Comment #6 on issue 26527 by [email protected]: Make seccomp and setuid sandboxes run together http://code.google.com/p/chromium/issues/detail?id=26527
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=31372
------------------------------------------------------------------------
r31372 | [email protected] | 2009-11-06 22:09:38 -0800 (Fri, 06 Nov 2009)
| 6 lines
Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/zygote_main_linux.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/renderer/renderer_main_platform_delegate_linux.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/access.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/clone.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/exit.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/ioctl.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/ipc.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/madvise.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/maps.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/maps.h?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/mmap.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/mprotect.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/munmap.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/open.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/sandbox.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/sandbox.h?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/sandbox_impl.h?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/securemem.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/socketcall.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/stat.cc?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/syscall_table.h?r1=31372&r2=31371
M
http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/seccomp/trusted_process.cc?r1=31372&r2=31371
Allow the seccomp sandbox to be enabled, even if the suid sandbox has
already put a chroot() jail around it. The only tricky part is access
to /proc/self/maps, but we can safely pass in an open file descriptor.
BUG=26527
Review URL: http://codereview.chromium.org/371047
------------------------------------------------------------------------
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
