/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 123 Revision 124
388 "/usr/lib/python2.5/:" 388 "/usr/lib/python2.5/:"
389 "/usr/lib/python3.0/:", 389 "/usr/lib/python3.0/:",
390 sandbox_info->home_dir); 390 sandbox_info->home_dir);
391} 391}
392 392
393int sandbox_setenv(char **env, char *name, char *val) { 393int sandbox_setenv(char **env, const char *name, const char *val) {
394 char **tmp_env = env; 394 char **tmp_env = env;
395 char *tmp_string = NULL; 395 char *tmp_string = NULL;
396 396
397 /* XXX: We add the new variable to the end (no replacing). If this 397 /* XXX: We add the new variable to the end (no replacing). If this
398 * is changed, we need to fix sandbox_setup_environ() below */ 398 * is changed, we need to fix sandbox_setup_environ() below */
415 return 0; 415 return 0;
416} 416}
417 417
418/* We setup the environment child side only to prevent issues with 418/* We setup the environment child side only to prevent issues with
419 * setting LD_PRELOAD parent side */ 419 * setting LD_PRELOAD parent side */
420char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info, 420char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info)
421 char *sandbox_write_envvar, char *sandbox_predict_envvar)
422{ 421{
423 int env_size = 0; 422 int env_size = 0;
424 int have_ld_preload = 0; 423 int have_ld_preload = 0;
425 424
426 char **new_environ; 425 char **new_environ;
427 char **env_ptr = environ; 426 char **env_ptr = environ;
427 char sandbox_write_envvar[SB_BUF_LEN];
428 char sandbox_predict_envvar[SB_BUF_LEN];
428 char *ld_preload_envvar = NULL; 429 char *ld_preload_envvar = NULL;
429 char *orig_ld_preload_envvar = NULL; 430 char *orig_ld_preload_envvar = NULL;
430 431
431 /* Unset these, as its easier than replacing when setting up our 432 /* Unset these, as its easier than replacing when setting up our
432 * new environment below */ 433 * new environment below */
488 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE); 489 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE);
489 490
490 if (!getenv(ENV_SANDBOX_READ)) 491 if (!getenv(ENV_SANDBOX_READ))
491 sandbox_setenv(new_environ, ENV_SANDBOX_READ, "/"); 492 sandbox_setenv(new_environ, ENV_SANDBOX_READ, "/");
492 493
494 get_sandbox_write_envvar(sandbox_write_envvar, sandbox_info);
493 if (!getenv(ENV_SANDBOX_WRITE)) 495 if (!getenv(ENV_SANDBOX_WRITE))
494 sandbox_setenv(new_environ, ENV_SANDBOX_WRITE, sandbox_write_envvar); 496 sandbox_setenv(new_environ, ENV_SANDBOX_WRITE, sandbox_write_envvar);
495 497
498 get_sandbox_predict_envvar(sandbox_predict_envvar, sandbox_info);
496 if (!getenv(ENV_SANDBOX_PREDICT)) 499 if (!getenv(ENV_SANDBOX_PREDICT))
497 sandbox_setenv(new_environ, ENV_SANDBOX_PREDICT, sandbox_predict_envvar); 500 sandbox_setenv(new_environ, ENV_SANDBOX_PREDICT, sandbox_predict_envvar);
498 501
499 /* This one should NEVER be set in ebuilds, as it is the one 502 /* This one should NEVER be set in ebuilds, as it is the one
500 * private thing libsandbox.so use to test if the sandbox 503 * private thing libsandbox.so use to test if the sandbox
557 long len; 560 long len;
558 561
559 struct sandbox_info_t sandbox_info; 562 struct sandbox_info_t sandbox_info;
560 563
561 char **sandbox_environ; 564 char **sandbox_environ;
562 char sandbox_write_envvar[SB_BUF_LEN];
563 char sandbox_predict_envvar[SB_BUF_LEN];
564 char **argv_bash = NULL; 565 char **argv_bash = NULL;
565 566
566 char *run_str = "-c"; 567 char *run_str = "-c";
567 char *home_dir = NULL; 568 char *home_dir = NULL;
568 char *tmp_string = NULL; 569 char *tmp_string = NULL;
616 * This needs to be set before calling sandbox_setup_environ(), 617 * This needs to be set before calling sandbox_setup_environ(),
617 * else its not set for the child */ 618 * else its not set for the child */
618 setenv(ENV_SANDBOX_ON, "1", 0); 619 setenv(ENV_SANDBOX_ON, "1", 0);
619 620
620 /* Setup the child environment stuff */ 621 /* Setup the child environment stuff */
621 get_sandbox_write_envvar(sandbox_write_envvar, &sandbox_info);
622 get_sandbox_predict_envvar(sandbox_predict_envvar, &sandbox_info);
623 sandbox_environ = sandbox_setup_environ(&sandbox_info, 622 sandbox_environ = sandbox_setup_environ(&sandbox_info);
624 sandbox_write_envvar, sandbox_predict_envvar);
625 if (NULL == sandbox_environ) { 623 if (NULL == sandbox_environ) {
626 perror(">>> out of memory (environ)"); 624 perror(">>> out of memory (environ)");
627 exit(1); 625 exit(1);
628 } 626 }
629 627

Legend:
Removed from v.123  
changed lines
  Added in v.124

  ViewVC Help
Powered by ViewVC 1.1.20