search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: cffa416) | patch
Namespace sandbox: add important security checks
commitb94f6817d3a0e20ec5c3393a4eb13dd360acbd4e
authorjln <jln@chromium.org>
Thu, 12 Feb 2015 04:53:04 +0000 (11 20:53 -0800)
committerCommit bot <commit-bot@chromium.org>
Thu, 12 Feb 2015 04:53:27 +0000 (12 04:53 +0000)
treebc6d7dc47b28e2fe0aa0092d284ed16888704c24tree | snapshot (tar.gz zip)
parentcffa4164960b8bff230276d51c1e82bac87c248ccommit | diff
Namespace sandbox: add important security checks

When engaging the namespace sandbox, add important checks that the process
is single threaded and has no directory file descriptor open.

As part of this change, move the function engaging the namespace
sandbox from the Zygote to the LinuxSandbox class.

BUG=457377, 312380

Review URL: https://codereview.chromium.org/915823002

Cr-Commit-Position: refs/heads/master@{#315932}
components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc diff | blob | blame | history
content/common/sandbox_linux/sandbox_debug_handling_linux.cc [new file with mode: 0644] blob
content/common/sandbox_linux/sandbox_debug_handling_linux.h [new file with mode: 0644] blob
content/common/sandbox_linux/sandbox_linux.cc diff | blob | blame | history
content/common/sandbox_linux/sandbox_linux.h diff | blob | blame | history
content/content_common.gypi diff | blob | blame | history
content/zygote/zygote_main_linux.cc diff | blob | blame | history
sandbox/linux/services/credentials.h diff | blob | blame | history