1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 6#define CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 7 8namespace content { 9 10// These form a bitmask which describes the conditions of the Linux sandbox. 11// Note: this doesn't strictly give you the current status, it states 12// what will be enabled when the relevant processes are initialized. 13enum LinuxSandboxStatus { 14 // SUID sandbox active. 15 kSandboxLinuxSUID = 1 << 0, 16 17 // SUID sandbox is using the PID namespace. 18 kSandboxLinuxPIDNS = 1 << 1, 19 20 // SUID sandbox is using the network namespace. 21 kSandboxLinuxNetNS = 1 << 2, 22 23 // seccomp-bpf sandbox active. 24 kSandboxLinuxSeccompBPF = 1 << 3, 25 26 // The Yama LSM module is present and enforcing. 27 kSandboxLinuxYama = 1 << 4, 28 29 // A flag that denotes an invalid sandbox status. 30 kSandboxLinuxInvalid = 1 << 31, 31}; 32 33} // namespace content 34 35#endif // CONTENT_PUBLIC_COMMON_SANDBOX_LINUX_H_ 36