Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
| 6 | #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |
| 7 | |
| 8 | namespace content { |
| 9 | |
| 10 | // These form a bitmask which describes the conditions of the Linux sandbox. |
| 11 | // Note: this doesn't strictly give you the current status, it states |
| 12 | // what will be enabled when the relevant processes are initialized. |
| 13 | enum LinuxSandboxStatus { |
| 14 | // SUID sandbox active. |
| 15 | kSandboxLinuxSUID = 1 << 0, |
| 16 | |
| 17 | // SUID sandbox is using the PID namespace. |
| 18 | kSandboxLinuxPIDNS = 1 << 1, |
| 19 | |
| 20 | // SUID sandbox is using the network namespace. |
| 21 | kSandboxLinuxNetNS = 1 << 2, |
| 22 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 23 | // seccomp-bpf sandbox active. |
Torne (Richard Coles) | a3f6a49 | 2013-12-18 16:25:09 +0000 | [diff] [blame] | 24 | kSandboxLinuxSeccompBPF = 1 << 3, |
Torne (Richard Coles) | 5d1f7b1 | 2014-02-21 12:16:55 +0000 | [diff] [blame] | 25 | |
Torne (Richard Coles) | a140131 | 2014-03-18 10:20:56 +0000 | [diff] [blame] | 26 | // The Yama LSM module is present and enforcing. |
| 27 | kSandboxLinuxYama = 1 << 4, |
| 28 | |
Torne (Richard Coles) | 5d1f7b1 | 2014-02-21 12:16:55 +0000 | [diff] [blame] | 29 | // A flag that denotes an invalid sandbox status. |
| 30 | kSandboxLinuxInvalid = 1 << 31, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 31 | }; |
| 32 | |
| 33 | } // namespace content |
| 34 | |
| 35 | #endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ |