Google Git
Sign in
chromium / chromium / src / sandbox / fce26e75d4dd9eb7afb1159586dcb5776d23df00
commitfce26e75d4dd9eb7afb1159586dcb5776d23df00[log] [tgz]
authorAdrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>Mon Nov 29 21:47:21 2021
committerCopybara-Service <copybara-worker@google.com>Mon Nov 29 22:00:54 2021
tree0a382e73745f8a72e358174c12449c7fdb233b03
parent88278517be90e7034d083203d2a234319cea5d57 [diff]
Linux sandbox: fix glibc 2.33 caused assertion failure

Starting with glibc 2.33, the system() function changed its
return value leading to an assertion failure. To fix the test
for both newer and older glibcs, check the retval is != 0.
The EPERM error is the same, so this should be safe.

For more details see glibc commit:
42dda89dcb ("posix: Fix return value of system if shell can
not be executed")

BUG=b:187795909,b:206128425
TEST=Manually run sandbox unit test on ChromeOS with glibc 2.33

Change-Id: I3c37c049bbe060f79615cecae4d07d37236c1427
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3296023
Commit-Queue: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>
Auto-Submit: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Haiyang Pan <hypan@google.com>
Reviewed-by: Brian Sheedy <bsheedy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#946159}
NOKEYCHECK=True
GitOrigin-RevId: 53ec0369255fbd0fafcfe94fa10d58e20a327647
1 file changed
tree: 0a382e73745f8a72e358174c12449c7fdb233b03
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.