Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform / minijail / bd940e9e91284512a5c853f7b46b3a2f49f69e32 / . / env.h
blob: 18cde8ad2069d844163ea782208824473a201491 [file] [log] [blame]
drewry@google.combd940e92009-12-07 19:13:27 +0000[diff] [blame^]1// Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4//
5// Provide a interfacefor supplying system interface functionality at a
6// behavioral level.
7//
8// TODO(wad) Support LinuxSUIDSandox, net namespaces, jail profiles, etc.
9
10#ifndef __CHROMEOS_MINIJAIL_ENV_H
11#define __CHROMEOS_MINIJAIL_ENV_H
12
13#include <base/basictypes.h>
14#include <base/scoped_ptr.h>
15
16namespace chromeos {
17namespace minijail {
18
19class Env {
20 public:
21 Env() { }
22 virtual ~Env() { }
23 virtual bool ChangeUser(uid_t uid, gid_t gid) const;
24 virtual bool DisableDefaultRootPrivileges() const;
25 virtual bool DisableTracing() const;
26 virtual bool EnterNamespace(int namespaces) const;
27 virtual bool FilterSyscallsBenchmarkOnly() const;
28 virtual bool FilterSyscallsBySource() const;
29 // virtual bool ExportXAuthority(int appgroup, bool trusted) const;
30 virtual bool KeepRootCapabilities() const;
31 // bool do_delayed_chroot;
32 // bool enter_net_namespace();
33 // TODO(wad) add flags: ro_proc, custom /dev, ...
34 virtual bool Mount() const;
35 virtual bool SanitizeBoundingSet(uint64 capmask) const;
36 // /dev/input/*
37 // /dev/video*
38 // /dev/*audio*
39 // bool ShimUserDevices();
40 //bool add_to_cgroup(const char *cgroup_name);
41 virtual bool SanitizeCapabilities(uint64 eff_capmask) const;
42
43 virtual bool Run(const char *path,
44 char * const *argv,
45 char * const *envp) const;
46 private:
47 DISALLOW_COPY_AND_ASSIGN(Env);
48};
49
50} // namespace minijail
51} // namespace chromeos
52
53#endif // __CHROMEOS_MINIJAIL_ENV_H