Google Git
Sign in
chromium / chromium / src / sandbox / 6155bd3051255038b0aa62e72fb51898e4ba771e
commit6155bd3051255038b0aa62e72fb51898e4ba771e[log] [tgz]
authorMatthew Denton <mpdenton@chromium.org>Fri Feb 18 19:41:21 2022
committerCopybara-Service <copybara-worker@google.com>Fri Feb 18 19:57:03 2022
treecece2c8934775dbad87cd9128932dfc39ca655c9
parent714d2e84b90ea1425310f1b231dad6a9c6a122f0 [diff]
[Linux sandbox] Fix current seccomp failures

pidfd_open is a syscall new in Linux 5.3. For some reason we are
getting seccomp crashes for it, even though it's unused in chromium
and glibc. Just return ENOSYS instead of crashing, and any code should
be able to handle its nonexistence for backwards compatibility.

We are also getting a lot of seccomp crashes for sched_getaffinity.
There isn't enough reason to block it, so allow it (restricted to the
current process) in the utility and service sandboxes.

Bug: 758557
Change-Id: I0d7354839be37912f35068dfacfaf78c35e894b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3472467
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#973068}
NOKEYCHECK=True
GitOrigin-RevId: b2ea904d412adfeba5ff24f59497d659b2329a20
3 files changed
tree: cece2c8934775dbad87cd9128932dfc39ca655c9
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.