| commit | 7462a4fd179376882292be2381a22df6819041c7 | [log] [tgz] |
|---|---|---|
| author | Matthew Denton <mpdenton@chromium.org> | Wed Jul 21 17:12:27 2021 |
| committer | Copybara-Service <copybara-worker@google.com> | Wed Jul 21 17:29:49 2021 |
| tree | cfe19b84bac09b9de673eeb485cb1bf029930566 | |
| parent | f4b23982effffbd6212c9c5bc5e8500ec04eab94 [diff] |
Linux sandbox: ENOSYS for some statx syscalls On some platforms, glibc will default to statx for normal stat-family calls. Unfortunately there's no way to rewrite statx to something safe using a signal handler. Returning ENOSYS will cause glibc to fallback to old stat paths. Change-Id: Ieaddc8020b6555f2dfdc443197d13cb3fccc6bf1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2823150 Commit-Queue: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#903952} NOKEYCHECK=True GitOrigin-RevId: b2fbcdbe30cb84cd2f0b63e453f3782c49213264
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/ uses the Seatbelt sandbox. See the detailed design for more.linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.