| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
| #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
| |
| namespace content { |
| |
| // These form a bitmask which describes the conditions of the Linux sandbox. |
| // Note: this doesn't strictly give you the current status, it states |
| // what will be enabled when the relevant processes are initialized. |
| enum LinuxSandboxStatus { |
| // SUID sandbox active. |
| kSandboxLinuxSUID = 1 << 0, |
| |
| // SUID sandbox is using the PID namespace. |
| kSandboxLinuxPIDNS = 1 << 1, |
| |
| // SUID sandbox is using the network namespace. |
| kSandboxLinuxNetNS = 1 << 2, |
| |
| // seccomp-bpf sandbox active. |
| kSandboxLinuxSeccompBPF = 1 << 3, |
| |
| // The Yama LSM module is present and enforcing. |
| kSandboxLinuxYama = 1 << 4, |
| |
| // A flag that denotes an invalid sandbox status. |
| kSandboxLinuxInvalid = 1 << 31, |
| }; |
| |
| } // namespace content |
| |
| #endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
