commit | fce26e75d4dd9eb7afb1159586dcb5776d23df00 | [log] [tgz] |
---|---|---|
author | Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com> | Mon Nov 29 21:47:21 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Mon Nov 29 22:00:54 2021 |
tree | 0a382e73745f8a72e358174c12449c7fdb233b03 | |
parent | 88278517be90e7034d083203d2a234319cea5d57 [diff] |
Linux sandbox: fix glibc 2.33 caused assertion failure Starting with glibc 2.33, the system() function changed its return value leading to an assertion failure. To fix the test for both newer and older glibcs, check the retval is != 0. The EPERM error is the same, so this should be safe. For more details see glibc commit: 42dda89dcb ("posix: Fix return value of system if shell can not be executed") BUG=b:187795909,b:206128425 TEST=Manually run sandbox unit test on ChromeOS with glibc 2.33 Change-Id: I3c37c049bbe060f79615cecae4d07d37236c1427 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3296023 Commit-Queue: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com> Auto-Submit: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com> Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Haiyang Pan <hypan@google.com> Reviewed-by: Brian Sheedy <bsheedy@chromium.org> Cr-Commit-Position: refs/heads/main@{#946159} NOKEYCHECK=True GitOrigin-RevId: 53ec0369255fbd0fafcfe94fa10d58e20a327647
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.