mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-28 12:45:27 +00:00
ba1cc023b7
This needs more unit tests for the various pieces of what's going on here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but that's nontrivial due to needing a single-threaded process -- and currently they can't be run on Mozilla's CI anyway due to needing user namespaces, and local testing can just try using GMP and manually inspecting the child process. So that will be a followup.
29 lines
898 B
C++
29 lines
898 B
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "LinuxCapabilities.h"
|
|
|
|
#include <unistd.h>
|
|
#include <sys/syscall.h>
|
|
|
|
namespace mozilla {
|
|
|
|
bool
|
|
LinuxCapabilities::GetCurrent() {
|
|
__user_cap_header_struct header = { _LINUX_CAPABILITY_VERSION_3, 0 };
|
|
return syscall(__NR_capget, &header, &mBits) == 0
|
|
&& header.version == _LINUX_CAPABILITY_VERSION_3;
|
|
}
|
|
|
|
bool
|
|
LinuxCapabilities::SetCurrentRaw() const {
|
|
__user_cap_header_struct header = { _LINUX_CAPABILITY_VERSION_3, 0 };
|
|
return syscall(__NR_capset, &header, &mBits) == 0
|
|
&& header.version == _LINUX_CAPABILITY_VERSION_3;
|
|
}
|
|
|
|
} // namespace mozilla
|