summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/SandboxChroot.h
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-03 05:55:15 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-05-03 05:55:15 +0200
commit43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 (patch)
tree07d9b26b2f357ee9de04fea0e5e4b8b9a1ff93a4 /security/sandbox/linux/SandboxChroot.h
parent4613b91ecac2745252c40be64e73de5ff920b02b (diff)
downloadUXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.gz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.lz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.xz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.zip
Nuke the sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxChroot.h')
-rw-r--r--security/sandbox/linux/SandboxChroot.h66
1 files changed, 0 insertions, 66 deletions
diff --git a/security/sandbox/linux/SandboxChroot.h b/security/sandbox/linux/SandboxChroot.h
deleted file mode 100644
index 3ad89b732..000000000
--- a/security/sandbox/linux/SandboxChroot.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_SandboxChroot_h
-#define mozilla_SandboxChroot_h
-
-#include <pthread.h>
-
-#include "mozilla/Attributes.h"
-
-// This class uses the chroot(2) system call and Linux namespaces to
-// revoke the process's access to the filesystem. It requires that
-// the process be able to create user namespaces; this is the
-// kHasUserNamespaces in SandboxInfo.h.
-//
-// Usage: call Prepare() from a thread with CAP_SYS_CHROOT in its
-// effective capability set, then later call Invoke() when ready to
-// drop filesystem access. Prepare() creates a thread to do the
-// chrooting, so the caller can (and should!) drop its own
-// capabilities afterwards. When Invoke() returns, the thread will
-// have exited.
-//
-// (Exception: on Android/B2G <= KitKat, because of how pthread_join
-// is implemented, the thread may still exist, but it will not have
-// capabilities. Accordingly, on such systems, be careful about
-// namespaces or other resources the thread might have inherited.)
-//
-// Prepare() can fail (return false); for example, if it doesn't have
-// CAP_SYS_CHROOT or if it can't create a directory to chroot into.
-//
-// The root directory will be empty and deleted, so the process will
-// not be able to create new entries in it regardless of permissions.
-
-namespace mozilla {
-
-class SandboxChroot final {
-public:
- SandboxChroot();
- ~SandboxChroot();
- bool Prepare();
- void Invoke();
-private:
- enum Command {
- NO_THREAD,
- NO_COMMAND,
- DO_CHROOT,
- JUST_EXIT,
- };
-
- pthread_t mThread;
- pthread_mutex_t mMutex;
- pthread_cond_t mWakeup;
- Command mCommand;
- int mFd;
-
- void ThreadMain();
- static void* StaticThreadMain(void* aVoidPtr);
- bool SendCommand(Command aComm);
-};
-
-} // namespace mozilla
-
-#endif // mozilla_SandboxChroot_h