT=6 CID=103934,104157,[104037,104088,104089,104091],104223,104241,104263 BUG=none TEST=none R=tbreisacher TBR=brettw Review URL: https://chromiumcodereview.appspot.com/10830013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148432 0039d316-1c4b-4281-b951-d872f2087c98
* Create a new SetuidSandboxClient class.jln@chromium.org2012-07-238-47/+389
| | | | | | | | | | | | We move the setuid sandbox "client" code to its own location in /sandbox/linux/suid/client and we create a SetuidSandboxClient class to use it. NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10807059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147993 0039d316-1c4b-4281-b951-d872f2087c98
* Move sandbox/sandbox_linux.gypi to sandbox/linuxjln@chromium.org2012-07-181-0/+104
| | | | | | | | | | | | Make it symmetrical with the Windows version. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10808003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147291 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp Sandbox: detect a bug with old glibcsjln@chromium.org2012-07-162-6/+46
| | | | | | | | | | | | | | With some version of the Seccomp BPF kernel patch, an old glibc and a kernel using vsyscall=emulate would cause a SIGKILL under a seccomp BPF policy. We now detect this condition in supportsSeccompSandbox(). BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10703183 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146902 0039d316-1c4b-4281-b951-d872f2087c98
* Share the zygote's fopen overrides with nacl_helper.ncbray@chromium.org2012-07-132-0/+184
| | | | | | | | | | | | | | This will allow ChromeOS's version of NSS to initialize inside of nacl_helper without killing the process, which in turn allows validation caching to be enabled on ChromeOS. BUG= https://code.google.com/p/chromium/issues/detail?id=134538 TEST= none Review URL: https://chromiumcodereview.appspot.com/10736017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146498 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the rest of #pragma once in one big CL.ajwong@chromium.org2012-07-113-3/+0
| | | | | | | | | For context see this thread: https://groups.google.com/a/chromium.org/forum/?fromgroups#!topic/chromium-dev/RMcVNGjB4II TBR=thakis,pkasting,jam git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146163 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp-BPF: add a new synthetic unittestjln@chromium.org2012-07-091-0/+59
| | | | | | | | | | | | This adds a synthetic but slightly more complex unittest for the BPF compiler. BUG=130662 TEST= Review URL: https://chromiumcodereview.appspot.com/10693019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145800 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: add a unittest for a SIGSYS handlerjln@chromium.org2012-06-261-0/+52
| | | | | | | | | | BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10666032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144210 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: add a simple whitelist unittestjln@chromium.org2012-06-232-22/+113
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10663011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143804 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox BPF: add basic unittestsjln@chromium.org2012-06-221-1/+53
| | | | | | | | | | | | | | | | We add our first basic unittests: - Calling Sandbox::supportsSeccompSandbox twice should work fine - We install and test a basic policy that forbids nanosleep() BUG=None TEST=None NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10641015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143728 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: initial structure for unittestsjln@chromium.org2012-06-222-0/+20
| | | | | | | | | | | | | | | | - On Linux, support a new sandbox_linux_unittests target - Add a new seccomp_bpf_unittests target as a dependency of the global sandbox_linux_unittests target. - Integrate globally as a chromium_builder_tests dependency BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10635006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143549 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp bpf: make more of the Sandbox class privatejln@chromium.org2012-06-221-3/+3
| | | | | | | | | | | | | | - The Sandbox Class is not supposed to be instantiated for now, so we disallow construction - Move friends declaration to the private part BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10629009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143543 0039d316-1c4b-4281-b951-d872f2087c98
* Fix compilation error triggered by gcc-4.7+ running in C++-11 mode.markus@chromium.org2012-06-171-1/+2
| | | | | | | | | | | | Verified that this change list makes the code build with 4.8.0 20120615 BUG=n/a TEST=build with gcc 4.7 or more recent Review URL: https://chromiumcodereview.appspot.com/10556028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142649 0039d316-1c4b-4281-b951-d872f2087c98
* Use binary search to optimize code generation for BPF filters.markus@chromium.org2012-06-153-38/+123
| | | | | | | | | | BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10538075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142365 0039d316-1c4b-4281-b951-d872f2087c98
* Added support for SECCOMP_RET_TRAP handlers.markus@chromium.org2012-06-154-97/+330
| | | | | | | | | | | | | | | | | When setting a sandbox policy, the user has to write a system call evaluator function. This function is passed a system call number and returns a suitable ErrorCode (e.g. an "errno" value). This change list extends ErrorCode, so that in addition to static "errno" values, the system call evaluator can also request that a callback gets called. This allows the sandbox to handle system calls in user space. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10533076 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142353 0039d316-1c4b-4281-b951-d872f2087c98
* Instead of outputting one BPF check per possible system call coalescemarkus@chromium.org2012-06-153-53/+177
| | | | | | | | | | | | | | | | | | | | | | | all system calls that are supposed to be treated identically. This change list depends on https://chromiumcodereview.appspot.com/10546041/ These changes should address the immediate concerns about inefficient BPF evaluation of system calls. But they are only the first step in the process of us generating an optimal BPF program. We are still missing the compilation of the binary search tree. That is going to be the next change list in this series. But for the benefit of better reviewability, I split the changes into two parts. BUG=130662 TEST=make && demo32 && demo64 Review URL: https://chromiumcodereview.appspot.com/10536048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142295 0039d316-1c4b-4281-b951-d872f2087c98
* Added a new Verifier class to the BPF compiler.markus@chromium.org2012-06-145-8/+284
| | | | | | | | | | | | | | | This class ensures that the generated BPF program does in fact represent the filters that we were asked to compile. Having a verifier will allow us to make more aggressive optimizations in the future without having to worry that we generate invalid code. BUG=130662 TEST=make && demo32 && demo64 Review URL: https://chromiumcodereview.appspot.com/10546041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142258 0039d316-1c4b-4281-b951-d872f2087c98
* Second try at landing this patch list. This time, we are super careful about ↵markus@chromium.org2012-06-145-25/+75
| | | | | | | | | | | | | | checking all return values from HANDLE_EINTR(). Original CL: https://chromiumcodereview.appspot.com/10545100/ TEST=make && ./demo32 && ./demo64 BUG=130662 Review URL: https://chromiumcodereview.appspot.com/10542149 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142184 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 141938 - Improve logging, if we fail due to an internal error when ↵sergeyu@chromium.org2012-06-132-65/+19
| | | | | | | | | | | | | | executing supportsSeccompSandbox(). Previously, we would just report that the sandbox is unavailable. That's undesirable behavior, because it would lead the caller to think that they should continue without the sandbox. A simple bug in the sandbox compiler could thus result in us inadvertently disabling sandboxing for all users -- without necessarily noticing this issue for a while. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10545100 TBR=markus@chromium.org Review URL: https://chromiumcodereview.appspot.com/10540145 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141949 0039d316-1c4b-4281-b951-d872f2087c98
* Improve logging, if we fail due to an internal error when executing ↵markus@chromium.org2012-06-132-19/+65
| | | | | | | | | | | supportsSeccompSandbox(). Previously, we would just report that the sandbox is unavailable. That's undesirable behavior, because it would lead the caller to think that they should continue without the sandbox. A simple bug in the sandbox compiler could thus result in us inadvertently disabling sandboxing for all users -- without necessarily noticing this issue for a while. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10545100 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141938 0039d316-1c4b-4281-b951-d872f2087c98
* Avoid all library calls (including calls to destructors) after enabling the ↵markus@chromium.org2012-06-132-17/+38
| | | | | | | | | | | | | | sandbox. This ensures that the sandbox doesn't surprisingly fail, if the user instantiated a particularly strick policy. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10535089 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141851 0039d316-1c4b-4281-b951-d872f2087c98
* Explicitly test bit 30 in the system call number to distinguish between the ↵markus@chromium.org2012-06-082-6/+27
| | | | | | | | | | | | | | | | | new x32 API and older Intel APIs. Also, extend the system call range from 0..512 to 0..1024. This covers the extra system calls added with x32. As x32 isn't widely available yet, we don't add any other code to support it (e.g. we don't build a version of demo.cc that runs in x32). But by explicitly blocking it for i386 and x86-64 we ensure that a "default allow" policy is going to do the right thing. TEST=make && demo32 && demo64 BUG=130662 Review URL: https://chromiumcodereview.appspot.com/10542028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141155 0039d316-1c4b-4281-b951-d872f2087c98
* BPF: Fix status_ not being set properlyjln@chromium.org2012-06-071-2/+2
| | | | | | | | | | | | | | | - A typo prevented status_ from being set properly in supportsSeccompSandbox() - Also fix a warning by explicitly discarding a return value BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10532038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140951 0039d316-1c4b-4281-b951-d872f2087c98
* SVN was apparently quite confused by all the changes that we made during the ↵markus@chromium.org2012-06-063-5/+5
| | | | | | | | | | | | | code review of the initial changelist. And it ended up putting the checked-in files into a different directory than on my local disk. Oops. Instead of renaming the directory, which has the potential to break more things, this changelist just fixes the include paths. The directory name isn't quite ideal, but it is not really that bad either. Just some confusion between hyphens and underscores. BUG=130662 TEST=build with Makefile Review URL: https://chromiumcodereview.appspot.com/10532015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140658 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: bump the setuid sandbox API numberjln@chromium.org2012-06-051-1/+1
| | | | | | | | | | | | | | | | | With this change, the setuid sandbox and the Zygote will start complaining if they expect different API versions. Users will get warning messages if their setuid sandbox is too old and be referred to: https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10536009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140613 0039d316-1c4b-4281-b951-d872f2087c98
* Setuid sandbox API versioningjln@chromium.org2012-06-052-2/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We introduce API versioning to the setuid sandbox and issue warnings when the versions Chrome and the Sandbox expect are different. 1. The Zygote launcher in the browser will export the API version it expects to the environment. 2. The setuid sandbox will match its own version with the one in the environment. 3. Afterwards, it will export the API it provides to the environment for the sandboxed process. 4. The Zygote (the sandboxed process) will in turn check for the API number. The double check is needed because a version of the browser or of the setuid sandbox that does check for API could co-exist with a version that does not. The various utilities that are part of the setuid sandbox are not versioned because they have callers that are external to Chrome (in ChromeOS). When environment variables are not found, we assume version 0. Since the API is for now set to 0, this change will not produce any warning at the moment. BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10492006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140456 0039d316-1c4b-4281-b951-d872f2087c98
* Initial snapshot of the new BPF-enabled seccomp sandbox. This code ismarkus@chromium.org2012-06-046-0/+1087
| | | | | | | | | | | | | | | | | still quite incomplete. In fact, it barely even compiles. You can use the Makefile to experiment with it, but we deliberately have not integrated it with the Chrome build system at this time. The main intention for checking in the code at this point is to give others a chance to take a look at the API. We made a few changes already, and I want to make sure I give everybody an opportunity to speak up, if they still want further revisions of the publicly exposed API. BUG=130662 TEST=build with Makefile, then run demo32 and demo64 Review URL: https://chromiumcodereview.appspot.com/10458040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140407 0039d316-1c4b-4281-b951-d872f2087c98
* Don't fork Zygote as a background processjln@chromium.org2012-06-011-2/+67
| | | | | | | | | | | | | | | | | | | | On Linux, with the setuid sandbox, the Zygote would become a background process of sort because the setuid sandbox would exit. The problem is that the Chrome process tree would be broken because the Zygote would be reparented to init. In turn, this could create issues with the browser not being able to ptrace() the Zygote if certain kernel restrictions are in place (e.g. Yama). BUG=125225 TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10447135 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140104 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-07 11:15:31 +0000