/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 158 Revision 159
173 fprintf(stderr, 173 fprintf(stderr,
174 "sandbox: Signal already caught and busy still cleaning up!\n"); 174 "sandbox: Signal already caught and busy still cleaning up!\n");
175 } 175 }
176} 176}
177 177
178void get_sandbox_write_envvar(char *buf, struct sandbox_info_t *sandbox_info) 178int get_sandbox_write_envvar(char *buf, struct sandbox_info_t *sandbox_info)
179{ 179{
180 int retval = 0;
181
180 /* bzero out entire buffer then append trailing 0 */ 182 /* bzero out entire buffer then append trailing 0 */
181 memset(buf, 0, SB_BUF_LEN); 183 memset(buf, 0, SB_BUF_LEN);
182 184
183 /* these could go into make.globals later on */ 185 /* these could go into make.globals later on */
184 snprintf(buf, SB_BUF_LEN, 186 retval = snprintf(buf, SB_BUF_LEN,
185 "%s:%s/.gconfd/lock:%s/.bash_history:%s:%s:%s:%s", 187 "%s:%s/.gconfd/lock:%s/.bash_history:%s:%s:%s:%s",
186 "/dev/zero:/dev/null:/dev/fd:/proc/self/fd:/dev/pts/:" 188 "/dev/zero:/dev/null:/dev/fd:/proc/self/fd:/dev/pts/:"
187 "/dev/vc/:/dev/pty:/dev/tty:/dev/tts:/dev/console:" 189 "/dev/vc/:/dev/pty:/dev/tty:/dev/tts:/dev/console:"
188 "/dev/shm/ngpt:/var/log/scrollkeeper.log:" 190 "/dev/shm/ngpt:/var/log/scrollkeeper.log:"
189 "/usr/tmp/conftest:/usr/lib/conftest:" 191 "/usr/tmp/conftest:/usr/lib/conftest:"
191 "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf", 193 "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf",
192 sandbox_info->home_dir, sandbox_info->home_dir, 194 sandbox_info->home_dir, sandbox_info->home_dir,
193 sandbox_info->work_dir, 195 sandbox_info->work_dir,
194 sandbox_info->tmp_dir, sandbox_info->var_tmp_dir, 196 sandbox_info->tmp_dir, sandbox_info->var_tmp_dir,
195 "/tmp/:/var/tmp/"); 197 "/tmp/:/var/tmp/");
196} 198 if (SB_BUF_LEN <= retval) {
199 errno = EMSGSIZE;
200 perror("sandbox: Failed to generate SANDBOX_WRITE");
201 return -1;
202 }
197 203
204 return 0;
205}
206
198void get_sandbox_predict_envvar(char *buf, struct sandbox_info_t *sandbox_info) 207int get_sandbox_predict_envvar(char *buf, struct sandbox_info_t *sandbox_info)
199{ 208{
209 int retval = 0;
200 /* bzero out entire buffer then append trailing 0 */ 210 /* bzero out entire buffer then append trailing 0 */
201 memset(buf, 0, SB_BUF_LEN); 211 memset(buf, 0, SB_BUF_LEN);
202 212
203 /* these should go into make.globals later on */ 213 /* these should go into make.globals later on */
204 snprintf(buf, SB_BUF_LEN, "%s/.:" 214 retval = snprintf(buf, SB_BUF_LEN, "%s/.:"
205 "/usr/lib/python2.0/:" 215 "/usr/lib/python2.0/:"
206 "/usr/lib/python2.1/:" 216 "/usr/lib/python2.1/:"
207 "/usr/lib/python2.2/:" 217 "/usr/lib/python2.2/:"
208 "/usr/lib/python2.3/:" 218 "/usr/lib/python2.3/:"
209 "/usr/lib/python2.4/:" 219 "/usr/lib/python2.4/:"
219 "/var/db/networks.db:" 229 "/var/db/networks.db:"
220 "/var/db/hosts.db:" 230 "/var/db/hosts.db:"
221 "/var/db/group.db:" 231 "/var/db/group.db:"
222 "/var/db/passwd.db", 232 "/var/db/passwd.db",
223 sandbox_info->home_dir); 233 sandbox_info->home_dir);
234 if (SB_BUF_LEN <= retval) {
235 errno = EMSGSIZE;
236 perror("sandbox: Failed to generate SANDBOX_PREDICT");
237 return -1;
238 }
239
240 return 0;
224} 241}
225 242
226int sandbox_setenv(char **env, const char *name, const char *val) { 243int sandbox_setenv(char **env, const char *name, const char *val) {
227 char **tmp_env = env; 244 char **tmp_env = env;
228 char *tmp_string = NULL; 245 char *tmp_string = NULL;
246 int retval = 0;
229 247
230 /* XXX: We add the new variable to the end (no replacing). If this 248 /* XXX: We add the new variable to the end (no replacing). If this
231 * is changed, we need to fix sandbox_setup_environ() below */ 249 * is changed, we need to fix sandbox_setup_environ() below */
232 while (NULL != *tmp_env) 250 while (NULL != *tmp_env)
233 tmp_env++; 251 tmp_env++;
239 if (NULL == tmp_string) { 257 if (NULL == tmp_string) {
240 perror("sandbox: Out of memory (sandbox_setenv)"); 258 perror("sandbox: Out of memory (sandbox_setenv)");
241 exit(EXIT_FAILURE); 259 exit(EXIT_FAILURE);
242 } 260 }
243 261
244 snprintf(tmp_string, strlen(name) + strlen(val) + 2, "%s=%s", 262 retval = snprintf(tmp_string, strlen(name) + strlen(val) + 2, "%s=%s",
245 name, val); 263 name, val);
246 *tmp_env = tmp_string; 264 *tmp_env = tmp_string;
247 265
248 return 0; 266 return 0;
249} 267}
250 268
320 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE); 338 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE);
321 339
322 if (!getenv(ENV_SANDBOX_READ)) 340 if (!getenv(ENV_SANDBOX_READ))
323 sandbox_setenv(new_environ, ENV_SANDBOX_READ, "/"); 341 sandbox_setenv(new_environ, ENV_SANDBOX_READ, "/");
324 342
325 get_sandbox_write_envvar(sandbox_write_envvar, sandbox_info); 343 if (-1 == get_sandbox_write_envvar(sandbox_write_envvar, sandbox_info))
344 return NULL;
326 if (!getenv(ENV_SANDBOX_WRITE)) 345 if (!getenv(ENV_SANDBOX_WRITE))
327 sandbox_setenv(new_environ, ENV_SANDBOX_WRITE, sandbox_write_envvar); 346 sandbox_setenv(new_environ, ENV_SANDBOX_WRITE, sandbox_write_envvar);
328 347
329 get_sandbox_predict_envvar(sandbox_predict_envvar, sandbox_info); 348 if (-1 == get_sandbox_predict_envvar(sandbox_predict_envvar, sandbox_info))
349 return NULL;
330 if (!getenv(ENV_SANDBOX_PREDICT)) 350 if (!getenv(ENV_SANDBOX_PREDICT))
331 sandbox_setenv(new_environ, ENV_SANDBOX_PREDICT, sandbox_predict_envvar); 351 sandbox_setenv(new_environ, ENV_SANDBOX_PREDICT, sandbox_predict_envvar);
332 352
333 /* This one should NEVER be set in ebuilds, as it is the one 353 /* This one should NEVER be set in ebuilds, as it is the one
334 * private thing libsandbox.so use to test if the sandbox 354 * private thing libsandbox.so use to test if the sandbox
Legend:
Removed from v.158  
changed lines
  Added in v.159
  ViewVC Help
Powered by ViewVC 1.1.13