In the Native Client source tree, the code is split into "trusted" and
"untrusted" directories, with an additional "shared" directory for
code that is used in both contexts.
It would be good to do something similar for the seccomp sandbox. It
would make the code easier to review.
Ideally, each of the files that handles specific syscalls (mmap.cc,
open.cc, exit.cc, etc.) would be split into two files, to separate the
sandbox_*() and process_*() functions.
When I was first getting familiar with the codebase, I found that
having sandbox_*() and process_*() in the same file made the codebase
harder to navigate by grepping, because it is not immediately obvious
whether a symbol is referred to from trusted or untrusted code.
Original issue reported on code.google.com by mseaborn@chromium.org on 21 Oct 2010 at 10:02
Original issue reported on code.google.com by
mseaborn@chromium.orgon 21 Oct 2010 at 10:02