content/public/common/sandbox_linux.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_
   6 #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_
   7
   8 namespace content {
   9
  10 // These form a bitmask which describes the conditions of the Linux sandbox.
  11 // Note: this doesn't strictly give you the current status, it states
  12 // what will be enabled when the relevant processes are initialized.
  13 enum LinuxSandboxStatus {
  14   // SUID sandbox active.
  15   kSandboxLinuxSUID = 1 << 0,
  16
  17   // SUID sandbox is using the PID namespace.
  18   kSandboxLinuxPIDNS = 1 << 1,
  19
  20   // SUID sandbox is using the network namespace.
  21   kSandboxLinuxNetNS = 1 << 2,
  22
  23   // seccomp-bpf sandbox active.
  24   kSandboxLinuxSeccompBPF = 1 << 3,
  25
  26   // The Yama LSM module is present and enforcing.
  27   kSandboxLinuxYama = 1 << 4,
  28
  29   // A flag that denotes an invalid sandbox status.
  30   kSandboxLinuxInvalid = 1 << 31,
  31 };
  32
  33 }  // namespace content
  34
  35 #endif  // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_