diff options
author | Ben Murdoch <benm@google.com> | 2013-08-12 14:20:17 +0100 |
---|---|---|
committer | Ben Murdoch <benm@google.com> | 2013-08-12 14:20:17 +0100 |
commit | ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16 (patch) | |
tree | aa3b1013e823cb7bdee9ece936928292f57b31f4 /content/browser/browser_main_loop.cc | |
parent | f7fa989080f1e63c6a8aa24d5434922d52d9f51e (diff) | |
download | chromium_org-ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16.tar.gz |
Merge from Chromium at DEPS revision r216972
This commit was generated by merge_to_master.py.
Change-Id: I01cb28d94e3fcf99e3624d75cafa50d929787ddd
Diffstat (limited to 'content/browser/browser_main_loop.cc')
-rw-r--r-- | content/browser/browser_main_loop.cc | 64 |
1 files changed, 36 insertions, 28 deletions
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc index 1c6b1a033e..c51b5c5912 100644 --- a/content/browser/browser_main_loop.cc +++ b/content/browser/browser_main_loop.cc @@ -7,10 +7,12 @@ #include "base/bind.h" #include "base/command_line.h" #include "base/debug/trace_event.h" +#include "base/file_util.h" #include "base/logging.h" #include "base/message_loop/message_loop.h" #include "base/metrics/field_trial.h" #include "base/metrics/histogram.h" +#include "base/path_service.h" #include "base/pending_task.h" #include "base/power_monitor/power_monitor.h" #include "base/power_monitor/power_monitor_device_source.h" @@ -120,48 +122,54 @@ void SetupSandbox(const CommandLine& parsed_command_line) { TRACE_EVENT0("startup", "SetupSandbox"); // TODO(evanm): move this into SandboxWrapper; I'm just trying to move this // code en masse out of chrome_main for now. - const char* sandbox_binary = NULL; + base::FilePath sandbox_binary; + bool env_chrome_devel_sandbox_set = false; struct stat st; - // In Chromium branded builds, developers can set an environment variable to - // use the development sandbox. See - // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment - if (stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid()) - sandbox_binary = getenv("CHROME_DEVEL_SANDBOX"); - -#if defined(LINUX_SANDBOX_PATH) - if (!sandbox_binary) - sandbox_binary = LINUX_SANDBOX_PATH; -#endif - const bool want_setuid_sandbox = !parsed_command_line.HasSwitch(switches::kNoSandbox) && !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox); if (want_setuid_sandbox) { + base::FilePath exe_dir; + if (PathService::Get(base::DIR_EXE, &exe_dir)) { + base::FilePath sandbox_candidate = exe_dir.AppendASCII("chrome-sandbox"); + if (base::PathExists(sandbox_candidate)) + sandbox_binary = sandbox_candidate; + } + + // In user-managed builds, including development builds, an environment + // variable is required to enable the sandbox. See + // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment + if (sandbox_binary.empty() && + stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid()) { + const char* devel_sandbox_path = getenv("CHROME_DEVEL_SANDBOX"); + if (devel_sandbox_path) { + env_chrome_devel_sandbox_set = true; + sandbox_binary = base::FilePath(devel_sandbox_path); + } + } + static const char no_suid_error[] = "Running without the SUID sandbox! See " "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment " "for more information on developing with the sandbox on."; - if (!sandbox_binary) { - // This needs to be fatal. Talk to security@chromium.org if you feel - // otherwise. - LOG(FATAL) << no_suid_error; - } - // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as - // opposed to a non existing one) is not fatal yet. This is needed because - // of existing bots and scripts. Fix it (crbug.com/245376). - if (sandbox_binary && *sandbox_binary == '\0') + if (sandbox_binary.empty()) { + if (!env_chrome_devel_sandbox_set) { + // This needs to be fatal. Talk to security@chromium.org if you feel + // otherwise. + LOG(FATAL) << no_suid_error; + } + + // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as + // opposed to a non existing one) is not fatal yet. This is needed + // because of existing bots and scripts. Fix it (crbug.com/245376). LOG(ERROR) << no_suid_error; - } - - std::string sandbox_cmd; - if (want_setuid_sandbox && sandbox_binary) { - sandbox_cmd = sandbox_binary; + } } // Tickle the sandbox host and zygote host so they fork now. - RenderSandboxHostLinux::GetInstance()->Init(sandbox_cmd); - ZygoteHostImpl::GetInstance()->Init(sandbox_cmd); + RenderSandboxHostLinux::GetInstance()->Init(sandbox_binary.value()); + ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value()); } #endif |