chromium: Remove conditionals for version 29.

This removes the conditionals and obsolete cruft for version 29, especially the old user namespaces sandbox patch. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-10-02 20:18:12 +02:00 · 2013-10-02 20:18:12 +02:00 · d02be2520f
commit d02be2520f
parent 9dcbaf9f6f
2 changed files with 5 additions and 298 deletions
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@ -8,7 +8,7 @@
 , libusb1, libexif, pciutils

 , python, pythonPackages, perl, pkgconfig
-, nspr, udev, krb5
+, nspr, udev, krb5, file
 , utillinux, alsaLib
 , gcc, bison, gperf
 , glib, gtk, dbus_glib
@ -18,9 +18,6 @@
 # optional dependencies
 , libgcrypt ? null # gnomeSupport || cupsSupport

-# dependency for version 30
-, file
-
 # package customization
 , channel ? "stable"
 , enableSELinux ? false, libselinux ? null
@ -50,9 +47,7 @@ let
    prePatch = "patchShebangs .";

    patches = singleton (
-      if versionOlder version "30.0.0.0"
-      then ./sandbox_userns_29.patch
-      else if versionOlder version "31.0.0.0"
+      if versionOlder version "31.0.0.0"
      then ./sandbox_userns_30.patch
      else ./sandbox_userns_31.patch
    );
@ -165,7 +160,7 @@ in stdenv.mkDerivation rec {
    (if useOpenSSL then openssl else nss)
    utillinux alsaLib
    gcc bison gperf
-    krb5
+    krb5 file
    glib gtk dbus_glib
    libXScrnSaver libXcursor libXtst mesa
    pciutils protobuf speechd libXdamage
@ -174,8 +169,7 @@ in stdenv.mkDerivation rec {
    ++ optionals gnomeSupport [ gconf libgcrypt ]
    ++ optional enableSELinux libselinux
    ++ optional cupsSupport libgcrypt
-    ++ optional pulseSupport pulseaudio
-    ++ optional (!versionOlder src.version "30.0.0.0") file;
+    ++ optional pulseSupport pulseaudio;

  prePatch = ''
    # XXX: Figure out a way how to split these properly.
@ -187,7 +181,7 @@ in stdenv.mkDerivation rec {
    chmod -R u+w . # XXX!
  '';

-  postPatch = optionalString (!versionOlder src.version "30.0.0.0") ''
+  postPatch = ''
    sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
      sandbox_binary = \
        base::FilePath("'"${sandboxPath}"'");
--- a/pkgs/applications/networking/browsers/chromium/sandbox_userns_29.patch
+++ b/pkgs/applications/networking/browsers/chromium/sandbox_userns_29.patch
@ -1,287 +0,0 @@
-commit 557daf9cc9c02b8f17e6ee84f9b1ae6e6132d478
-Author: aszlig <aszlig@redmoonstudios.org>
-Date:   Thu May 16 14:17:56 2013 +0200
-
-    zygote: Add support for user namespaces on Linux.
-    
-    The implementation is done by patching the Zygote host to execute the sandbox
-    binary with CLONE_NEWUSER and setting the uid and gid mapping so that the child
-    process is using uid 0 and gid 0 which map to the current user of the parent.
-    Afterwards, the sandbox will continue as if it was called as a setuid binary.
-    
-    In addition, this adds new_user_namespace as an option in process_util in order
-    to set the UID and GID mapping correctly. The reason for this is that just
-    passing CLONE_NEWUSER to clone_flags doesn't help in LaunchProcess(), because
-    without setting the mappings exec*() will clear the process's capability sets.
-    
-    If the kernel doesn't support unprivileged user namespaces and the sandbox
-    binary doesn't have the setuid flag, the Zygote main process will run without a
-    sandbox. This is to mimic the behaviour if no SUID sandbox binary path is set.
-    
-    Signed-off-by: aszlig <aszlig@redmoonstudios.org>
-
-diff --git a/base/process_util.h b/base/process_util.h
-index 0bec8e0..6b6f566 100644
--- a/base/process_util.h
-+++ b/base/process_util.h
-@@ -175,6 +175,7 @@ struct LaunchOptions {
-         new_process_group(false)
- #if defined(OS_LINUX)
-         , clone_flags(0)
-+        , new_user_namespace(false)
- #endif  // OS_LINUX
- #if defined(OS_CHROMEOS)
-         , ctrl_terminal_fd(-1)
-@@ -249,6 +250,9 @@ struct LaunchOptions {
- #if defined(OS_LINUX)
-   // If non-zero, start the process using clone(), using flags as provided.
-   int clone_flags;
-+
-+  // If true, start the process in a new user namespace.
-+  bool new_user_namespace;
- #endif  // defined(OS_LINUX)
- 
- #if defined(OS_CHROMEOS)
-diff --git a/base/process_util_posix.cc b/base/process_util_posix.cc
-index 83afe44..e529b2b 100644
--- a/base/process_util_posix.cc
-+++ b/base/process_util_posix.cc
-@@ -34,6 +34,13 @@
- #include "base/threading/platform_thread.h"
- #include "base/threading/thread_restrictions.h"
- 
-+#if defined(OS_LINUX)
-+#include <sched.h>
-+#if !defined(CLONE_NEWUSER)
-+#define CLONE_NEWUSER 0x10000000
-+#endif
-+#endif
-+
- #if defined(OS_CHROMEOS)
- #include <sys/ioctl.h>
- #endif
-@@ -621,8 +628,19 @@ bool LaunchProcess(const std::vector<std::string>& argv,
- 
-   pid_t pid;
- #if defined(OS_LINUX)
-  if (options.clone_flags) {
-    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
-+  int map_pipe_fd[2];
-+  int flags = options.clone_flags;
-+
-+  if (options.new_user_namespace) {
-+    flags |= CLONE_NEWUSER;
-+    if (pipe(map_pipe_fd) < 0) {
-+      DPLOG(ERROR) << "user namespace pipe";
-+      return false;
-+    }
-+  }
-+
-+  if (options.clone_flags || options.new_user_namespace) {
-+    pid = syscall(__NR_clone, flags, 0, 0, 0);
-   } else
- #endif
-   {
-@@ -635,6 +653,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
-   } else if (pid == 0) {
-     // Child process
- 
-+#if defined(OS_LINUX)
-+    if (options.new_user_namespace) {
-+      // Close the write end of the pipe so we get an EOF when the parent closes
-+      // the FD. This is to avoid race conditions when the UID/GID mappings are
-+      // written _after_ execvp().
-+      close(map_pipe_fd[1]);
-+
-+      char dummy;
-+      if (HANDLE_EINTR(read(map_pipe_fd[0], &dummy, 1)) != 0) {
-+        RAW_LOG(ERROR, "Unexpected input in uid/gid mapping pipe.");
-+        _exit(127);
-+      }
-+    }
-+#endif
-+
-     // DANGER: fork() rule: in the child, if you don't end up doing exec*(),
-     // you call _exit() instead of exit(). This is because _exit() does not
-     // call any previously-registered (in the parent) exit handlers, which
-@@ -749,6 +782,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
-     _exit(127);
-   } else {
-     // Parent process
-+#if defined(OS_LINUX)
-+    if (options.new_user_namespace) {
-+      // We need to write UID/GID mapping here to map the current user outside
-+      // the namespace to the root user inside the namespace in order to
-+      // correctly "fool" the child process.
-+      char buf[256];
-+      int map_fd, map_len;
-+
-+      snprintf(buf, sizeof(buf), "/proc/%d/uid_map", pid);
-+      map_fd = open(buf, O_RDWR);
-+      DPCHECK(map_fd >= 0);
-+      snprintf(buf, sizeof(buf), "0 %d 1", geteuid());
-+      map_len = strlen(buf);
-+      if (write(map_fd, buf, map_len) != map_len) {
-+        RAW_LOG(WARNING, "Can't write to uid_map.");
-+      }
-+      close(map_fd);
-+
-+      snprintf(buf, sizeof(buf), "/proc/%d/gid_map", pid);
-+      map_fd = open(buf, O_RDWR);
-+      DPCHECK(map_fd >= 0);
-+      snprintf(buf, sizeof(buf), "0 %d 1", getegid());
-+      map_len = strlen(buf);
-+      if (write(map_fd, buf, map_len) != map_len) {
-+        RAW_LOG(WARNING, "Can't write to gid_map.");
-+      }
-+      close(map_fd);
-+
-+      // Close the pipe on the parent, so the child can continue doing the
-+      // execvp() call.
-+      close(map_pipe_fd[1]);
-+    }
-+#endif
-+
-     if (options.wait) {
-       // While this isn't strictly disk IO, waiting for another process to
-       // finish is the sort of thing ThreadRestrictions is trying to prevent.
-diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc
-index 130f44a..c1232d4 100644
--- a/content/browser/zygote_host/zygote_host_impl_linux.cc
-+++ b/content/browser/zygote_host/zygote_host_impl_linux.cc
-@@ -118,25 +118,31 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
- 
-   sandbox_binary_ = sandbox_cmd.c_str();
- 
-  // A non empty sandbox_cmd means we want a SUID sandbox.
-  using_suid_sandbox_ = !sandbox_cmd.empty();
-+  bool userns_sandbox = false;
-+  const std::vector<std::string> cmd_line_unwrapped(cmd_line.argv());
- 
-  if (using_suid_sandbox_) {
-+  if (!sandbox_cmd.empty()) {
-     struct stat st;
-     if (stat(sandbox_binary_.c_str(), &st) != 0) {
-       LOG(FATAL) << "The SUID sandbox helper binary is missing: "
-                  << sandbox_binary_ << " Aborting now.";
-     }
- 
-    if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
-        (st.st_uid == 0) &&
-        (st.st_mode & S_ISUID) &&
-        (st.st_mode & S_IXOTH)) {
-+    if (access(sandbox_binary_.c_str(), X_OK) == 0) {
-+      using_suid_sandbox_ = true;
-+
-       cmd_line.PrependWrapper(sandbox_binary_);
- 
-       scoped_ptr<sandbox::SetuidSandboxClient>
-           sandbox_client(sandbox::SetuidSandboxClient::Create());
-       sandbox_client->SetupLaunchEnvironment();
-+
-+      if (!((st.st_uid == 0) &&
-+            (st.st_mode & S_ISUID) &&
-+            (st.st_mode & S_IXOTH))) {
-+        userns_sandbox = true;
-+        sandbox_client->SetNoSuid();
-+      }
-     } else {
-       LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
-                     "configured correctly. Rather than run without sandboxing "
-@@ -160,7 +166,19 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
-   base::ProcessHandle process = -1;
-   base::LaunchOptions options;
-   options.fds_to_remap = &fds_to_map;
-+  if (userns_sandbox)
-+    options.new_user_namespace = true;
-   base::LaunchProcess(cmd_line.argv(), options, &process);
-+
-+  if (process == -1 && userns_sandbox) {
-+    LOG(ERROR) << "User namespace sandbox failed to start, running without "
-+               << "sandbox! You need at least kernel 3.8.0 with CONFIG_USER_NS "
-+               << "enabled in order to use the sandbox without setuid bit.";
-+    using_suid_sandbox_ = false;
-+    options.new_user_namespace = false;
-+    base::LaunchProcess(cmd_line_unwrapped, options, &process);
-+  }
-+
-   CHECK(process != -1) << "Failed to launch zygote process";
- 
-   if (using_suid_sandbox_) {
-diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
-index 7d01722..2f445ef 100644
--- a/content/zygote/zygote_main_linux.cc
-+++ b/content/zygote/zygote_main_linux.cc
-@@ -395,6 +395,13 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
-       *has_started_new_init = true;
-     }
- 
-+    // Don't set non-dumpable, as it causes trouble when the host tries to find
-+    // the zygote process (XXX: Not quite sure why this happens with user
-+    // namespaces). Fortunately, we also have the seccomp filter sandbox which
-+    // should disallow the use of ptrace.
-+    if (setuid_sandbox->IsNoSuid())
-+      return true;
-+
- #if !defined(OS_OPENBSD)
-     // Previously, we required that the binary be non-readable. This causes the
-     // kernel to mark the process as non-dumpable at startup. The thinking was
-diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc
-index 34231d4..36e3201 100644
--- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
-+++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc
-@@ -166,6 +166,10 @@ bool SetuidSandboxClient::IsInNewNETNamespace() const {
-   return env_->HasVar(kSandboxNETNSEnvironmentVarName);
- }
- 
-+bool SetuidSandboxClient::IsNoSuid() const {
-+  return env_->HasVar(kSandboxNoSuidVarName);
-+}
-+
- bool SetuidSandboxClient::IsSandboxed() const {
-   return sandboxed_;
- }
-@@ -175,5 +179,9 @@ void SetuidSandboxClient::SetupLaunchEnvironment() {
-   SetSandboxAPIEnvironmentVariable(env_);
- }
- 
-+void SetuidSandboxClient::SetNoSuid() {
-+  env_->SetVar(kSandboxNoSuidVarName, "1");
-+}
-+
- }  // namespace sandbox
- 
-diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_client.h
-index a9f6536..2e8113a 100644
--- a/sandbox/linux/suid/client/setuid_sandbox_client.h
-+++ b/sandbox/linux/suid/client/setuid_sandbox_client.h
-@@ -39,6 +39,8 @@ class SetuidSandboxClient {
-   bool IsInNewPIDNamespace() const;
-   // Did the setuid helper create a new network namespace ?
-   bool IsInNewNETNamespace() const;
-+  // Is sandboxed without SUID binary ?
-+  bool IsNoSuid() const;
-   // Are we done and fully sandboxed ?
-   bool IsSandboxed() const;
- 
-@@ -46,6 +48,8 @@ class SetuidSandboxClient {
-   // helper.
-   void SetupLaunchEnvironment();
- 
-+  void SetNoSuid();
-+
-  private:
-   // Holds the environment. Will never be NULL.
-   base::Environment* env_;
-diff --git a/sandbox/linux/suid/common/sandbox.h b/sandbox/linux/suid/common/sandbox.h
-index aad4ff8..bd710d5 100644
--- a/sandbox/linux/suid/common/sandbox.h
-+++ b/sandbox/linux/suid/common/sandbox.h
-@@ -18,6 +18,7 @@ static const char kAdjustLowMemMarginSwitch[] = "--adjust-low-mem";
- 
- static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
- static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID";
-+static const char kSandboxNoSuidVarName[] = "SBX_NO_SUID";
- 
- static const long kSUIDSandboxApiNumber = 1;
- static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ";