mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
Using the equivalent of release assertions in the patch after this one is easier to justify if I can't come up with vaguely legitimate reasons why they might fail; this detects the ones I thought of.
This commit is contained in:
parent
32cb9ee32d
commit
6bf3d102d8
@ -80,9 +80,20 @@ HasUserNamespaceSupport()
|
||||
// false negative. However, for user namespaces, any kernel new
|
||||
// enough for the feature to be usable for us has setns support
|
||||
// (v3.8), so this is okay.
|
||||
if (access("/proc/self/ns/user", F_OK) == -1) {
|
||||
MOZ_ASSERT(errno == ENOENT);
|
||||
return false;
|
||||
//
|
||||
// The non-user namespaces all default to "y" in init/Kconfig, but
|
||||
// check them explicitly in case someone has a weird custom config.
|
||||
static const char* const paths[] = {
|
||||
"/proc/self/ns/user",
|
||||
"/proc/self/ns/pid",
|
||||
"/proc/self/ns/net",
|
||||
"/proc/self/ns/ipc",
|
||||
};
|
||||
for (size_t i = 0; i < ArrayLength(paths); ++i) {
|
||||
if (access(paths[i], F_OK) == -1) {
|
||||
MOZ_ASSERT(errno == ENOENT);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
@ -108,6 +119,21 @@ CanCreateUserNamespace()
|
||||
return cached[0] > '0';
|
||||
}
|
||||
|
||||
// Valgrind might allow the clone, but doesn't know what to do with
|
||||
// unshare. Check for that by unsharing nothing. (Valgrind will
|
||||
// probably need sandboxing disabled entirely, but no need to break
|
||||
// things worse than strictly necessary.)
|
||||
if (syscall(__NR_unshare, 0) != 0) {
|
||||
#ifdef MOZ_VALGRIND
|
||||
MOZ_ASSERT(errno == ENOSYS);
|
||||
#else
|
||||
// If something else can cause that call to fail, we's like to know
|
||||
// about it; the right way to handle it might not be the same.
|
||||
MOZ_ASSERT(false);
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
pid_t pid = syscall(__NR_clone, SIGCHLD | CLONE_NEWUSER,
|
||||
nullptr, nullptr, nullptr, nullptr);
|
||||
if (pid == 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user