forked from mirrors/gecko-dev
6c9a2c06a5
Currently, process launch interfaces with Linux sandboxing via the ForkDelegate abstraction, basically replacing `fork` with an opaque stateful callback, configured using various info from the parent process (prefs, gfxInfo, etc.). Unfortunately, the fork server effectively needs to move that object into another process, and this is accomplished in a way that's complicated and difficult to deal with and causes some problems. Instead, this patch makes the sandboxing state transparent: fields are added to LaunchOptions which are serialized/deserialized, and the sandbox launcher object is now exposed in a header and used directly by LaunchApp (and its fork server equivalent). There are a few other changes that follow from this. In particular, the pipe for the chroot server is now created later, during LaunchApp but before `FileDescriptorShuffle::Init`, so LaunchApp will side-effect `LaunchOptions::fds_to_remap`. (But this also means we're no longer using a fake mapping of fd 10 which isn't actually used, and we're no longer creating a socketpair in one process and sending both ends to another process that could have just created it itself.) For more details, see the comments in `SandboxLaunch.h` for the member functions `Configure`, `Prepare`, and `Fork`. As a convenient side effect of this change, `Prepare` is now fallible, so we can handle certain error cases (like failing to create a socket pair) more gracefully. Differential Revision: https://phabricator.services.mozilla.com/D194456 |
||
|---|---|---|
| .. | ||
| app | ||
| chromium | ||
| contentproc | ||
| docs | ||
| glue | ||
| gtest | ||
| ipdl | ||
| mscom | ||
| testshell | ||
| moz.build | ||
| pull-chromium.py | ||