forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Linux Seccomp syscall restrictions to EPERM posix_spawn/vfork
Glibc's system() function switched to using posix_spawn, which uses CLONE_VFORK. Pepperflash includes a sandbox debugging check which relies on us EPERM-ing process creation like this, rather than crashing the process with SIGSYS. So whitelist clone() calls, like posix_spawn, that include the flags CLONE_VFORK and CLONE_VM. Bug: 949312 Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#653590}
- Loading branch information
Showing
2 changed files
with
40 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters