1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 6 #define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 7 8 namespace content { 9 10 // These form a bitmask which describes the conditions of the Linux sandbox. 11 // Note: this doesn't strictly give you the current status, it states 12 // what will be enabled when the relevant processes are initialized. 13 enum LinuxSandboxStatus { 14 // SUID sandbox active. 15 kSandboxLinuxSUID = 1 << 0, 16 17 // SUID sandbox is using the PID namespace. 18 kSandboxLinuxPIDNS = 1 << 1, 19 20 // SUID sandbox is using the network namespace. 21 kSandboxLinuxNetNS = 1 << 2, 22 23 // seccomp-bpf sandbox active. 24 kSandboxLinuxSeccompBPF = 1 << 3, 25 26 // The Yama LSM module is present and enforcing. 27 kSandboxLinuxYama = 1 << 4, 28 29 // A flag that denotes an invalid sandbox status. 30 kSandboxLinuxInvalid = 1 << 31, 31 }; 32 33 } // namespace content 34 35 #endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 36
