bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 05:43:41 +00:00
Code Issues Releases Wiki Activity

[BEEEP] Use tracing in process_isolation (#16762)

Browse Source
This commit is contained in:
neuronull
2025-10-16 15:07:28 -07:00
committed by GitHub
parent 9afaa6efc0
commit 7cd9832034
3 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/desktop/desktop_native/core/src/process_isolation/linux.rs
View File

@@ -2,6 +2,7 @@ use anyhow::Result;
#[cfg(target_env = "gnu")] #[cfg(target_env = "gnu")]
use libc::c_uint; use libc::c_uint;
use libc::{self, c_int}; use libc::{self, c_int};
use tracing::info;
// RLIMIT_CORE is the maximum size of a core dump file. Setting both to 0 disables core dumps, on crashes // RLIMIT_CORE is the maximum size of a core dump file. Setting both to 0 disables core dumps, on crashes
// https://github.com/torvalds/linux/blob/1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0/include/uapi/asm-generic/resource.h#L20 // https://github.com/torvalds/linux/blob/1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0/include/uapi/asm-generic/resource.h#L20
@@ -20,7 +21,7 @@ pub fn disable_coredumps() -> Result<()> {
rlim_cur: 0, rlim_cur: 0,
rlim_max: 0, rlim_max: 0,
}; };
println!("[Process Isolation] Disabling core dumps via setrlimit"); info!("Disabling core dumps via setrlimit.");
if unsafe { libc::setrlimit(RLIMIT_CORE, &rlimit) } != 0 { if unsafe { libc::setrlimit(RLIMIT_CORE, &rlimit) } != 0 {
let e = std::io::Error::last_os_error(); let e = std::io::Error::last_os_error();
@@ -48,9 +49,9 @@ pub fn is_core_dumping_disabled() -> Result<bool> {
pub fn isolate_process() -> Result<()> { pub fn isolate_process() -> Result<()> {
let pid = std::process::id(); let pid = std::process::id();
println!( info!(
"[Process Isolation] Disabling ptrace and memory access for main ({}) via PR_SET_DUMPABLE", pid,
pid "Disabling ptrace and memory access for main via PR_SET_DUMPABLE."
); );
if unsafe { libc::prctl(PR_SET_DUMPABLE, 0) } != 0 { if unsafe { libc::prctl(PR_SET_DUMPABLE, 0) } != 0 {

6
apps/desktop/desktop_native/core/src/process_isolation/macos.rs
View File

@@ -1,4 +1,5 @@
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use tracing::info;
pub fn disable_coredumps() -> Result<()> { pub fn disable_coredumps() -> Result<()> {
bail!("Not implemented on Mac") bail!("Not implemented on Mac")
@@ -10,10 +11,7 @@ pub fn is_core_dumping_disabled() -> Result<bool> {
pub fn isolate_process() -> Result<()> { pub fn isolate_process() -> Result<()> {
let pid: u32 = std::process::id(); let pid: u32 = std::process::id();
println!( info!(pid, "Disabling ptrace on main process via PT_DENY_ATTACH.");
"[Process Isolation] Disabling ptrace on main process ({}) via PT_DENY_ATTACH",
pid
);
secmem_proc::harden_process().map_err(|e| { secmem_proc::harden_process().map_err(|e| {
anyhow::anyhow!( anyhow::anyhow!(

6
apps/desktop/desktop_native/core/src/process_isolation/windows.rs
View File

@@ -1,4 +1,5 @@
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use tracing::info;
pub fn disable_coredumps() -> Result<()> { pub fn disable_coredumps() -> Result<()> {
bail!("Not implemented on Windows") bail!("Not implemented on Windows")
@@ -10,10 +11,7 @@ pub fn is_core_dumping_disabled() -> Result<bool> {
pub fn isolate_process() -> Result<()> { pub fn isolate_process() -> Result<()> {
let pid: u32 = std::process::id(); let pid: u32 = std::process::id();
println!( info!(pid, "Isolating main process via DACL.");
"[Process Isolation] Isolating main process via DACL {}",
pid
);
secmem_proc::harden_process().map_err(|e| { secmem_proc::harden_process().map_err(|e| {
anyhow::anyhow!( anyhow::anyhow!(