/[path-sandbox]/trunk/sandbox.c
Gentoo

Contents of /trunk/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2 - (show annotations) (download) (as text)
Fri Nov 19 22:03:42 2004 UTC (9 years, 8 months ago) by ferringb
File MIME type: text/x-csrc
File size: 21028 byte(s)
Initial revision

1 /*
2 ** Path sandbox for the gentoo linux portage package system, initially
3 ** based on the ROCK Linux Wrapper for getting a list of created files
4 **
5 ** to integrate with bash, bash should have been built like this
6 **
7 ** ./configure --prefix=<prefix> --host=<host> --without-gnu-malloc
8 **
9 ** it's very important that the --enable-static-link option is NOT specified
10 **
11 ** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
12 ** Distributed under the terms of the GNU General Public License, v2 or later
13 ** Author : Geert Bevin <gbevin@uwyn.com>
14 ** $Header$
15 */
16
17 /* #define _GNU_SOURCE */
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <signal.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <limits.h>
25 #include <string.h>
26 #include <sys/file.h>
27 #include <sys/stat.h>
28 #include <sys/time.h>
29 #include <sys/types.h>
30 #include <sys/resource.h>
31 #include <sys/wait.h>
32 #include <unistd.h>
33 #include <fcntl.h>
34 #include "sandbox.h"
35
36 int preload_adaptable = 1;
37 int cleaned_up = 0;
38 int print_debug = 0;
39 int stop_called = 0;
40
41 /* Read pids file, and load active pids into an array. Return number of pids in array */
42 int
43 load_active_pids(int fd, int **pids)
44 {
45 char *data = NULL;
46 char *ptr = NULL, *ptr2 = NULL;
47 int my_pid;
48 int num_pids = 0;
49 long len;
50
51 pids[0] = NULL;
52
53 len = file_length(fd);
54
55 /* Allocate and zero datablock to read pids file */
56 data = (char *) malloc((len + 1) * sizeof (char));
57 memset(data, 0, len + 1);
58
59 /* Start at beginning of file */
60 lseek(fd, 0L, SEEK_SET);
61
62 /* read entire file into a buffer */
63 read(fd, data, len);
64
65 ptr = data;
66
67 /* Loop and read all pids */
68 while (1) {
69 /* Find new line */
70 ptr2 = strchr(ptr, '\n');
71 if (ptr2 == NULL)
72 break; /* No more PIDs */
73
74 /* Clear the \n. And ptr should have a null-terminated decimal string */
75 ptr2[0] = 0;
76
77 my_pid = atoi(ptr);
78
79 /* If the PID is still alive, add it to our array */
80 if ((0 != my_pid) && (0 == kill(my_pid, 0))) {
81 pids[0] = (int *) realloc(pids[0], (num_pids + 1) * sizeof (int));
82 pids[0][num_pids] = my_pid;
83 num_pids++;
84 }
85
86 /* Put ptr past the NULL we just wrote */
87 ptr = ptr2 + 1;
88 }
89
90 if (data)
91 free(data);
92 data = NULL;
93
94 return num_pids;
95 }
96
97 /* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */
98 int
99 load_preload_libs(int fd, char ***preloads)
100 {
101 char *data = NULL;
102 char *ptr = NULL, *ptr2 = NULL;
103 int num_entries = 0;
104 long len;
105
106 preloads[0] = NULL;
107
108 len = file_length(fd);
109
110 /* Allocate and zero datablock to read pids file */
111 data = (char *) malloc((len + 1) * sizeof (char));
112 memset(data, 0, len + 1);
113
114 /* Start at beginning of file */
115 lseek(fd, 0L, SEEK_SET);
116
117 /* read entire file into a buffer */
118 read(fd, data, len);
119
120 ptr = data;
121
122 /* Loop and read all pids */
123 while (1) {
124 /* Find new line */
125 ptr2 = strchr(ptr, '\n');
126
127 /* Clear the \n. And ptr should have a null-terminated decimal string
128 * Don't break from the loop though because the last line may not
129 * terminated with a \n
130 */
131 if (NULL != ptr2)
132 ptr2[0] = 0;
133
134 /* If listing does not match our libname, add it to the array */
135 if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) {
136 preloads[0] =
137 (char **) realloc(preloads[0], (num_entries + 1) * sizeof (char **));
138 preloads[0][num_entries] = strdup(ptr);
139 num_entries++;
140 }
141
142 if (NULL == ptr2)
143 break; /* No more PIDs */
144
145 /* Put ptr past the NULL we just wrote */
146 ptr = ptr2 + 1;
147 }
148
149 if (data)
150 free(data);
151 data = NULL;
152
153 return num_entries;
154 }
155
156 void
157 cleanup()
158 {
159 int i = 0;
160 int success = 1;
161 int pids_file = -1, num_of_pids = 0;
162 int *pids_array = NULL;
163 char pid_string[255];
164 char *sandbox_pids_file;
165 #ifdef USE_LD_SO_PRELOAD
166 int preload_file = -1, num_of_preloads = 0;
167 char preload_entry[255];
168 char **preload_array = NULL;
169 #endif
170
171 /* Generate sandbox pids-file path */
172 sandbox_pids_file = get_sandbox_pids_file();
173
174 /* Remove this sandbox's bash pid from the global pids
175 * file if it has rights to adapt the ld.so.preload file */
176 if ((1 == preload_adaptable) && (0 == cleaned_up)) {
177 cleaned_up = 1;
178 success = 1;
179
180 if (print_debug)
181 printf("Cleaning up pids file.\n");
182
183 /* Stat the PIDs file, make sure it exists and is a regular file */
184 if (file_exist(sandbox_pids_file, 1) <= 0) {
185 fprintf(stderr, ">>> pids file is not a regular file");
186 success = 0;
187 /* We should really not fail if the pidsfile is missing here, but
188 * rather just exit cleanly, as there is still some cleanup to do */
189 return;
190 }
191
192 pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
193 if (-1 == pids_file) {
194 success = 0;
195 /* Nothing more to do here */
196 return;
197 }
198
199 /* Load "still active" pids into an array */
200 num_of_pids = load_active_pids(pids_file, &pids_array);
201 //printf("pids: %d\r\n", num_of_pids);
202
203 #ifdef USE_LD_SO_PRELOAD
204 /* clean the /etc/ld.so.preload file if no other sandbox
205 * processes are running anymore */
206 if (1 == num_of_pids) {
207 success = 1;
208
209 if (print_debug)
210 printf("Cleaning up /etc/ld.so.preload.\n");
211
212 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
213 if (-1 != preload_file) {
214 /* Load all the preload libraries into an array */
215 num_of_preloads = load_preload_libs(preload_file, &preload_array);
216 //printf("num preloads: %d\r\n", num_of_preloads);
217 /* Clear file */
218 file_truncate(preload_file);
219
220 /* store the other preload libraries back into the /etc/ld.so.preload file */
221 if (num_of_preloads > 0) {
222 for (i = 0; i < num_of_preloads; i++) {
223 sprintf(preload_entry, "%s\n", preload_array[i]);
224 if (write
225 (preload_file,
226 preload_entry,
227 strlen(preload_entry)) != strlen(preload_entry)) {
228 perror(">>> /etc/ld.so.preload file write");
229 success = 0;
230 break;
231 }
232 }
233 }
234
235 /* Free memory used to store preload array */
236 for (i = 0; i < num_of_preloads; i++) {
237 if (preload_array[i])
238 free(preload_array[i]);
239 preload_array[i] = NULL;
240 }
241 if (preload_array)
242 free(preload_array);
243 preload_array = NULL;
244
245 file_close(preload_file);
246 preload_file = -1;
247 }
248 }
249 #endif
250
251 file_truncate(pids_file);
252
253 /* if pids are still running, write only the running pids back to the file */
254 if (num_of_pids > 1) {
255 for (i = 0; i < num_of_pids; i++) {
256 if (pids_array[i] != getpid()) {
257 sprintf(pid_string, "%d\n", pids_array[i]);
258
259 if (write(pids_file, pid_string, strlen(pid_string)) !=
260 strlen(pid_string)) {
261 perror(">>> pids file write");
262 success = 0;
263 break;
264 }
265 }
266 }
267
268 file_close(pids_file);
269 pids_file = -1;
270 } else {
271
272 file_close(pids_file);
273 pids_file = -1;
274
275 /* remove the pidsfile, as this was the last sandbox */
276 unlink(sandbox_pids_file);
277 }
278
279 if (pids_array != NULL)
280 free(pids_array);
281 pids_array = NULL;
282 }
283
284 free(sandbox_pids_file);
285 if (0 == success)
286 return;
287 }
288
289 void
290 stop(int signum)
291 {
292 if (stop_called == 0) {
293 stop_called = 1;
294 printf("Caught signal %d in pid %d\r\n", signum, getpid());
295 cleanup();
296 } else {
297 fprintf(stderr, "Pid %d alreadly caught signal and is still cleaning up\n", getpid());
298 }
299 }
300
301 void
302 setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir,
303 char *tmp_dir)
304 {
305 char buf[1024];
306
307 /* bzero out entire buffer then append trailing 0 */
308 memset(buf, 0, sizeof(buf));
309
310 if (!getenv(ENV_SANDBOX_WRITE)) {
311 /* these could go into make.globals later on */
312 snprintf(buf, sizeof(buf),
313 "%s:%s/.gconfd/lock:%s/.bash_history:", \
314 "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:" \
315 "/dev/vc/:/dev/tty:/tmp/:" \
316 "/dev/shm/ngpt:/var/log/scrollkeeper.log:" \
317 "/usr/tmp/conftest:/usr/lib/conftest:" \
318 "/usr/lib32/conftest:/usr/lib64/conftest:" \
319 "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf",
320 home_dir, home_dir);
321
322 if (NULL == portage_tmp_dir) {
323 strncat(buf, tmp_dir, sizeof(buf));
324 strncat(buf, ":", sizeof(buf));
325 strncat(buf, var_tmp_dir, sizeof(buf));
326 strncat(buf, ":/tmp/:/var/tmp/", sizeof(buf));
327 } else {
328 strncat(buf, portage_tmp_dir, sizeof(buf));
329 strncat(buf, ":", sizeof(buf));
330 strncat(buf, tmp_dir, sizeof(buf));
331 strncat(buf, ":", sizeof(buf));
332 strncat(buf, var_tmp_dir, sizeof(buf));
333 strncat(buf, ":/tmp/:/var/tmp/", sizeof(buf));
334 }
335 buf[sizeof(buf) - 1] = '\0';
336 setenv(ENV_SANDBOX_WRITE, buf, 1);
337 }
338 }
339
340 void
341 setenv_sandbox_predict(char *home_dir)
342 {
343 char buf[1024];
344
345 memset(buf, 0, sizeof(buf));
346
347 if (!getenv(ENV_SANDBOX_PREDICT)) {
348 /* these should go into make.globals later on */
349 snprintf(buf, sizeof(buf), "%s/.:" \
350 "/usr/lib/python2.0/:" \
351 "/usr/lib/python2.1/:" \
352 "/usr/lib/python2.2/:" \
353 "/usr/lib/python2.3/:" \
354 "/usr/lib/python2.4/:" \
355 "/usr/lib/python2.5/:" \
356 "/usr/lib/python3.0/:",
357 home_dir);
358
359 buf[sizeof(buf) - 1] = '\0';
360 setenv(ENV_SANDBOX_PREDICT, buf, 1);
361 }
362 }
363
364 int
365 print_sandbox_log(char *sandbox_log)
366 {
367 int sandbox_log_file = -1;
368 char *beep_count_env = NULL;
369 int i, color, beep_count = 0;
370 long len = 0;
371 char *buffer = NULL;
372
373 sandbox_log_file = file_open(sandbox_log, "r", 1, 0664, "portage");
374 if (-1 == sandbox_log_file)
375 return 0;
376
377 len = file_length(sandbox_log_file);
378 buffer = (char *) malloc((len + 1) * sizeof (char));
379 memset(buffer, 0, len + 1);
380 read(sandbox_log_file, buffer, len);
381 file_close(sandbox_log_file);
382
383 color = ( (getenv("NOCOLOR") != NULL) ? 0 : 1);
384
385 if (color) printf("\e[31;01m");
386 printf("--------------------------- ACCESS VIOLATION SUMMARY ---------------------------");
387 if (color) printf("\033[0m");
388 if (color) printf("\e[31;01m");
389 printf("\nLOG FILE = \"%s\"", sandbox_log);
390 if (color) printf("\033[0m");
391 printf("\n\n");
392 printf("%s", buffer);
393 if (buffer)
394 free(buffer);
395 buffer = NULL;
396 printf
397 ("\e[31;01m--------------------------------------------------------------------------------\033[0m\n");
398
399 beep_count_env = getenv(ENV_SANDBOX_BEEP);
400 if (beep_count_env)
401 beep_count = atoi(beep_count_env);
402 else
403 beep_count = DEFAULT_BEEP_COUNT;
404
405 for (i = 0; i < beep_count; i++) {
406 fputc('\a', stderr);
407 if (i < beep_count - 1)
408 sleep(1);
409 }
410 return 1;
411 }
412
413 int
414 spawn_shell(char *argv_bash[])
415 {
416 #ifdef USE_SYSTEM_SHELL
417 int i = 0;
418 char *sh = NULL;
419 int first = 1;
420 int ret;
421 long len = 0;
422
423 while (1) {
424 if (NULL == argv_bash[i])
425 break;
426 if (NULL != sh)
427 len = strlen(sh);
428 sh = (char *) realloc(sh, len + strlen(argv_bash[i]) + 5);
429 if (first) {
430 sh[0] = 0;
431 first = 0;
432 }
433 strcat(sh, "\"");
434 strcat(sh, argv_bash[i]);
435 strcat(sh, "\" ");
436
437 //printf("%s\n", argv_bash[i]);
438 i++;
439 }
440 printf("%s\n", sh);
441 ret = system(sh);
442 if (sh)
443 free(sh);
444 sh = NULL;
445
446 if (-1 == ret)
447 return 0;
448 return 1;
449
450 #else
451 # ifndef NO_FORK
452 int pid;
453 int status = 0;
454 int ret = 0;
455
456 pid = fork();
457
458 /* Child's process */
459 if (0 == pid) {
460 # endif
461 execv(argv_bash[0], argv_bash);
462 # ifndef NO_FORK
463 return 0;
464 } else if (pid < 0) {
465 return 0;
466 }
467 ret = waitpid(pid, &status, 0);
468 if ((-1 == ret) || (status > 0))
469 return 0;
470 # endif
471 return 1;
472 #endif
473 }
474
475 int
476 main(int argc, char **argv)
477 {
478 int i = 0, success = 1;
479 #ifdef USE_LD_SO_PRELOAD
480 int preload_file = -1;
481 #endif
482 int sandbox_log_presence = 0;
483 int sandbox_log_file = -1;
484 int pids_file = -1;
485 long len;
486
487 int *pids_array = NULL;
488 int num_of_pids = 0;
489
490 // char run_arg[255];
491 char portage_tmp_dir[PATH_MAX];
492 char var_tmp_dir[PATH_MAX];
493 char tmp_dir[PATH_MAX];
494 char sandbox_log[255];
495 char sandbox_debug_log[255];
496 char sandbox_dir[255];
497 char sandbox_lib[255];
498 char *sandbox_pids_file;
499 char sandbox_rc[255];
500 char pid_string[255];
501 char **argv_bash = NULL;
502
503 char *run_str = "-c";
504 char *home_dir = NULL;
505 char *tmp_string = NULL;
506 #ifdef USE_LD_SO_PRELOAD
507 char **preload_array = NULL;
508 int num_of_preloads = 0;
509 #endif
510
511 /* Only print info if called with no arguments .... */
512 if (argc < 2)
513 print_debug = 1;
514
515 if (print_debug)
516 printf
517 ("========================== Gentoo linux path sandbox ===========================\n");
518
519 /* check if a sandbox is already running */
520 if (NULL != getenv(ENV_SANDBOX_ON)) {
521 fprintf(stderr,
522 "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n");
523 exit(1);
524 } else {
525
526 /* determine the location of all the sandbox support files */
527 if (print_debug)
528 printf("Detection of the support files.\n");
529
530 /* Generate base sandbox path */
531 tmp_string = get_sandbox_path(argv[0]);
532 strncpy(sandbox_dir, tmp_string, 254);
533 if (tmp_string)
534 free(tmp_string);
535 tmp_string = NULL;
536 strcat(sandbox_dir, "/");
537
538 /* Generate sandbox lib path */
539 tmp_string = get_sandbox_lib(sandbox_dir);
540 strncpy(sandbox_lib, tmp_string, 254);
541 if (tmp_string)
542 free(tmp_string);
543 tmp_string = NULL;
544
545 /* Generate sandbox pids-file path */
546 sandbox_pids_file = get_sandbox_pids_file();
547
548 /* Generate sandbox bashrc path */
549 tmp_string = get_sandbox_rc(sandbox_dir);
550 strncpy(sandbox_rc, tmp_string, 254);
551 if (tmp_string)
552 free(tmp_string);
553 tmp_string = NULL;
554
555 /* verify the existance of required files */
556 if (print_debug)
557 printf("Verification of the required files.\n");
558
559 #ifndef SB_HAVE_64BIT_ARCH
560 if (file_exist(sandbox_lib, 0) <= 0) {
561 fprintf(stderr, "Could not open the sandbox library at '%s'.\n",
562 sandbox_lib);
563 return -1;
564 }
565 #endif
566 if (file_exist(sandbox_rc, 0) <= 0) {
567 fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n",
568 sandbox_rc);
569 return -1;
570 }
571 #ifdef USE_LD_SO_PRELOAD
572 /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */
573 if (print_debug)
574 printf("Setting up the ld.so.preload file.\n");
575
576 /* check if the /etc/ld.so.preload is a regular file */
577 if (file_exist("/etc/ld.so.preload", 1) < 0) {
578 fprintf(stderr, ">>> /etc/ld.so.preload file is not a regular file\n");
579 exit(1);
580 }
581
582 if (getuid() == 0) {
583 /* Our r+ also will create the file if it doesn't exist */
584 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
585 if (-1 == preload_file) {
586 preload_adaptable = 0;
587 /* exit(1);*/
588 }
589 } else {
590 /* Avoid permissions warnings if we're not root */
591 preload_adaptable = 0;
592 }
593
594 /* Only update /etc/ld.so.preload if we can write to it ... */
595 if (1 == preload_adaptable) {
596 /* Load entries of preload table */
597 num_of_preloads = load_preload_libs(preload_file, &preload_array);
598
599 /* Zero out our ld.so.preload file */
600 file_truncate(preload_file);
601
602 /* Write contents of preload file */
603 for (i = 0; i < num_of_preloads + 1; i++) {
604 /* First entry should be our sandbox library */
605 if (0 == i) {
606 if (write
607 (preload_file, sandbox_lib,
608 strlen(sandbox_lib)) != strlen(sandbox_lib)) {
609 perror(">>> /etc/ld.so.preload file write");
610 success = 0;
611 break;
612 }
613 } else {
614 /* Output all other preload entries */
615 if (write
616 (preload_file, preload_array[i - 1],
617 strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {
618 perror(">>> /etc/ld.so.preload file write");
619 success = 0;
620 break;
621 }
622 }
623 /* Don't forget the return character after each line! */
624 if (1 != write(preload_file, "\n", 1)) {
625 perror(">>> /etc/ld.so.preload file write");
626 success = 0;
627 break;
628 }
629 }
630
631 for (i = 0; i < num_of_preloads; i++) {
632 if (preload_array[i])
633 free(preload_array[i]);
634 preload_array[i] = NULL;
635 }
636 if (preload_array)
637 free(preload_array);
638 num_of_preloads = 0;
639 preload_array = NULL;
640 }
641
642 /* That's all we needed to do with the preload file */
643 if (0 < preload_file)
644 file_close(preload_file);
645 preload_file = -1;
646 #endif
647
648 /* set up the required environment variables */
649 if (print_debug)
650 printf("Setting up the required environment variables.\n");
651
652 /* Generate sandbox log full path */
653 tmp_string = get_sandbox_log();
654 strncpy(sandbox_log, tmp_string, 254);
655 if (tmp_string)
656 free(tmp_string);
657 tmp_string = NULL;
658
659 setenv(ENV_SANDBOX_LOG, sandbox_log, 1);
660
661 snprintf(sandbox_debug_log, sizeof(sandbox_debug_log), "%s%s%s",
662 DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT);
663 setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1);
664
665 home_dir = getenv("HOME");
666 if (!home_dir) {
667 home_dir = "/tmp";
668 setenv("HOME", home_dir, 1);
669 }
670
671 /* drobbins: we need to expand these paths using realpath() so that PORTAGE_TMPDIR
672 * can contain symlinks (example, /var is a symlink, /var/tmp is a symlink.) Without
673 * this, access is denied to /var/tmp, hurtin' ebuilds.
674 */
675
676 { char *e;
677 e = getenv("PORTAGE_TMPDIR");
678 if ( e && ( strlen(e) < sizeof(portage_tmp_dir)-1 ) && (strlen(e) > 1) )
679 realpath(e, portage_tmp_dir);
680
681 }
682 realpath("/var/tmp", var_tmp_dir);
683 realpath("/tmp", tmp_dir);
684
685 setenv(ENV_SANDBOX_DIR, sandbox_dir, 1);
686 setenv(ENV_SANDBOX_LIB, sandbox_lib, 1);
687 setenv("LD_PRELOAD", sandbox_lib, 1);
688
689 if (!getenv(ENV_SANDBOX_DENY))
690 setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1);
691
692 if (!getenv(ENV_SANDBOX_READ))
693 setenv(ENV_SANDBOX_READ, "/", 1);
694
695 /* Set up Sandbox Write path */
696 setenv_sandbox_write(home_dir, portage_tmp_dir, var_tmp_dir, tmp_dir);
697 setenv_sandbox_predict(home_dir);
698
699 setenv(ENV_SANDBOX_ON, "1", 0);
700
701 /* if the portage temp dir was present, cd into it */
702 if (NULL != portage_tmp_dir)
703 chdir(portage_tmp_dir);
704
705 argv_bash = (char **) malloc(6 * sizeof (char *));
706 argv_bash[0] = strdup("/bin/bash");
707 argv_bash[1] = strdup("-rcfile");
708 argv_bash[2] = strdup(sandbox_rc);
709
710 if (argc < 2)
711 argv_bash[3] = NULL;
712 else
713 argv_bash[3] = strdup(run_str); /* "-c" */
714
715 argv_bash[4] = NULL; /* strdup(run_arg); */
716 argv_bash[5] = NULL;
717
718 if (argc >= 2) {
719 for (i = 1; i < argc; i++) {
720 if (NULL == argv_bash[4])
721 len = 0;
722 else
723 len = strlen(argv_bash[4]);
724
725 argv_bash[4] =
726 (char *) realloc(argv_bash[4],
727 (len + strlen(argv[i]) + 2) * sizeof (char));
728
729 if (0 == len)
730 argv_bash[4][0] = 0;
731 if (1 != i)
732 strcat(argv_bash[4], " ");
733
734 strcat(argv_bash[4], argv[i]);
735 }
736 }
737
738 /* set up the required signal handlers */
739 signal(SIGHUP, &stop);
740 signal(SIGINT, &stop);
741 signal(SIGQUIT, &stop);
742 signal(SIGTERM, &stop);
743
744 /* this one should NEVER be set in ebuilds, as it is the one
745 * private thing libsandbox.so use to test if the sandbox
746 * should be active for this pid, or not.
747 *
748 * azarah (3 Aug 2002)
749 */
750
751 setenv("SANDBOX_ACTIVE", "armedandready", 1);
752
753 /* Load our PID into PIDs file */
754 success = 1;
755 if (file_exist(sandbox_pids_file, 1) < 0) {
756 success = 0;
757 fprintf(stderr, ">>> %s is not a regular file\n", sandbox_pids_file);
758 } else {
759 pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
760 if (-1 == pids_file)
761 success = 0;
762 }
763 if (1 == success) {
764 /* Grab still active pids */
765 num_of_pids = load_active_pids(pids_file, &pids_array);
766
767 /* Zero out file */
768 file_truncate(pids_file);
769
770 /* Output active pids, and append our pid */
771 for (i = 0; i < num_of_pids + 1; i++) {
772 /* Time for our entry */
773 if (i == num_of_pids)
774 sprintf(pid_string, "%d\n", getpid());
775 else
776 sprintf(pid_string, "%d\n", pids_array[i]);
777
778 if (write(pids_file, pid_string, strlen(pid_string)) !=
779 strlen(pid_string)) {
780 perror(">>> pids file write");
781 success = 0;
782 break;
783 }
784 }
785 /* Clean pids_array */
786 if (pids_array)
787 free(pids_array);
788 pids_array = NULL;
789 num_of_pids = 0;
790
791 /* We're done with the pids file */
792 file_close(pids_file);
793 }
794
795 /* Something went wrong, bail out */
796 if (0 == success) {
797 perror(">>> pids file write");
798 exit(1);
799 }
800
801 /* STARTING PROTECTED ENVIRONMENT */
802 if (print_debug) {
803 printf("The protected environment has been started.\n");
804 printf
805 ("--------------------------------------------------------------------------------\n");
806 }
807
808 if (print_debug)
809 printf("Shell being started in forked process.\n");
810
811 /* Start Bash */
812 if (!spawn_shell(argv_bash)) {
813 if (print_debug)
814 fprintf(stderr, ">>> shell process failed to spawn\n");
815 success = 0;
816 }
817
818 /* Free bash stuff */
819 for (i = 0; i < 6; i++) {
820 if (argv_bash[i])
821 free(argv_bash[i]);
822 argv_bash[i] = NULL;
823 }
824 if (argv_bash)
825 free(argv_bash);
826 argv_bash = NULL;
827
828 if (print_debug)
829 printf("Cleaning up sandbox process\n");
830
831 cleanup();
832
833 if (print_debug) {
834 printf
835 ("========================== Gentoo linux path sandbox ===========================\n");
836 printf("The protected environment has been shut down.\n");
837 }
838
839 if (file_exist(sandbox_log, 0)) {
840 sandbox_log_presence = 1;
841 success = 1;
842 if (!print_sandbox_log(sandbox_log))
843 success = 0;
844
845 #if 0
846 if (!success)
847 exit(1);
848 #endif
849
850 sandbox_log_file = -1;
851 } else if (print_debug) {
852 printf
853 ("--------------------------------------------------------------------------------\n");
854 }
855
856 if ((sandbox_log_presence) || (!success))
857 return 1;
858 else
859 return 0;
860 }
861 }
862
863 // vim:expandtab noai:cindent ai

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20