Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libchrome / af16dea68b9f5131b4610241d0a13c3497ffb7bb
commitaf16dea68b9f5131b4610241d0a13c3497ffb7bb[log] [tgz]
authorerg <erg@chromium.org>Tue Sep 01 06:11:18 2015 +0900
committerQijiang Fan <fqj@google.com>Thu Jun 04 19:34:47 2020 +0900
treef616ebf26a7af8c2661453b1e35523ed0d213b9b
parentaabc9b145b0533c0b70b1872ba6fe1ae6bd52729 [diff]
mandoline: lock down the linux sandbox more.

Previously, the mandoline sandbox allowed all system calls except for
access()/open()/faccessat()/openat(). This patch now uses the baseline
sandboxing policy (which will error on many common syscalls and will
crash on unwhitelisted calls). Added a few syscalls that we need for the
compositor to the explicit allow list.

BUG=492524

Review URL: https://codereview.chromium.org/1318063006

Cr-Commit-Position: refs/heads/master@{#346469}


CrOS-Libchrome-Original-Commit: 6b21046b63481355378258b8a37d029a6a742ca1
1 file changed
tree: f616ebf26a7af8c2661453b1e35523ed0d213b9b
  1. base/
  2. build/
  3. components/
  4. dbus/
  5. device/
  6. ipc/
  7. mojo/
  8. testing/
  9. third_party/
  10. ui/