root/content/public/common/sandbox_linux.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_
#define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_

namespace content {

// These form a bitmask which describes the conditions of the Linux sandbox.
// Note: this doesn't strictly give you the current status, it states
// what will be enabled when the relevant processes are initialized.
enum LinuxSandboxStatus {
  // SUID sandbox active.
  kSandboxLinuxSUID = 1 << 0,

  // SUID sandbox is using the PID namespace.
  kSandboxLinuxPIDNS = 1 << 1,

  // SUID sandbox is using the network namespace.
  kSandboxLinuxNetNS = 1 << 2,

  // seccomp-bpf sandbox active.
  kSandboxLinuxSeccompBPF = 1 << 3,

  // The Yama LSM module is present and enforcing.
  kSandboxLinuxYama = 1 << 4,

  // A flag that denotes an invalid sandbox status.
  kSandboxLinuxInvalid = 1 << 31,
};

}  // namespace content

#endif  // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_

/* [<][>][^][v][top][bottom][index][help] */