/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 224 Revision 261
21#include <stdio.h> 21#include <stdio.h>
22#include <stdlib.h> 22#include <stdlib.h>
23#include <limits.h> 23#include <limits.h>
24#include <string.h> 24#include <string.h>
25#include <sys/wait.h> 25#include <sys/wait.h>
26#include <signal.h>
26#include <unistd.h> 27#include <unistd.h>
27#include <fcntl.h> 28#include <fcntl.h>
28 29
29#include "sandbox.h" 30#include "sandbox.h"
30 31
40} sandbox_info_t; 41} sandbox_info_t;
41 42
42static int print_debug = 0; 43static int print_debug = 0;
43static int stop_called = 0; 44static int stop_called = 0;
44 45
46volatile static pid_t child_pid = 0;
47
45extern char **environ; 48extern char **environ;
46 49
47int sandbox_setup(struct sandbox_info_t *sandbox_info) 50int sandbox_setup(struct sandbox_info_t *sandbox_info)
48{ 51{
49 if (NULL != getenv(ENV_PORTAGE_TMPDIR)) { 52 if (NULL != getenv(ENV_PORTAGE_TMPDIR)) {
159{ 162{
160 if (stop_called == 0) { 163 if (stop_called == 0) {
161 stop_called = 1; 164 stop_called = 1;
162 printf("sandbox: Caught signal %d in pid %d\n", 165 printf("sandbox: Caught signal %d in pid %d\n",
163 signum, getpid()); 166 signum, getpid());
167
168 if ((SIGUSR1 == signum) && (0 != child_pid))
169 kill(child_pid, SIGKILL);
164 } else { 170 } else {
165 fprintf(stderr, 171 fprintf(stderr,
166 "sandbox: Signal already caught and busy still cleaning up!\n"); 172 "sandbox: Signal already caught and busy still cleaning up!\n");
167 } 173 }
168} 174}
270 char **env_ptr = environ; 276 char **env_ptr = environ;
271 char sandbox_write_envvar[SB_BUF_LEN]; 277 char sandbox_write_envvar[SB_BUF_LEN];
272 char sandbox_predict_envvar[SB_BUF_LEN]; 278 char sandbox_predict_envvar[SB_BUF_LEN];
273 char *ld_preload_envvar = NULL; 279 char *ld_preload_envvar = NULL;
274 char *orig_ld_preload_envvar = NULL; 280 char *orig_ld_preload_envvar = NULL;
281 char sb_pid[64];
275 282
276 /* Unset these, as its easier than replacing when setting up our 283 /* Unset these, as its easier than replacing when setting up our
277 * new environment below */ 284 * new environment below */
278 unsetenv(ENV_SANDBOX_ON); 285 unsetenv(ENV_SANDBOX_ON);
286 unsetenv(ENV_SANDBOX_PID);
279 unsetenv(ENV_SANDBOX_LIB); 287 unsetenv(ENV_SANDBOX_LIB);
280 unsetenv(ENV_SANDBOX_BASHRC); 288 unsetenv(ENV_SANDBOX_BASHRC);
281 unsetenv(ENV_SANDBOX_LOG); 289 unsetenv(ENV_SANDBOX_LOG);
282 unsetenv(ENV_SANDBOX_DEBUG_LOG); 290 unsetenv(ENV_SANDBOX_DEBUG_LOG);
291 unsetenv(ENV_SANDBOX_ACTIVE);
283 292
284 if (NULL != getenv(ENV_LD_PRELOAD)) { 293 if (NULL != getenv(ENV_LD_PRELOAD)) {
285 have_ld_preload = 1; 294 have_ld_preload = 1;
286 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD); 295 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD);
287 296
315 * a real leak that will cause issues. */ 324 * a real leak that will cause issues. */
316 new_environ = calloc((env_size + 15 + 1) * sizeof(char *), sizeof(char *)); 325 new_environ = calloc((env_size + 15 + 1) * sizeof(char *), sizeof(char *));
317 if (NULL == new_environ) 326 if (NULL == new_environ)
318 return NULL; 327 return NULL;
319 328
329 snprintf(sb_pid, sizeof(sb_pid), "%i", getpid());
330
320 /* First add our new variables to the beginning - this is due to some 331 /* First add our new variables to the beginning - this is due to some
321 * weirdness that I cannot remember */ 332 * weirdness that I cannot remember */
322 sandbox_setenv(new_environ, ENV_SANDBOX_ON, "1"); 333 sandbox_setenv(new_environ, ENV_SANDBOX_ON, "1");
334 sandbox_setenv(new_environ, ENV_SANDBOX_PID, sb_pid);
323 sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib); 335 sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib);
324 sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc); 336 sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc);
325 sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log); 337 sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log);
326 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG, 338 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG,
327 sandbox_info->sandbox_debug_log); 339 sandbox_info->sandbox_debug_log);
380 return new_environ; 392 return new_environ;
381} 393}
382 394
383int spawn_shell(char *argv_bash[], char *env[], int debug) 395int spawn_shell(char *argv_bash[], char *env[], int debug)
384{ 396{
385 int pid;
386 int status = 0; 397 int status = 0;
387 int ret = 0; 398 int ret = 0;
388 399
389 pid = fork(); 400 child_pid = fork();
390 401
391 /* Child's process */ 402 /* Child's process */
392 if (0 == pid) { 403 if (0 == child_pid) {
393 execve(argv_bash[0], argv_bash, env); 404 execve(argv_bash[0], argv_bash, env);
394 return 0; 405 return 0;
395 } else if (pid < 0) { 406 } else if (child_pid < 0) {
396 if (debug) 407 if (debug)
397 fprintf(stderr, "Process failed to spawn!\n"); 408 fprintf(stderr, "Process failed to spawn!\n");
398 return 0; 409 return 0;
399 } 410 }
400 ret = waitpid(pid, &status, 0); 411 ret = waitpid(child_pid, &status, 0);
401 if ((-1 == ret) || (status > 0)) { 412 if ((-1 == ret) || (status > 0)) {
402 if (debug) 413 if (debug)
403 fprintf(stderr, "Process returned with failed exit status!\n"); 414 fprintf(stderr, "Process returned with failed exit status!\n");
404 return 0; 415 return 0;
405 } 416 }
508 /* set up the required signal handlers */ 519 /* set up the required signal handlers */
509 signal(SIGHUP, &stop); 520 signal(SIGHUP, &stop);
510 signal(SIGINT, &stop); 521 signal(SIGINT, &stop);
511 signal(SIGQUIT, &stop); 522 signal(SIGQUIT, &stop);
512 signal(SIGTERM, &stop); 523 signal(SIGTERM, &stop);
524 signal(SIGUSR1, &stop);
513 525
514 /* STARTING PROTECTED ENVIRONMENT */ 526 /* STARTING PROTECTED ENVIRONMENT */
515 if (print_debug) { 527 if (print_debug) {
516 printf("The protected environment has been started.\n"); 528 printf("The protected environment has been started.\n");
517 printf("--------------------------------------------------------------------------------\n"); 529 printf("--------------------------------------------------------------------------------\n");

Legend:
Removed from v.224  
changed lines
  Added in v.261

  ViewVC Help
Powered by ViewVC 1.1.20