// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ #define SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_ #include <sys/types.h> #include <string> #include <vector> #include "base/command_line.h" #include "base/process/launch.h" #include "base/process/process.h" #include "sandbox/sandbox_export.h" namespace sandbox { // Helper class for starting a process inside a new user, PID, and network // namespace. Before using a namespace sandbox, check for namespaces support // using Credentials::CanCreateProcessInNewUserNS. // // A typical use for "A" launching a sandboxed process "B" would be: // 1. A sets up a command line and launch options for process B. // 2. A launches B with LaunchProcess. // 3. B should be prepared to assume the role of init(1). In particular, apart // from SIGKILL and SIGSTOP, B cannot receive any signal for which it does // not have an explicit signal handler registered. // If B dies, all the processes in the namespace will die. // B can fork() and the parent can assume the role of init(1), by using // CreateInitProcessReaper(). // 4. B chroots using Credentials::MoveToNewUserNS() and // Credentials::DropFileSystemAccess() // 5. B drops capabilities gained by entering the new user namespace with // Credentials::DropAllCapabilities(). class SANDBOX_EXPORT NamespaceSandbox { … }; } // namespace sandbox #endif // SANDBOX_LINUX_SERVICES_NAMESPACE_SANDBOX_H_
Codebase Browser
chromium