diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /security/sandbox/chromium/base/posix/can_lower_nice_to.cc | |
parent | Initial commit. (diff) | |
download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/sandbox/chromium/base/posix/can_lower_nice_to.cc')
-rw-r--r-- | security/sandbox/chromium/base/posix/can_lower_nice_to.cc | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/security/sandbox/chromium/base/posix/can_lower_nice_to.cc b/security/sandbox/chromium/base/posix/can_lower_nice_to.cc new file mode 100644 index 0000000000..b1686dcae1 --- /dev/null +++ b/security/sandbox/chromium/base/posix/can_lower_nice_to.cc @@ -0,0 +1,60 @@ +// Copyright 2018 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/posix/can_lower_nice_to.h" + +#include <limits.h> +#include <sys/resource.h> +#include <sys/types.h> +#include <unistd.h> + +#include "build/build_config.h" + +// Not defined on AIX by default. +#if defined(OS_AIX) +#if defined(RLIMIT_NICE) +#error Assumption about OS_AIX is incorrect +#endif +#define RLIMIT_NICE 20 +#endif + +namespace base { +namespace internal { + +bool CanLowerNiceTo(int nice_value) { + // On a POSIX system, the nice value of a thread can be lowered 1. by the root + // user, 2. by a user with the CAP_SYS_NICE permission or 3. by any user if + // the target value is within the range allowed by RLIMIT_NICE. + + // 1. Check for root user. + if (geteuid() == 0) + return true; + + // 2. Skip checking the CAP_SYS_NICE permission because it would require + // libcap.so. + + // 3. Check whether the target value is within the range allowed by + // RLIMIT_NICE. + // + // NZERO should be defined in <limits.h> per POSIX, and should be at least 20. + // (NZERO-1) is the highest possible niceness value (i.e. lowest priority). + // Most platforms use NZERO=20. + // + // RLIMIT_NICE tells us how much we can reduce niceness (increase priority) if + // we start at NZERO. For example, if NZERO is 20 and the rlimit is 30, we can + // lower niceness anywhere within the [-10, 19] range (20 - 30 = -10). + // + // So, we are allowed to reduce niceness to a minimum of NZERO - rlimit: + struct rlimit rlim; + if (getrlimit(RLIMIT_NICE, &rlim) != 0) + return false; + const int lowest_nice_allowed = NZERO - static_cast<int>(rlim.rlim_cur); + + // And lowering niceness to |nice_value| is allowed if it is greater than or + // equal to the limit: + return nice_value >= lowest_nice_allowed; +} + +} // namespace internal +} // namespace base |