| commit | e7883acd4d078cc668d639f2a98c02b2cd106335 | |
| author | mdempsky <mdempsky@chromium.org> | |
| Thu, 20 Aug 2015 20:17:42 +0000 (20 13:17 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Thu, 20 Aug 2015 20:18:31 +0000 (20 20:18 +0000) | ||
| tree | 1452ba3e5bcbdc5c06d5718d8a1d359cb031fdbd | treesnapshot (tar.gz zip) |
| parent | 1c8f168864652e9ce2f5daf13cce7d4f7b401da7 | commitdiff |
sandbox/linux: refactor bpf_dsl dependency on die.h
This CL changes the bpf_dsl "Kill" builtin function to simply map to
SECCOMP_RET_KILL, rather than to a trap handler. Additionally, it
changes the default PolicyCompiler behavior for handling impossible
conditions to use this behavior.
However, it also adds SetPanicFunc as a way to override this default
behavior, and SandboxBPF uses this to maintain Chrome's historical
behavior of printing an error message with SANDBOX_DIE.
Arguably the Policy object should actually be responsible for
providing a Panic function, but that change will require modifying
existing Policy classes elsewhere in the Chromium source tree, so
I'll look into that in a followup CL.
BUG=449357
Review URL: https://codereview.chromium.org/1302043002
Cr-Commit-Position: refs/heads/master@{#344574}
This CL changes the bpf_dsl "Kill" builtin function to simply map to
SECCOMP_RET_KILL, rather than to a trap handler. Additionally, it
changes the default PolicyCompiler behavior for handling impossible
conditions to use this behavior.
However, it also adds SetPanicFunc as a way to override this default
behavior, and SandboxBPF uses this to maintain Chrome's historical
behavior of printing an error message with SANDBOX_DIE.
Arguably the Policy object should actually be responsible for
providing a Panic function, but that change will require modifying
existing Policy classes elsewhere in the Chromium source tree, so
I'll look into that in a followup CL.
BUG=449357
Review URL: https://codereview.chromium.org/1302043002
Cr-Commit-Position: refs/heads/master@{#344574}