diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
commit | 43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 (patch) | |
tree | 07d9b26b2f357ee9de04fea0e5e4b8b9a1ff93a4 /security/sandbox/linux/SandboxChroot.h | |
parent | 4613b91ecac2745252c40be64e73de5ff920b02b (diff) | |
download | UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.gz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.lz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.xz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.zip |
Nuke the sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxChroot.h')
-rw-r--r-- | security/sandbox/linux/SandboxChroot.h | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/security/sandbox/linux/SandboxChroot.h b/security/sandbox/linux/SandboxChroot.h deleted file mode 100644 index 3ad89b732..000000000 --- a/security/sandbox/linux/SandboxChroot.h +++ /dev/null @@ -1,66 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_SandboxChroot_h -#define mozilla_SandboxChroot_h - -#include <pthread.h> - -#include "mozilla/Attributes.h" - -// This class uses the chroot(2) system call and Linux namespaces to -// revoke the process's access to the filesystem. It requires that -// the process be able to create user namespaces; this is the -// kHasUserNamespaces in SandboxInfo.h. -// -// Usage: call Prepare() from a thread with CAP_SYS_CHROOT in its -// effective capability set, then later call Invoke() when ready to -// drop filesystem access. Prepare() creates a thread to do the -// chrooting, so the caller can (and should!) drop its own -// capabilities afterwards. When Invoke() returns, the thread will -// have exited. -// -// (Exception: on Android/B2G <= KitKat, because of how pthread_join -// is implemented, the thread may still exist, but it will not have -// capabilities. Accordingly, on such systems, be careful about -// namespaces or other resources the thread might have inherited.) -// -// Prepare() can fail (return false); for example, if it doesn't have -// CAP_SYS_CHROOT or if it can't create a directory to chroot into. -// -// The root directory will be empty and deleted, so the process will -// not be able to create new entries in it regardless of permissions. - -namespace mozilla { - -class SandboxChroot final { -public: - SandboxChroot(); - ~SandboxChroot(); - bool Prepare(); - void Invoke(); -private: - enum Command { - NO_THREAD, - NO_COMMAND, - DO_CHROOT, - JUST_EXIT, - }; - - pthread_t mThread; - pthread_mutex_t mMutex; - pthread_cond_t mWakeup; - Command mCommand; - int mFd; - - void ThreadMain(); - static void* StaticThreadMain(void* aVoidPtr); - bool SendCommand(Command aComm); -}; - -} // namespace mozilla - -#endif // mozilla_SandboxChroot_h |