nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/security/sandbox/linux/SandboxChrootProto.h
Jed Davis 6c9a2c06a5 Bug 1858279 - Rework how process launch interacts with Linux sandboxing and the fork server. r=nika,gcp 
Currently, process launch interfaces with Linux sandboxing via the
ForkDelegate abstraction, basically replacing `fork` with an opaque
stateful callback, configured using various info from the parent process
(prefs, gfxInfo, etc.).  Unfortunately, the fork server effectively
needs to move that object into another process, and this is accomplished
in a way that's complicated and difficult to deal with and causes some
problems.

Instead, this patch makes the sandboxing state transparent: fields
are added to LaunchOptions which are serialized/deserialized, and the
sandbox launcher object is now exposed in a header and used directly by
LaunchApp (and its fork server equivalent).

There are a few other changes that follow from this.  In particular,
the pipe for the chroot server is now created later, during LaunchApp
but before `FileDescriptorShuffle::Init`, so LaunchApp will side-effect
`LaunchOptions::fds_to_remap`.  (But this also means we're no longer
using a fake mapping of fd 10 which isn't actually used, and we're no
longer creating a socketpair in one process and sending both ends to
another process that could have just created it itself.)

For more details, see the comments in `SandboxLaunch.h` for the member
functions `Configure`, `Prepare`, and `Fork`.

As a convenient side effect of this change, `Prepare` is now fallible,
so we can handle certain error cases (like failing to create a socket
pair) more gracefully.

Differential Revision: https://phabricator.services.mozilla.com/D194456
2023-12-02 01:49:58 +00:00

21 lines
727 B
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_SandboxChrootProto_h
#define mozilla_SandboxChrootProto_h
#include "mozilla/Types.h"
namespace mozilla {
static const int kSandboxChrootClientFd = 6;
static const char kSandboxChrootRequest = 'C';
static const char kSandboxChrootResponse = 'O';
static const char kSandboxChrootEnvFlag[] = "MOZ_SANDBOX_USE_CHROOT";
} // namespace mozilla
#endif // mozilla_SandboxChrootProto_h
View git blame Copy permalink