/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 144 Revision 145
47int sandbox_setup(struct sandbox_info_t *sandbox_info) 47int sandbox_setup(struct sandbox_info_t *sandbox_info)
48{ 48{
49 if (NULL == realpath(getenv(ENV_PORTAGE_TMPDIR) ? getenv(ENV_PORTAGE_TMPDIR) 49 if (NULL == realpath(getenv(ENV_PORTAGE_TMPDIR) ? getenv(ENV_PORTAGE_TMPDIR)
50 : PORTAGE_TMPDIR, 50 : PORTAGE_TMPDIR,
51 sandbox_info->portage_tmp_dir)) { 51 sandbox_info->portage_tmp_dir)) {
52 perror(">>> get portage_tmp_dir"); 52 perror("sandbox: Failed to get portage_tmp_dir");
53 return -1; 53 return -1;
54 } 54 }
55 setenv(ENV_PORTAGE_TMPDIR, sandbox_info->portage_tmp_dir, 1); 55 setenv(ENV_PORTAGE_TMPDIR, sandbox_info->portage_tmp_dir, 1);
56 56
57 if (NULL == realpath(VAR_TMPDIR, sandbox_info->var_tmp_dir)) { 57 if (NULL == realpath(VAR_TMPDIR, sandbox_info->var_tmp_dir)) {
58 perror(">>> get var_tmp_dir"); 58 perror("sandbox: Failed to get var_tmp_dir");
59 return -1; 59 return -1;
60 } 60 }
61 61
62 if (-1 == get_tmp_dir(sandbox_info->tmp_dir)) { 62 if (-1 == get_tmp_dir(sandbox_info->tmp_dir)) {
63 perror(">>> get tmp_dir"); 63 perror("sandbox: Failed to get tmp_dir");
64 return -1; 64 return -1;
65 } 65 }
66 tmp_dir = sandbox_info->tmp_dir; 66 tmp_dir = sandbox_info->tmp_dir;
67 setenv(ENV_TMPDIR, tmp_dir, 1); 67 setenv(ENV_TMPDIR, tmp_dir, 1);
68 68
94 int i, color, beep_count = 0; 94 int i, color, beep_count = 0;
95 long len = 0; 95 long len = 0;
96 char *buffer = NULL; 96 char *buffer = NULL;
97 97
98 if (1 != is_file(sandbox_log)) { 98 if (1 != is_file(sandbox_log)) {
99 perror(">>> log file not a regular file"); 99 perror("sandbox: Log file is not a regular file");
100 return 0; 100 return 0;
101 } 101 }
102 102
103 sandbox_log_file = open(sandbox_log, O_RDONLY); 103 sandbox_log_file = open(sandbox_log, O_RDONLY);
104 if (-1 == sandbox_log_file) { 104 if (-1 == sandbox_log_file) {
105 perror(">>> could not open log file"); 105 perror("sandbox: Could not open Log file");
106 return 0; 106 return 0;
107 } 107 }
108 108
109 len = file_length(sandbox_log_file); 109 len = file_length(sandbox_log_file);
110 buffer = (char *)malloc((len + 1) * sizeof(char)); 110 buffer = (char *)malloc((len + 1) * sizeof(char));
142 142
143void stop(int signum) 143void stop(int signum)
144{ 144{
145 if (stop_called == 0) { 145 if (stop_called == 0) {
146 stop_called = 1; 146 stop_called = 1;
147 printf("Caught signal %d in pid %d\r\n", signum, getpid()); 147 printf("sandbox: Caught signal %d in pid %d\n",
148 signum, getpid());
148 } else { 149 } else {
149 fprintf(stderr, "Pid %d alreadly caught signal and is still cleaning up\n", getpid()); 150 fprintf(stderr,
151 "sandbox: Signal already caught and busy still cleaning up!\n");
150 } 152 }
151} 153}
152 154
153void get_sandbox_write_envvar(char *buf, struct sandbox_info_t *sandbox_info) 155void get_sandbox_write_envvar(char *buf, struct sandbox_info_t *sandbox_info)
154{ 156{
210 /* strlen(name) + strlen(val) + '=' + '\0' */ 212 /* strlen(name) + strlen(val) + '=' + '\0' */
211 /* FIXME: Should probably free this at some stage - more neatness than 213 /* FIXME: Should probably free this at some stage - more neatness than
212 * a real leak that will cause issues. */ 214 * a real leak that will cause issues. */
213 tmp_string = calloc(strlen(name) + strlen(val) + 2, sizeof(char *)); 215 tmp_string = calloc(strlen(name) + strlen(val) + 2, sizeof(char *));
214 if (NULL == tmp_string) { 216 if (NULL == tmp_string) {
215 perror(">>> out of memory (sandbox_setenv)"); 217 perror("sandbox: Out of memory (sandbox_setenv)");
216 exit(1); 218 exit(EXIT_FAILURE);
217 } 219 }
218 220
219 snprintf(tmp_string, strlen(name) + strlen(val) + 2, "%s=%s", 221 snprintf(tmp_string, strlen(name) + strlen(val) + 2, "%s=%s",
220 name, val); 222 name, val);
221 *tmp_env = tmp_string; 223 *tmp_env = tmp_string;
335 } 337 }
336 338
337 return new_environ; 339 return new_environ;
338} 340}
339 341
340int spawn_shell(char *argv_bash[], char *env[]) 342int spawn_shell(char *argv_bash[], char *env[], int debug)
341{ 343{
342 int pid; 344 int pid;
343 int status = 0; 345 int status = 0;
344 int ret = 0; 346 int ret = 0;
345 347
348 /* Child's process */ 350 /* Child's process */
349 if (0 == pid) { 351 if (0 == pid) {
350 execve(argv_bash[0], argv_bash, env); 352 execve(argv_bash[0], argv_bash, env);
351 return 0; 353 return 0;
352 } else if (pid < 0) { 354 } else if (pid < 0) {
355 if (debug)
356 fprintf(stderr, "Process failed to spawn!\n");
353 return 0; 357 return 0;
354 } 358 }
355 ret = waitpid(pid, &status, 0); 359 ret = waitpid(pid, &status, 0);
356 if ((-1 == ret) || (status > 0)) 360 if ((-1 == ret) || (status > 0)) {
361 if (debug)
362 fprintf(stderr, "Process returned with failed exit status!\n");
357 return 0; 363 return 0;
364 }
358 365
359 return 1; 366 return 1;
360} 367}
361 368
362int main(int argc, char **argv) 369int main(int argc, char **argv)
381 388
382 /* check if a sandbox is already running */ 389 /* check if a sandbox is already running */
383 if (NULL != getenv(ENV_SANDBOX_ON)) { 390 if (NULL != getenv(ENV_SANDBOX_ON)) {
384 fprintf(stderr, "Not launching a new sandbox instance\n"); 391 fprintf(stderr, "Not launching a new sandbox instance\n");
385 fprintf(stderr, "Another one is already running in this process hierarchy.\n"); 392 fprintf(stderr, "Another one is already running in this process hierarchy.\n");
386 exit(1); 393 exit(EXIT_FAILURE);
387 } else { 394 }
388 395
389 /* determine the location of all the sandbox support files */ 396 /* determine the location of all the sandbox support files */
390 if (print_debug) 397 if (print_debug)
391 printf("Detection of the support files.\n"); 398 printf("Detection of the support files.\n");
392 399
393 if (-1 == sandbox_setup(&sandbox_info)) { 400 if (-1 == sandbox_setup(&sandbox_info)) {
394 perror(">>> setup"); 401 perror("sandbox: Failed to setup sandbox");
395 exit(1); 402 exit(EXIT_FAILURE);
403 }
404
405 /* verify the existance of required files */
406 if (print_debug)
407 printf("Verification of the required files.\n");
408
409#ifndef SB_HAVE_64BIT_ARCH
410 if (0 >= exists(sandbox_info.sandbox_lib)) {
411 perror("sandbox: Could not open the sandbox library");
412 exit(EXIT_FAILURE);
413 }
414#endif
415 if (0 >= exists(sandbox_info.sandbox_rc)) {
416 perror("sandbox: Could not open the sandbox rc file");
417 exit(EXIT_FAILURE);
418 }
419
420 /* set up the required environment variables */
421 if (print_debug)
422 printf("Setting up the required environment variables.\n");
423
424 /* This one should not be child only, as we check above to see
425 * if we are already running (check sandbox_setup_environ).
426 * This needs to be set before calling sandbox_setup_environ(),
427 * else its not set for the child */
428 setenv(ENV_SANDBOX_ON, "1", 0);
429
430 /* Setup the child environment stuff */
431 sandbox_environ = sandbox_setup_environ(&sandbox_info);
432 if (NULL == sandbox_environ) {
433 perror("sandbox: Out of memory (environ)");
434 exit(EXIT_FAILURE);
435 }
436
437 /* if the portage temp dir was present, cd into it */
438 if (NULL != sandbox_info.portage_tmp_dir)
439 chdir(sandbox_info.portage_tmp_dir);
440
441 argv_bash = (char **)malloc(6 * sizeof(char *));
442 argv_bash[0] = strdup("/bin/bash");
443 argv_bash[1] = strdup("-rcfile");
444 argv_bash[2] = strdup(sandbox_info.sandbox_rc);
445
446 if (argc < 2)
447 argv_bash[3] = NULL;
448 else
449 argv_bash[3] = strdup(run_str); /* "-c" */
450
451 argv_bash[4] = NULL; /* strdup(run_arg); */
452 argv_bash[5] = NULL;
453
454 if (argc >= 2) {
455 for (i = 1; i < argc; i++) {
456 if (NULL == argv_bash[4])
457 len = 0;
458 else
459 len = strlen(argv_bash[4]);
460
461 argv_bash[4] = (char *)realloc(argv_bash[4],
462 (len + strlen(argv[i]) + 2) * sizeof(char));
463
464 if (0 == len)
465 argv_bash[4][0] = 0;
466 if (1 != i)
467 strcat(argv_bash[4], " ");
468
469 strcat(argv_bash[4], argv[i]);
396 } 470 }
397
398 /* verify the existance of required files */
399 if (print_debug)
400 printf("Verification of the required files.\n");
401
402#ifndef SB_HAVE_64BIT_ARCH
403 if (0 >= exists(sandbox_info.sandbox_lib)) {
404 fprintf(stderr, "Could not open the sandbox library at '%s'.\n",
405 sandbox_info.sandbox_lib);
406 return -1;
407 } 471 }
408#endif
409 if (0 >= exists(sandbox_info.sandbox_rc)) {
410 fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n",
411 sandbox_info.sandbox_rc);
412 return -1;
413 }
414 472
415 /* set up the required environment variables */
416 if (print_debug)
417 printf("Setting up the required environment variables.\n");
418
419 /* This one should not be child only, as we check above to see
420 * if we are already running (check sandbox_setup_environ).
421 * This needs to be set before calling sandbox_setup_environ(),
422 * else its not set for the child */
423 setenv(ENV_SANDBOX_ON, "1", 0);
424
425 /* Setup the child environment stuff */
426 sandbox_environ = sandbox_setup_environ(&sandbox_info);
427 if (NULL == sandbox_environ) {
428 perror(">>> out of memory (environ)");
429 exit(1);
430 }
431
432 /* if the portage temp dir was present, cd into it */
433 if (NULL != sandbox_info.portage_tmp_dir)
434 chdir(sandbox_info.portage_tmp_dir);
435
436 argv_bash = (char **)malloc(6 * sizeof(char *));
437 argv_bash[0] = strdup("/bin/bash");
438 argv_bash[1] = strdup("-rcfile");
439 argv_bash[2] = strdup(sandbox_info.sandbox_rc);
440
441 if (argc < 2)
442 argv_bash[3] = NULL;
443 else
444 argv_bash[3] = strdup(run_str); /* "-c" */
445
446 argv_bash[4] = NULL; /* strdup(run_arg); */
447 argv_bash[5] = NULL;
448
449 if (argc >= 2) {
450 for (i = 1; i < argc; i++) {
451 if (NULL == argv_bash[4])
452 len = 0;
453 else
454 len = strlen(argv_bash[4]);
455
456 argv_bash[4] = (char *)realloc(argv_bash[4],
457 (len + strlen(argv[i]) + 2) * sizeof(char));
458
459 if (0 == len)
460 argv_bash[4][0] = 0;
461 if (1 != i)
462 strcat(argv_bash[4], " ");
463
464 strcat(argv_bash[4], argv[i]);
465 }
466 }
467
468 /* set up the required signal handlers */ 473 /* set up the required signal handlers */
469 signal(SIGHUP, &stop); 474 signal(SIGHUP, &stop);
470 signal(SIGINT, &stop); 475 signal(SIGINT, &stop);
471 signal(SIGQUIT, &stop); 476 signal(SIGQUIT, &stop);
472 signal(SIGTERM, &stop); 477 signal(SIGTERM, &stop);
473 478
474 /* STARTING PROTECTED ENVIRONMENT */ 479 /* STARTING PROTECTED ENVIRONMENT */
475 if (print_debug) { 480 if (print_debug) {
476 printf("The protected environment has been started.\n"); 481 printf("The protected environment has been started.\n");
477 printf("--------------------------------------------------------------------------------\n"); 482 printf("--------------------------------------------------------------------------------\n");
478 } 483 }
479 484
480 if (print_debug) 485 if (print_debug)
481 printf("Shell being started in forked process.\n"); 486 printf("Process being started in forked instance.\n");
482 487
483 /* Start Bash */ 488 /* Start Bash */
484 if (!spawn_shell(argv_bash, sandbox_environ)) { 489 if (!spawn_shell(argv_bash, sandbox_environ, print_debug))
485 if (print_debug)
486 fprintf(stderr, ">>> shell process failed to spawn\n");
487 success = 0; 490 success = 0;
488 }
489 491
490 /* Free bash stuff */ 492 /* Free bash stuff */
491 for (i = 0; i < 6; i++) { 493 for (i = 0; i < 6; i++) {
492 if (argv_bash[i]) 494 if (argv_bash[i])
493 free(argv_bash[i]); 495 free(argv_bash[i]);
494 argv_bash[i] = NULL; 496 argv_bash[i] = NULL;
495 } 497 }
496 if (argv_bash) 498 if (argv_bash)
497 free(argv_bash); 499 free(argv_bash);
498 argv_bash = NULL; 500 argv_bash = NULL;
499 501
500 if (print_debug) 502 if (print_debug)
501 printf("Cleaning up sandbox process\n"); 503 printf("Cleaning up sandbox process\n");
502 504
503 if (print_debug) { 505 if (print_debug) {
504 printf("========================== Gentoo linux path sandbox ===========================\n"); 506 printf("========================== Gentoo linux path sandbox ===========================\n");
505 printf("The protected environment has been shut down.\n"); 507 printf("The protected environment has been shut down.\n");
506 } 508 }
507 509
508 if (1 == exists(sandbox_info.sandbox_log)) { 510 if (1 == exists(sandbox_info.sandbox_log)) {
509 sandbox_log_presence = 1; 511 sandbox_log_presence = 1;
510 print_sandbox_log(sandbox_info.sandbox_log); 512 print_sandbox_log(sandbox_info.sandbox_log);
511 } else if (print_debug) { 513 } else if (print_debug) {
512 printf("--------------------------------------------------------------------------------\n"); 514 printf("--------------------------------------------------------------------------------\n");
513 } 515 }
514 516
515 if ((sandbox_log_presence) || (!success)) 517 if ((sandbox_log_presence) || (!success))
516 return 1; 518 return 1;
517 else 519 else
518 return 0; 520 return 0;
519 }
520} 521}
521 522
522// vim:noexpandtab noai:cindent ai 523// vim:noexpandtab noai:cindent ai

Legend:
Removed from v.144  
changed lines
  Added in v.145

  ViewVC Help
Powered by ViewVC 1.1.20