mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-06 00:55:37 +00:00
ba1cc023b7
This needs more unit tests for the various pieces of what's going on here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but that's nontrivial due to needing a single-threaded process -- and currently they can't be run on Mozilla's CI anyway due to needing user namespaces, and local testing can just try using GMP and manually inspecting the child process. So that will be a followup.
22 lines
697 B
C++
22 lines
697 B
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_SandboxUtil_h
|
|
#define mozilla_SandboxUtil_h
|
|
|
|
namespace mozilla {
|
|
|
|
bool IsSingleThreaded();
|
|
|
|
// Unshare the user namespace, and set up id mappings so that the
|
|
// process's subjective uid and gid are unchanged. This will always
|
|
// fail if the process is multithreaded.
|
|
bool UnshareUserNamespace();
|
|
|
|
} // namespace mozilla
|
|
|
|
#endif // mozilla_SandboxUtil_h
|