/[path-sandbox]/trunk/sandbox.c
Gentoo

Contents of /trunk/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 34 - (show annotations) (download) (as text)
Wed Mar 9 07:39:50 2005 UTC (9 years, 6 months ago) by ferringb
File MIME type: text/x-csrc
File size: 20848 byte(s)
happy output time.
missing new line.

1 /*
2 ** Path sandbox for the gentoo linux portage package system, initially
3 ** based on the ROCK Linux Wrapper for getting a list of created files
4 **
5 ** to integrate with bash, bash should have been built like this
6 **
7 ** ./configure --prefix=<prefix> --host=<host> --without-gnu-malloc
8 **
9 ** it's very important that the --enable-static-link option is NOT specified
10 **
11 ** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
12 ** Distributed under the terms of the GNU General Public License, v2 or later
13 ** Author : Geert Bevin <gbevin@uwyn.com>
14 ** $Header$
15 */
16
17 /* #define _GNU_SOURCE */
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <signal.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <limits.h>
25 #include <string.h>
26 #include <sys/file.h>
27 #include <sys/stat.h>
28 #include <sys/time.h>
29 #include <sys/types.h>
30 #include <sys/resource.h>
31 #include <sys/wait.h>
32 #include <unistd.h>
33 #include <fcntl.h>
34 #include "sandbox.h"
35
36 int preload_adaptable = 1;
37 int cleaned_up = 0;
38 int print_debug = 0;
39 int stop_called = 0;
40
41 /* Read pids file, and load active pids into an array. Return number of pids in array */
42 int load_active_pids(int fd, int **pids)
43 {
44 char *data = NULL;
45 char *ptr = NULL, *ptr2 = NULL;
46 int my_pid;
47 int num_pids = 0;
48 long len;
49
50 pids[0] = NULL;
51
52 len = file_length(fd);
53
54 /* Allocate and zero datablock to read pids file */
55 data = (char *)malloc((len + 1) * sizeof(char));
56 memset(data, 0, len + 1);
57
58 /* Start at beginning of file */
59 lseek(fd, 0L, SEEK_SET);
60
61 /* read entire file into a buffer */
62 read(fd, data, len);
63
64 ptr = data;
65
66 /* Loop and read all pids */
67 while (1) {
68 /* Find new line */
69 ptr2 = strchr(ptr, '\n');
70 if (ptr2 == NULL)
71 break; /* No more PIDs */
72
73 /* Clear the \n. And ptr should have a null-terminated decimal string */
74 ptr2[0] = 0;
75
76 my_pid = atoi(ptr);
77
78 /* If the PID is still alive, add it to our array */
79 if ((0 != my_pid) && (0 == kill(my_pid, 0))) {
80 pids[0] = (int *)realloc(pids[0], (num_pids + 1) * sizeof(int));
81 pids[0][num_pids] = my_pid;
82 num_pids++;
83 }
84
85 /* Put ptr past the NULL we just wrote */
86 ptr = ptr2 + 1;
87 }
88
89 if (data)
90 free(data);
91 data = NULL;
92
93 return num_pids;
94 }
95
96 /* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */
97 int load_preload_libs(int fd, char ***preloads)
98 {
99 char *data = NULL;
100 char *ptr = NULL, *ptr2 = NULL;
101 int num_entries = 0;
102 long len;
103
104 preloads[0] = NULL;
105
106 len = file_length(fd);
107
108 /* Allocate and zero datablock to read pids file */
109 data = (char *)malloc((len + 1) * sizeof(char));
110 memset(data, 0, len + 1);
111
112 /* Start at beginning of file */
113 lseek(fd, 0L, SEEK_SET);
114
115 /* read entire file into a buffer */
116 read(fd, data, len);
117
118 ptr = data;
119
120 /* Loop and read all pids */
121 while (1) {
122 /* Find new line */
123 ptr2 = strchr(ptr, '\n');
124
125 /* Clear the \n. And ptr should have a null-terminated decimal string
126 * Don't break from the loop though because the last line may not
127 * terminated with a \n
128 */
129 if (NULL != ptr2)
130 ptr2[0] = 0;
131
132 /* If listing does not match our libname, add it to the array */
133 if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) {
134 preloads[0] = (char **)realloc(preloads[0], (num_entries + 1) * sizeof(char **));
135 preloads[0][num_entries] = strdup(ptr);
136 num_entries++;
137 }
138
139 if (NULL == ptr2)
140 break; /* No more PIDs */
141
142 /* Put ptr past the NULL we just wrote */
143 ptr = ptr2 + 1;
144 }
145
146 if (data)
147 free(data);
148 data = NULL;
149
150 return num_entries;
151 }
152
153 void cleanup()
154 {
155 int i = 0;
156 int success = 1;
157 int pids_file = -1, num_of_pids = 0;
158 int *pids_array = NULL;
159 char pid_string[255];
160 char *sandbox_pids_file;
161 #ifdef USE_LD_SO_PRELOAD
162 int preload_file = -1, num_of_preloads = 0;
163 char preload_entry[255];
164 char **preload_array = NULL;
165 #endif
166
167 /* Generate sandbox pids-file path */
168 sandbox_pids_file = get_sandbox_pids_file();
169
170 /* Remove this sandbox's bash pid from the global pids
171 * file if it has rights to adapt the ld.so.preload file */
172 if ((1 == preload_adaptable) && (0 == cleaned_up)) {
173 cleaned_up = 1;
174 success = 1;
175
176 if (print_debug)
177 printf("Cleaning up pids file.\n");
178
179 /* Stat the PIDs file, make sure it exists and is a regular file */
180 if (file_exist(sandbox_pids_file, 1) <= 0) {
181 fprintf(stderr, ">>> pids file is not a regular file\n");
182 success = 0;
183 /* We should really not fail if the pidsfile is missing here, but
184 * rather just exit cleanly, as there is still some cleanup to do */
185 return;
186 }
187
188 pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
189 if (-1 == pids_file) {
190 success = 0;
191 /* Nothing more to do here */
192 return;
193 }
194
195 /* Load "still active" pids into an array */
196 num_of_pids = load_active_pids(pids_file, &pids_array);
197 //printf("pids: %d\r\n", num_of_pids);
198
199 #ifdef USE_LD_SO_PRELOAD
200 /* clean the /etc/ld.so.preload file if no other sandbox
201 * processes are running anymore */
202 if (1 == num_of_pids) {
203 success = 1;
204
205 if (print_debug)
206 printf("Cleaning up /etc/ld.so.preload.\n");
207
208 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
209 if (-1 != preload_file) {
210 /* Load all the preload libraries into an array */
211 num_of_preloads = load_preload_libs(preload_file, &preload_array);
212 //printf("num preloads: %d\r\n", num_of_preloads);
213 /* Clear file */
214 file_truncate(preload_file);
215
216 /* store the other preload libraries back into the /etc/ld.so.preload file */
217 if (num_of_preloads > 0) {
218 for (i = 0; i < num_of_preloads; i++) {
219 sprintf(preload_entry, "%s\n", preload_array[i]);
220 if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) {
221 perror(">>> /etc/ld.so.preload file write");
222 success = 0;
223 break;
224 }
225 }
226 }
227
228 /* Free memory used to store preload array */
229 for (i = 0; i < num_of_preloads; i++) {
230 if (preload_array[i])
231 free(preload_array[i]);
232 preload_array[i] = NULL;
233 }
234 if (preload_array)
235 free(preload_array);
236 preload_array = NULL;
237
238 file_close(preload_file);
239 preload_file = -1;
240 }
241 }
242 #endif
243
244 file_truncate(pids_file);
245
246 /* if pids are still running, write only the running pids back to the file */
247 if (num_of_pids > 1) {
248 for (i = 0; i < num_of_pids; i++) {
249 if (pids_array[i] != getpid()) {
250 sprintf(pid_string, "%d\n", pids_array[i]);
251
252 if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) {
253 perror(">>> pids file write");
254 success = 0;
255 break;
256 }
257 }
258 }
259
260 file_close(pids_file);
261 pids_file = -1;
262 } else {
263
264 file_close(pids_file);
265 pids_file = -1;
266
267 /* remove the pidsfile, as this was the last sandbox */
268 unlink(sandbox_pids_file);
269 }
270
271 if (pids_array != NULL)
272 free(pids_array);
273 pids_array = NULL;
274 }
275
276 free(sandbox_pids_file);
277 if (0 == success)
278 return;
279 }
280
281 void stop(int signum)
282 {
283 if (stop_called == 0) {
284 stop_called = 1;
285 printf("Caught signal %d in pid %d\r\n", signum, getpid());
286 cleanup();
287 } else {
288 fprintf(stderr, "Pid %d alreadly caught signal and is still cleaning up\n", getpid());
289 }
290 }
291
292 void setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, char *tmp_dir)
293 {
294 char buf[1024];
295
296 /* bzero out entire buffer then append trailing 0 */
297 memset(buf, 0, sizeof(buf));
298
299 if (!getenv(ENV_SANDBOX_WRITE)) {
300 /* these could go into make.globals later on */
301 snprintf(buf, sizeof(buf),
302 "%s:%s/.gconfd/lock:%s/.bash_history:",
303 "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:"
304 "/dev/vc/:/dev/tty:/tmp/:"
305 "/dev/shm/ngpt:/var/log/scrollkeeper.log:"
306 "/usr/tmp/conftest:/usr/lib/conftest:"
307 "/usr/lib32/conftest:/usr/lib64/conftest:"
308 "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf",
309 home_dir, home_dir);
310
311 if (NULL == portage_tmp_dir) {
312 strncat(buf, tmp_dir, sizeof(buf));
313 strncat(buf, ":", sizeof(buf));
314 strncat(buf, var_tmp_dir, sizeof(buf));
315 strncat(buf, ":/tmp/:/var/tmp/", sizeof(buf));
316 } else {
317 strncat(buf, portage_tmp_dir, sizeof(buf));
318 strncat(buf, ":", sizeof(buf));
319 strncat(buf, tmp_dir, sizeof(buf));
320 strncat(buf, ":", sizeof(buf));
321 strncat(buf, var_tmp_dir, sizeof(buf));
322 strncat(buf, ":/tmp/:/var/tmp/", sizeof(buf));
323 }
324 buf[sizeof(buf) - 1] = '\0';
325 setenv(ENV_SANDBOX_WRITE, buf, 1);
326 }
327 }
328
329 void setenv_sandbox_predict(char *home_dir)
330 {
331 char buf[1024];
332
333 memset(buf, 0, sizeof(buf));
334
335 if (!getenv(ENV_SANDBOX_PREDICT)) {
336 /* these should go into make.globals later on */
337 snprintf(buf, sizeof(buf), "%s/.:"
338 "/usr/lib/python2.0/:"
339 "/usr/lib/python2.1/:"
340 "/usr/lib/python2.2/:"
341 "/usr/lib/python2.3/:"
342 "/usr/lib/python2.4/:"
343 "/usr/lib/python2.5/:"
344 "/usr/lib/python3.0/:",
345 home_dir);
346
347 buf[sizeof(buf) - 1] = '\0';
348 setenv(ENV_SANDBOX_PREDICT, buf, 1);
349 }
350 }
351
352 int print_sandbox_log(char *sandbox_log)
353 {
354 int sandbox_log_file = -1;
355 char *beep_count_env = NULL;
356 int i, color, beep_count = 0;
357 long len = 0;
358 char *buffer = NULL;
359
360 sandbox_log_file = file_open(sandbox_log, "r", 1, 0664, "portage");
361 if (-1 == sandbox_log_file)
362 return 0;
363
364 len = file_length(sandbox_log_file);
365 buffer = (char *)malloc((len + 1) * sizeof(char));
366 memset(buffer, 0, len + 1);
367 read(sandbox_log_file, buffer, len);
368 file_close(sandbox_log_file);
369
370 color = ((getenv("NOCOLOR") != NULL) ? 0 : 1);
371
372 if (color)
373 printf("\e[31;01m");
374 printf("--------------------------- ACCESS VIOLATION SUMMARY ---------------------------");
375 if (color)
376 printf("\033[0m");
377 if (color)
378 printf("\e[31;01m");
379 printf("\nLOG FILE = \"%s\"", sandbox_log);
380 if (color)
381 printf("\033[0m");
382 printf("\n\n");
383 printf("%s", buffer);
384 if (buffer)
385 free(buffer);
386 buffer = NULL;
387 printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n");
388
389 beep_count_env = getenv(ENV_SANDBOX_BEEP);
390 if (beep_count_env)
391 beep_count = atoi(beep_count_env);
392 else
393 beep_count = DEFAULT_BEEP_COUNT;
394
395 for (i = 0; i < beep_count; i++) {
396 fputc('\a', stderr);
397 if (i < beep_count - 1)
398 sleep(1);
399 }
400 return 1;
401 }
402
403 int spawn_shell(char *argv_bash[])
404 {
405 #ifdef USE_SYSTEM_SHELL
406 int i = 0;
407 char *sh = NULL;
408 int first = 1;
409 int ret;
410 long len = 0;
411
412 while (1) {
413 if (NULL == argv_bash[i])
414 break;
415 if (NULL != sh)
416 len = strlen(sh);
417 sh = (char *)realloc(sh, len + strlen(argv_bash[i]) + 5);
418 if (first) {
419 sh[0] = 0;
420 first = 0;
421 }
422 strcat(sh, "\"");
423 strcat(sh, argv_bash[i]);
424 strcat(sh, "\" ");
425
426 //printf("%s\n", argv_bash[i]);
427 i++;
428 }
429 printf("%s\n", sh);
430 ret = system(sh);
431 if (sh)
432 free(sh);
433 sh = NULL;
434
435 if (-1 == ret)
436 return 0;
437 return 1;
438
439 #else
440 # ifndef NO_FORK
441 int pid;
442 int status = 0;
443 int ret = 0;
444
445 pid = fork();
446
447 /* Child's process */
448 if (0 == pid) {
449 # endif
450 execv(argv_bash[0], argv_bash);
451 # ifndef NO_FORK
452 return 0;
453 } else if (pid < 0) {
454 return 0;
455 }
456 ret = waitpid(pid, &status, 0);
457 if ((-1 == ret) || (status > 0))
458 return 0;
459 # endif
460 return 1;
461 #endif
462 }
463
464 int main(int argc, char **argv)
465 {
466 int i = 0, success = 1;
467 #ifdef USE_LD_SO_PRELOAD
468 int preload_file = -1;
469 #endif
470 int sandbox_log_presence = 0;
471 int sandbox_log_file = -1;
472 int pids_file = -1;
473 long len;
474
475 int *pids_array = NULL;
476 int num_of_pids = 0;
477
478 // char run_arg[255];
479 char portage_tmp_dir[PATH_MAX];
480 char var_tmp_dir[PATH_MAX];
481 char tmp_dir[PATH_MAX];
482 char sandbox_log[255];
483 char sandbox_debug_log[255];
484 char sandbox_dir[255];
485 char sandbox_lib[255];
486 char *sandbox_pids_file;
487 char sandbox_rc[255];
488 char pid_string[255];
489 char **argv_bash = NULL;
490
491 char *run_str = "-c";
492 char *home_dir = NULL;
493 char *tmp_string = NULL;
494 #ifdef USE_LD_SO_PRELOAD
495 char **preload_array = NULL;
496 int num_of_preloads = 0;
497 #endif
498
499 /* Only print info if called with no arguments .... */
500 if (argc < 2)
501 print_debug = 1;
502
503 if (print_debug)
504 printf("========================== Gentoo linux path sandbox ===========================\n");
505
506 /* check if a sandbox is already running */
507 if (NULL != getenv(ENV_SANDBOX_ON)) {
508 fprintf(stderr, "Not launching a new sandbox instance\n");
509 fprintf(stderr, "Another one is already running in this process hierarchy.\n");
510 exit(1);
511 } else {
512
513 /* determine the location of all the sandbox support files */
514 if (print_debug)
515 printf("Detection of the support files.\n");
516
517 /* Generate base sandbox path */
518 tmp_string = get_sandbox_path(argv[0]);
519 strncpy(sandbox_dir, tmp_string, 254);
520 if (tmp_string)
521 free(tmp_string);
522 tmp_string = NULL;
523 strcat(sandbox_dir, "/");
524
525 /* Generate sandbox lib path */
526 tmp_string = get_sandbox_lib(sandbox_dir);
527 strncpy(sandbox_lib, tmp_string, 254);
528 if (tmp_string)
529 free(tmp_string);
530 tmp_string = NULL;
531
532 /* Generate sandbox pids-file path */
533 sandbox_pids_file = get_sandbox_pids_file();
534
535 /* Generate sandbox bashrc path */
536 tmp_string = get_sandbox_rc(sandbox_dir);
537 strncpy(sandbox_rc, tmp_string, 254);
538 if (tmp_string)
539 free(tmp_string);
540 tmp_string = NULL;
541
542 /* verify the existance of required files */
543 if (print_debug)
544 printf("Verification of the required files.\n");
545
546 #ifndef SB_HAVE_64BIT_ARCH
547 if (file_exist(sandbox_lib, 0) <= 0) {
548 fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib);
549 return -1;
550 }
551 #endif
552 if (file_exist(sandbox_rc, 0) <= 0) {
553 fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc);
554 return -1;
555 }
556 #ifdef USE_LD_SO_PRELOAD
557 /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */
558 if (print_debug)
559 printf("Setting up the ld.so.preload file.\n");
560
561 /* check if the /etc/ld.so.preload is a regular file */
562 if (file_exist("/etc/ld.so.preload", 1) < 0) {
563 fprintf(stderr, ">>> /etc/ld.so.preload file is not a regular file\n");
564 exit(1);
565 }
566
567 if (getuid() == 0) {
568 /* Our r+ also will create the file if it doesn't exist */
569 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
570 if (-1 == preload_file) {
571 preload_adaptable = 0;
572 /* exit(1);*/
573 }
574 } else {
575 /* Avoid permissions warnings if we're not root */
576 preload_adaptable = 0;
577 }
578
579 /* Only update /etc/ld.so.preload if we can write to it ... */
580 if (1 == preload_adaptable) {
581 /* Load entries of preload table */
582 num_of_preloads = load_preload_libs(preload_file, &preload_array);
583
584 /* Zero out our ld.so.preload file */
585 file_truncate(preload_file);
586
587 /* Write contents of preload file */
588 for (i = 0; i < num_of_preloads + 1; i++) {
589 /* First entry should be our sandbox library */
590 if (0 == i) {
591 if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) {
592 perror(">>> /etc/ld.so.preload file write");
593 success = 0;
594 break;
595 }
596 } else {
597 /* Output all other preload entries */
598 if (write(preload_file, preload_array[i - 1],
599 strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {
600 perror(">>> /etc/ld.so.preload file write");
601 success = 0;
602 break;
603 }
604 }
605 /* Don't forget the return character after each line! */
606 if (1 != write(preload_file, "\n", 1)) {
607 perror(">>> /etc/ld.so.preload file write");
608 success = 0;
609 break;
610 }
611 }
612
613 for (i = 0; i < num_of_preloads; i++) {
614 if (preload_array[i])
615 free(preload_array[i]);
616 preload_array[i] = NULL;
617 }
618 if (preload_array)
619 free(preload_array);
620 num_of_preloads = 0;
621 preload_array = NULL;
622 }
623
624 /* That's all we needed to do with the preload file */
625 if (0 < preload_file)
626 file_close(preload_file);
627 preload_file = -1;
628 #endif
629
630 /* set up the required environment variables */
631 if (print_debug)
632 printf("Setting up the required environment variables.\n");
633
634 /* Generate sandbox log full path */
635 tmp_string = get_sandbox_log();
636 strncpy(sandbox_log, tmp_string, 254);
637 if (tmp_string)
638 free(tmp_string);
639 tmp_string = NULL;
640
641 setenv(ENV_SANDBOX_LOG, sandbox_log, 1);
642
643 snprintf(sandbox_debug_log, sizeof(sandbox_debug_log), "%s%s%s",
644 DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT);
645 setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1);
646
647 home_dir = getenv("HOME");
648 if (!home_dir) {
649 home_dir = "/tmp";
650 setenv("HOME", home_dir, 1);
651 }
652
653 /* drobbins: we need to expand these paths using realpath() so that PORTAGE_TMPDIR
654 * can contain symlinks (example, /var is a symlink, /var/tmp is a symlink.) Without
655 * this, access is denied to /var/tmp, hurtin' ebuilds.
656 */
657
658 {
659 char *e;
660 e = getenv("PORTAGE_TMPDIR");
661 if (e && (strlen(e) < sizeof(portage_tmp_dir) - 1) && (strlen(e) > 1))
662 realpath(e, portage_tmp_dir);
663
664 }
665 realpath("/var/tmp", var_tmp_dir);
666 realpath("/tmp", tmp_dir);
667
668 setenv(ENV_SANDBOX_DIR, sandbox_dir, 1);
669 setenv(ENV_SANDBOX_LIB, sandbox_lib, 1);
670 setenv("LD_PRELOAD", sandbox_lib, 1);
671
672 if (!getenv(ENV_SANDBOX_DENY))
673 setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1);
674
675 if (!getenv(ENV_SANDBOX_READ))
676 setenv(ENV_SANDBOX_READ, "/", 1);
677
678 /* Set up Sandbox Write path */
679 setenv_sandbox_write(home_dir, portage_tmp_dir, var_tmp_dir, tmp_dir);
680 setenv_sandbox_predict(home_dir);
681
682 setenv(ENV_SANDBOX_ON, "1", 0);
683
684 /* if the portage temp dir was present, cd into it */
685 if (NULL != portage_tmp_dir)
686 chdir(portage_tmp_dir);
687
688 argv_bash = (char **)malloc(6 * sizeof(char *));
689 argv_bash[0] = strdup("/bin/bash");
690 argv_bash[1] = strdup("-rcfile");
691 argv_bash[2] = strdup(sandbox_rc);
692
693 if (argc < 2)
694 argv_bash[3] = NULL;
695 else
696 argv_bash[3] = strdup(run_str); /* "-c" */
697
698 argv_bash[4] = NULL; /* strdup(run_arg); */
699 argv_bash[5] = NULL;
700
701 if (argc >= 2) {
702 for (i = 1; i < argc; i++) {
703 if (NULL == argv_bash[4])
704 len = 0;
705 else
706 len = strlen(argv_bash[4]);
707
708 argv_bash[4] = (char *)realloc(argv_bash[4], (len + strlen(argv[i]) + 2) * sizeof(char));
709
710 if (0 == len)
711 argv_bash[4][0] = 0;
712 if (1 != i)
713 strcat(argv_bash[4], " ");
714
715 strcat(argv_bash[4], argv[i]);
716 }
717 }
718
719 /* set up the required signal handlers */
720 signal(SIGHUP, &stop);
721 signal(SIGINT, &stop);
722 signal(SIGQUIT, &stop);
723 signal(SIGTERM, &stop);
724
725 /* this one should NEVER be set in ebuilds, as it is the one
726 * private thing libsandbox.so use to test if the sandbox
727 * should be active for this pid, or not.
728 *
729 * azarah (3 Aug 2002)
730 */
731
732 setenv("SANDBOX_ACTIVE", "armedandready", 1);
733
734 /* Load our PID into PIDs file */
735 success = 1;
736 if (file_exist(sandbox_pids_file, 1) < 0) {
737 success = 0;
738 fprintf(stderr, ">>> %s is not a regular file\n", sandbox_pids_file);
739 } else {
740 pids_file = file_open(sandbox_pids_file, "r+", 1, 0664, "portage");
741 if (-1 == pids_file)
742 success = 0;
743 }
744 if (1 == success) {
745 /* Grab still active pids */
746 num_of_pids = load_active_pids(pids_file, &pids_array);
747
748 /* Zero out file */
749 file_truncate(pids_file);
750
751 /* Output active pids, and append our pid */
752 for (i = 0; i < num_of_pids + 1; i++) {
753 /* Time for our entry */
754 if (i == num_of_pids)
755 sprintf(pid_string, "%d\n", getpid());
756 else
757 sprintf(pid_string, "%d\n", pids_array[i]);
758
759 if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) {
760 perror(">>> pids file write");
761 success = 0;
762 break;
763 }
764 }
765 /* Clean pids_array */
766 if (pids_array)
767 free(pids_array);
768 pids_array = NULL;
769 num_of_pids = 0;
770
771 /* We're done with the pids file */
772 file_close(pids_file);
773 }
774
775 /* Something went wrong, bail out */
776 if (0 == success) {
777 perror(">>> pids file write");
778 exit(1);
779 }
780
781 /* STARTING PROTECTED ENVIRONMENT */
782 if (print_debug) {
783 printf("The protected environment has been started.\n");
784 printf("--------------------------------------------------------------------------------\n");
785 }
786
787 if (print_debug)
788 printf("Shell being started in forked process.\n");
789
790 /* Start Bash */
791 if (!spawn_shell(argv_bash)) {
792 if (print_debug)
793 fprintf(stderr, ">>> shell process failed to spawn\n");
794 success = 0;
795 }
796
797 /* Free bash stuff */
798 for (i = 0; i < 6; i++) {
799 if (argv_bash[i])
800 free(argv_bash[i]);
801 argv_bash[i] = NULL;
802 }
803 if (argv_bash)
804 free(argv_bash);
805 argv_bash = NULL;
806
807 if (print_debug)
808 printf("Cleaning up sandbox process\n");
809
810 cleanup();
811
812 if (print_debug) {
813 printf("========================== Gentoo linux path sandbox ===========================\n");
814 printf("The protected environment has been shut down.\n");
815 }
816
817 if (file_exist(sandbox_log, 0)) {
818 sandbox_log_presence = 1;
819 success = 1;
820 if (!print_sandbox_log(sandbox_log))
821 success = 0;
822
823 #if 0
824 if (!success)
825 exit(1);
826 #endif
827
828 sandbox_log_file = -1;
829 } else if (print_debug) {
830 printf("--------------------------------------------------------------------------------\n");
831 }
832
833 if ((sandbox_log_presence) || (!success))
834 return 1;
835 else
836 return 0;
837 }
838 }
839
840 // vim:noexpandtab noai:cindent ai

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20