content/public/common/sandbox_linux.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_
   6 #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_
   7
   8 namespace content {
   9
  10 // These form a bitmask which describes the conditions of the Linux sandbox.
  11 // Note: this doesn't strictly give you the current status, it states
  12 // what will be enabled when the relevant processes are initialized.
  13 enum LinuxSandboxStatus {
  14   // SUID sandbox active.
  15   kSandboxLinuxSUID = 1 << 0,
  16
  17   // Sandbox is using a new PID namespace.
  18   kSandboxLinuxPIDNS = 1 << 1,
  19
  20   // Sandbox is using a new network namespace.
  21   kSandboxLinuxNetNS = 1 << 2,
  22
  23   // seccomp-bpf sandbox active.
  24   kSandboxLinuxSeccompBPF = 1 << 3,
  25
  26   // The Yama LSM module is present and enforcing.
  27   kSandboxLinuxYama = 1 << 4,
  28
  29   // seccomp-bpf sandbox is active and the kernel supports TSYNC.
  30   kSandboxLinuxSeccompTSYNC = 1 << 5,
  31
  32   // User namespace sandbox active.
  33   kSandboxLinuxUserNS = 1 << 6,
  34
  35   // A flag that denotes an invalid sandbox status.
  36   kSandboxLinuxInvalid = 1 << 31,
  37 };
  38
  39 }  // namespace content
  40
  41 #endif  // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_