Google Git
Sign in
chromium / chromium / src / b94f6817d3a0e20ec5c3393a4eb13dd360acbd4e
commitb94f6817d3a0e20ec5c3393a4eb13dd360acbd4e[log] [tgz]
authorjln <jln@chromium.org>Thu Feb 12 04:53:04 2015
committerCommit bot <commit-bot@chromium.org>Thu Feb 12 04:53:27 2015
treebc6d7dc47b28e2fe0aa0092d284ed16888704c24
parentcffa4164960b8bff230276d51c1e82bac87c248c [diff]
Namespace sandbox: add important security checks

When engaging the namespace sandbox, add important checks that the process
is single threaded and has no directory file descriptor open.

As part of this change, move the function engaging the namespace
sandbox from the Zygote to the LinuxSandbox class.

BUG=457377, 312380

Review URL: https://codereview.chromium.org/915823002

Cr-Commit-Position: refs/heads/master@{#315932}
8 files changed
tree: bc6d7dc47b28e2fe0aa0092d284ed16888704c24
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. breakpad/
  7. build/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. extensions/
  21. gin/
  22. google_apis/
  23. google_update/
  24. gpu/
  25. ios/
  26. ipc/
  27. jingle/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. sdch/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. sync/
  44. testing/
  45. third_party/
  46. tools/
  47. ui/
  48. url/
  49. webkit/
  50. win8/
  51. .clang-format
  52. .gitattributes
  53. .gitignore
  54. .gn
  55. Android.mk
  56. AUTHORS
  57. BUILD.gn
  58. codereview.settings
  59. DEPS
  60. LICENSE
  61. LICENSE.chromium_os
  62. OWNERS
  63. PRESUBMIT.py
  64. PRESUBMIT_test.py
  65. PRESUBMIT_test_mocks.py
  66. WATCHLISTS