// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "sandbox/linux/services/namespace_sandbox.h" #include <sched.h> #include <signal.h> #include <stddef.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> #include <string> #include <utility> #include <vector> #include "base/check_op.h" #include "base/command_line.h" #include "base/environment.h" #include "base/files/scoped_file.h" #include "base/posix/eintr_wrapper.h" #include "base/process/launch.h" #include "base/process/process.h" #include "build/build_config.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/namespace_utils.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/system_headers/linux_signal.h" namespace sandbox { namespace { const char kSandboxUSERNSEnvironmentVarName[] = …; const char kSandboxPIDNSEnvironmentVarName[] = …; const char kSandboxNETNSEnvironmentVarName[] = …; class WriteUidGidMapDelegate : public base::LaunchOptions::PreExecDelegate { … }; void SetEnvironForNamespaceType(base::EnvironmentMap* environ, base::NativeEnvironmentString env_var, bool value) { … } // Linux supports up to 64 signals. This should be updated if that ever changes. int g_signal_exit_codes[64]; void TerminationSignalHandler(int sig) { … } #if defined(LIBC_GLIBC) // The first few fields of glibc's struct pthread. The full // definition is in: // https://sourceware.org/git/?p=glibc.git;a=blob;f=nptl/descr.h;hb=95a73392580761abc62fc9b1386d232cd55878e9#l121 struct glibc_pthread { … }; pid_t GetGlibcCachedTid() { … } void MaybeUpdateGlibcTidCache() { … } #endif // defined(LIBC_GLIBC) } // namespace NamespaceSandbox::Options::Options() : … { … } NamespaceSandbox::Options::~Options() { … } // static base::Process NamespaceSandbox::LaunchProcess( const base::CommandLine& cmdline, const base::LaunchOptions& launch_options) { … } // static base::Process NamespaceSandbox::LaunchProcess( const std::vector<std::string>& argv, const base::LaunchOptions& launch_options) { … } // static base::Process NamespaceSandbox::LaunchProcessWithOptions( const base::CommandLine& cmdline, const base::LaunchOptions& launch_options, const Options& ns_sandbox_options) { … } // static base::Process NamespaceSandbox::LaunchProcessWithOptions( const std::vector<std::string>& argv, const base::LaunchOptions& launch_options, const Options& ns_sandbox_options) { … } // static pid_t NamespaceSandbox::ForkInNewPidNamespace(bool drop_capabilities_in_child) { … } // static void NamespaceSandbox::InstallDefaultTerminationSignalHandlers() { … } // static bool NamespaceSandbox::InstallTerminationSignalHandler( int sig, int exit_code) { … } // static bool NamespaceSandbox::InNewUserNamespace() { … } // static bool NamespaceSandbox::InNewPidNamespace() { … } // static bool NamespaceSandbox::InNewNetNamespace() { … } } // namespace sandbox
Codebase Browser
chromium