/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Contents of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 298 - (show annotations) (download) (as text)
Sat Jul 8 19:53:06 2006 UTC (7 years, 9 months ago) by azarah
File MIME type: text/x-csrc
File size: 19270 byte(s)
Set 'env_ptr = environ;' _after_ we unset and set variables, else the
block could have been reallocated, and leave us using the wrong pointer.
General cleanup of the env handling code.  Free all memory used.

1 /*
2 ** Path sandbox for the gentoo linux portage package system, initially
3 ** based on the ROCK Linux Wrapper for getting a list of created files
4 **
5 ** to integrate with bash, bash should have been built like this
6 **
7 ** ./configure --prefix=<prefix> --host=<host> --without-gnu-malloc
8 **
9 ** it's very important that the --enable-static-link option is NOT specified
10 **
11 ** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
12 ** Distributed under the terms of the GNU General Public License, v2 or later
13 ** Author : Geert Bevin <gbevin@uwyn.com>
14 ** $Header$
15 */
16
17 /* #define _GNU_SOURCE */
18
19 #include <errno.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <limits.h>
24 #include <string.h>
25 #include <sys/wait.h>
26 #include <signal.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29
30 #include "sandbox.h"
31 #include "rcscripts/rcutil.h"
32
33 struct sandbox_info_t {
34 char sandbox_log[SB_PATH_MAX];
35 char sandbox_debug_log[SB_PATH_MAX];
36 char sandbox_lib[SB_PATH_MAX];
37 char sandbox_rc[SB_PATH_MAX];
38 char work_dir[SB_PATH_MAX];
39 char var_tmp_dir[SB_PATH_MAX];
40 char tmp_dir[SB_PATH_MAX];
41 char *home_dir;
42 } sandbox_info_t;
43
44 static int print_debug = 0;
45
46 volatile static int stop_called = 0;
47 volatile static pid_t child_pid = 0;
48
49 static char log_domain[] = "sandbox";
50
51 extern char **environ;
52
53 int sandbox_setup(struct sandbox_info_t *sandbox_info, bool interactive)
54 {
55 if (NULL != getenv(ENV_PORTAGE_TMPDIR)) {
56 /* Portage handle setting SANDBOX_WRITE itself. */
57 sandbox_info->work_dir[0] = '\0';
58 } else {
59 if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {
60 perror("sandbox: Failed to get current directory");
61 return -1;
62 }
63 if (interactive)
64 setenv(ENV_SANDBOX_WORKDIR, sandbox_info->work_dir, 1);
65 }
66
67 /* Do not resolve symlinks, etc .. libsandbox will handle that. */
68 if (!rc_is_dir(VAR_TMPDIR, TRUE)) {
69 perror("sandbox: Failed to get var_tmp_dir");
70 return -1;
71 }
72 snprintf(sandbox_info->var_tmp_dir, SB_PATH_MAX, "%s", VAR_TMPDIR);
73
74 if (-1 == get_tmp_dir(sandbox_info->tmp_dir)) {
75 perror("sandbox: Failed to get tmp_dir");
76 return -1;
77 }
78 setenv(ENV_TMPDIR, sandbox_info->tmp_dir, 1);
79
80 sandbox_info->home_dir = getenv("HOME");
81 if (!sandbox_info->home_dir) {
82 sandbox_info->home_dir = sandbox_info->tmp_dir;
83 setenv("HOME", sandbox_info->home_dir, 1);
84 }
85
86 /* Generate sandbox lib path */
87 get_sandbox_lib(sandbox_info->sandbox_lib);
88
89 /* Generate sandbox bashrc path */
90 get_sandbox_rc(sandbox_info->sandbox_rc);
91
92 /* Generate sandbox log full path */
93 get_sandbox_log(sandbox_info->sandbox_log);
94 if (rc_file_exists(sandbox_info->sandbox_log)) {
95 if (-1 == unlink(sandbox_info->sandbox_log)) {
96 perror("sandbox: Could not unlink old log file");
97 return -1;
98 }
99 }
100
101 /* Generate sandbox debug log full path */
102 get_sandbox_debug_log(sandbox_info->sandbox_debug_log);
103 if (rc_file_exists(sandbox_info->sandbox_debug_log)) {
104 if (-1 == unlink(sandbox_info->sandbox_debug_log)) {
105 perror("sandbox: Could not unlink old debug log file");
106 return -1;
107 }
108 }
109
110 return 0;
111 }
112
113 int print_sandbox_log(char *sandbox_log)
114 {
115 int sandbox_log_file = -1;
116 char *beep_count_env = NULL;
117 int i, color, beep_count = 0;
118 long len = 0;
119 char *buffer = NULL;
120
121 if (!rc_is_file(sandbox_log, FALSE)) {
122 perror("sandbox: Log file is not a regular file");
123 return 0;
124 }
125
126 sandbox_log_file = open(sandbox_log, O_RDONLY);
127 if (-1 == sandbox_log_file) {
128 perror("sandbox: Could not open Log file");
129 return 0;
130 }
131
132 len = file_length(sandbox_log_file);
133 buffer = (char *)xmalloc((len + 1) * sizeof(char));
134 memset(buffer, 0, len + 1);
135 read(sandbox_log_file, buffer, len);
136 close(sandbox_log_file);
137
138 color = ((is_env_on(ENV_NOCOLOR)) ? 0 : 1);
139
140 SB_EERROR(color,
141 "--------------------------- ACCESS VIOLATION SUMMARY ---------------------------",
142 "\n");
143 SB_EERROR(color, "LOG FILE = \"%s\"", "\n\n", sandbox_log);
144 fprintf(stderr, "%s", buffer);
145 if (NULL != buffer)
146 free(buffer);
147 SB_EERROR(color,
148 "--------------------------------------------------------------------------------",
149 "\n");
150
151 beep_count_env = getenv(ENV_SANDBOX_BEEP);
152 if (beep_count_env)
153 beep_count = atoi(beep_count_env);
154 else
155 beep_count = DEFAULT_BEEP_COUNT;
156
157 for (i = 0; i < beep_count; i++) {
158 fputc('\a', stderr);
159 if (i < beep_count - 1)
160 sleep(1);
161 }
162
163 return 1;
164 }
165
166 void stop(int signum)
167 {
168 if (0 == stop_called) {
169 stop_called = 1;
170 printf("sandbox: Caught signal %d in pid %d\n",
171 signum, getpid());
172 } else {
173 fprintf(stderr,
174 "sandbox: Signal already caught and busy still cleaning up!\n");
175 }
176 }
177
178 void usr1_handler(int signum, siginfo_t *siginfo, void *ucontext)
179 {
180 if (0 == stop_called) {
181 stop_called = 1;
182 printf("sandbox: Caught signal %d in pid %d\n",
183 signum, getpid());
184
185 /* FIXME: This is really bad form, as we should kill the whole process
186 * tree, but currently that is too much work and not worth the
187 * effort. Thus we only kill the calling process and our child
188 * for now.
189 */
190 if (siginfo->si_pid > 0)
191 kill(siginfo->si_pid, SIGKILL);
192 kill(child_pid, SIGKILL);
193 } else {
194 fprintf(stderr,
195 "sandbox: Signal already caught and busy still cleaning up!\n");
196 }
197 }
198
199 char *sandbox_subst_env_vars(dyn_buf_t *env_data)
200 {
201 dyn_buf_t *new_data = NULL;
202 char *tmp_ptr, *tmp_data = NULL;
203 char *var_start, *var_stop;
204
205 new_data = new_dyn_buf();
206 if (NULL == new_data)
207 return NULL;
208
209 tmp_data = read_line_dyn_buf(env_data);
210 if (NULL == tmp_data)
211 goto error;
212 tmp_ptr = tmp_data;
213
214 while (NULL != (var_start = strchr(tmp_ptr, '$'))) {
215 char *env = NULL;
216
217 var_stop = strchr(var_start, '}');
218
219 /* We only support ${} style env var names, so just skip any
220 * '$' that do not follow this syntax */
221 if (('{' != var_start[1]) || (NULL == var_stop)) {
222 tmp_ptr = var_start + 1;
223 continue;
224 }
225
226 /* Terminate part before env string so that we can copy it */
227 var_start[0] = '\0';
228 /* Move var_start past '${' */
229 var_start += 2;
230 /* Terminate the name of the env var */
231 var_stop[0] = '\0';
232
233 if (strlen(var_start) > 0)
234 env = getenv(var_start);
235 if (-1 == sprintf_dyn_buf(new_data, "%s%s",
236 tmp_ptr ? tmp_ptr : "",
237 env ? env : ""))
238 goto error;
239
240 /* Move tmp_ptr past the '}' of the env var */
241 tmp_ptr = var_stop + 1;
242 }
243
244 if (0 != strlen(tmp_ptr))
245 if (-1 == write_dyn_buf(new_data, tmp_ptr, strlen(tmp_ptr)))
246 goto error;
247
248 free(tmp_data);
249
250 tmp_data = read_line_dyn_buf(new_data);
251 if (NULL == tmp_data)
252 goto error;
253
254 free_dyn_buf(new_data);
255
256 return tmp_data;
257
258 error:
259 if (NULL != new_data)
260 free_dyn_buf(new_data);
261 if (NULL != tmp_data)
262 free(tmp_data);
263
264 return NULL;
265 }
266
267 void sandbox_set_env_var(const char *env_var)
268 {
269 char *config;
270
271 /* We check if the variable is set in the environment, and if not, we
272 * get it from sandbox.conf, and if they exist, we just add them to the
273 * environment if not already present. */
274 config = rc_get_cnf_entry(SANDBOX_CONF_FILE, env_var, NULL);
275 if (NULL != config) {
276 setenv(ENV_SANDBOX_VERBOSE, config, 0);
277 free(config);
278 }
279 }
280
281 int sandbox_set_env_access_var(const char *access_var)
282 {
283 dyn_buf_t *env_data = NULL;
284 int count = 0;
285 char *config = NULL;
286 char **confd_files = NULL;
287 bool use_confd = TRUE;
288
289 env_data = new_dyn_buf();
290 if (NULL == env_data)
291 return -1;
292
293 /* Now get the defaults for the access variable from sandbox.conf.
294 * These do not get overridden via the environment. */
295 config = rc_get_cnf_entry(SANDBOX_CONF_FILE, access_var, ":");
296 if (NULL != config) {
297 if (-1 == write_dyn_buf(env_data, config, strlen(config)))
298 goto error;
299 free(config);
300 config = NULL;
301 }
302 /* Append whatever might be already set. If anything is set, we do
303 * not process the sandbox.d/ files for this variable. */
304 if (NULL != getenv(access_var)) {
305 use_confd = FALSE;
306 if (-1 == sprintf_dyn_buf(env_data, env_data->wr_index ? ":%s" : "%s",
307 getenv(access_var)))
308 goto error;
309 }
310
311 if (!use_confd)
312 goto done;
313
314 /* Now scan the files in sandbox.d/ if the access variable was not
315 * alreay set. */
316 confd_files = rc_ls_dir(SANDBOX_CONFD_DIR, FALSE, TRUE);
317 if (NULL != confd_files) {
318 while (NULL != confd_files[count]) {
319 config = rc_get_cnf_entry(confd_files[count], access_var, ":");
320 if (NULL != config) {
321 if (-1 == sprintf_dyn_buf(env_data,
322 env_data->wr_index ? ":%s" : "%s",
323 config))
324 goto error;
325 free(config);
326 config = NULL;
327 }
328 count++;
329 }
330
331 str_list_free(confd_files);
332 }
333
334 done:
335 if (env_data->wr_index > 0) {
336 char *subst;
337
338 subst = sandbox_subst_env_vars(env_data);
339 if (NULL == subst)
340 goto error;
341
342 setenv(access_var, subst, 1);
343 free(subst);
344 }
345
346 free_dyn_buf(env_data);
347
348 return 0;
349
350 error:
351 if (NULL != env_data)
352 free_dyn_buf(env_data);
353 if (NULL != config)
354 free(config);
355 if (NULL != confd_files)
356 str_list_free(confd_files);
357
358 return -1;
359 }
360
361 int sandbox_setup_env_config(struct sandbox_info_t *sandbox_info)
362 {
363 sandbox_set_env_var(ENV_SANDBOX_VERBOSE);
364 sandbox_set_env_var(ENV_SANDBOX_DEBUG);
365 sandbox_set_env_var(ENV_SANDBOX_BEEP);
366 sandbox_set_env_var(ENV_NOCOLOR);
367
368 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_DENY))
369 return -1;
370 if (NULL == getenv(ENV_SANDBOX_DENY))
371 setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1);
372
373 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_READ))
374 return -1;
375 if (NULL == getenv(ENV_SANDBOX_READ))
376 setenv(ENV_SANDBOX_READ, "/", 1);
377
378 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_WRITE))
379 return -1;
380 if ((NULL == getenv(ENV_SANDBOX_WRITE)) &&
381 (NULL != sandbox_info->work_dir))
382 setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1);
383
384 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_PREDICT))
385 return -1;
386 if ((NULL == getenv(ENV_SANDBOX_PREDICT)) &&
387 (NULL != sandbox_info->home_dir))
388 setenv(ENV_SANDBOX_PREDICT, sandbox_info->home_dir, 1);
389
390 return 0;
391 }
392
393 int sandbox_setenv(char **env, const char *name, const char *val) {
394 char **tmp_env = env;
395 char *tmp_string = NULL;
396 int retval = 0;
397
398 /* XXX: We add the new variable to the end (no replacing). If this
399 * is changed, we need to fix sandbox_setup_environ() below */
400 while (NULL != *tmp_env)
401 tmp_env++;
402
403 /* strlen(name) + strlen(val) + '=' + '\0' */
404 tmp_string = xcalloc(strlen(name) + strlen(val) + 2, sizeof(char));
405 if (NULL == tmp_string) {
406 perror("sandbox: Out of memory (sandbox_setenv)");
407 exit(EXIT_FAILURE);
408 }
409
410 retval = snprintf(tmp_string, strlen(name) + strlen(val) + 2, "%s=%s",
411 name, val);
412 *tmp_env = tmp_string;
413
414 return 0;
415 }
416
417 /* We setup the environment child side only to prevent issues with
418 * setting LD_PRELOAD parent side */
419 char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info, bool interactive)
420 {
421 int env_size = 0;
422 int have_ld_preload = 0;
423
424 char **new_environ = NULL;
425 char **env_ptr;
426 char *ld_preload_envvar = NULL;
427 char *orig_ld_preload_envvar = NULL;
428 char sb_pid[64];
429
430 if (-1 == sandbox_setup_env_config(sandbox_info))
431 return NULL;
432
433 /* Unset these, as its easier than replacing when setting up our
434 * new environment below */
435 unsetenv(ENV_SANDBOX_ON);
436 unsetenv(ENV_SANDBOX_PID);
437 unsetenv(ENV_SANDBOX_LIB);
438 unsetenv(ENV_SANDBOX_BASHRC);
439 unsetenv(ENV_SANDBOX_LOG);
440 unsetenv(ENV_SANDBOX_DEBUG_LOG);
441 unsetenv(ENV_SANDBOX_WORKDIR);
442 unsetenv(ENV_SANDBOX_ACTIVE);
443 unsetenv(ENV_SANDBOX_INTRACTV);
444 unsetenv(ENV_BASH_ENV);
445
446 if (NULL != getenv(ENV_LD_PRELOAD)) {
447 have_ld_preload = 1;
448 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD);
449
450 ld_preload_envvar = xcalloc(strlen(orig_ld_preload_envvar) +
451 strlen(sandbox_info->sandbox_lib) + 2,
452 sizeof(char));
453 if (NULL == ld_preload_envvar)
454 return NULL;
455 snprintf(ld_preload_envvar, strlen(orig_ld_preload_envvar) +
456 strlen(sandbox_info->sandbox_lib) + 2, "%s %s",
457 sandbox_info->sandbox_lib, orig_ld_preload_envvar);
458 } else {
459 ld_preload_envvar = rc_strndup(sandbox_info->sandbox_lib,
460 strlen(sandbox_info->sandbox_lib));
461 if (NULL == ld_preload_envvar)
462 return NULL;
463 }
464 /* Do not unset this, as strange things might happen */
465 /* unsetenv(ENV_LD_PRELOAD); */
466
467 env_ptr = environ;
468 while (NULL != *env_ptr) {
469 env_size++;
470 env_ptr++;
471 }
472
473 /* XXX: Freed by main() after spawn_shell() */
474 new_environ = xcalloc(env_size + 20, sizeof(char *));
475 if (NULL == new_environ)
476 goto error;
477
478 snprintf(sb_pid, sizeof(sb_pid), "%i", getpid());
479
480 /* First add our new variables to the beginning - this is due to some
481 * weirdness that I cannot remember */
482 sandbox_setenv(new_environ, ENV_SANDBOX_ON, "1");
483 sandbox_setenv(new_environ, ENV_SANDBOX_PID, sb_pid);
484 sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib);
485 sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc);
486 sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log);
487 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG,
488 sandbox_info->sandbox_debug_log);
489 /* Is this an interactive session? */
490 if (interactive)
491 sandbox_setenv(new_environ, ENV_SANDBOX_INTRACTV, "1");
492 /* Just set the these if not already set so that is_env_on() work */
493 if (!getenv(ENV_SANDBOX_VERBOSE))
494 sandbox_setenv(new_environ, ENV_SANDBOX_VERBOSE, "1");
495 if (!getenv(ENV_SANDBOX_DEBUG))
496 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG, "0");
497 if (!getenv(ENV_NOCOLOR))
498 sandbox_setenv(new_environ, ENV_NOCOLOR, "no");
499 /* If LD_PRELOAD was not set, set it here, else do it below */
500 if (1 != have_ld_preload)
501 sandbox_setenv(new_environ, ENV_LD_PRELOAD, ld_preload_envvar);
502
503 /* Make sure our bashrc gets preference */
504 sandbox_setenv(new_environ, ENV_BASH_ENV, sandbox_info->sandbox_rc);
505
506 /* This one should NEVER be set in ebuilds, as it is the one
507 * private thing libsandbox.so use to test if the sandbox
508 * should be active for this pid, or not.
509 *
510 * azarah (3 Aug 2002)
511 */
512
513 sandbox_setenv(new_environ, ENV_SANDBOX_ACTIVE, SANDBOX_ACTIVE);
514
515 env_size = 0;
516 while (NULL != new_environ[env_size])
517 env_size++;
518
519 /* Now add the rest */
520 env_ptr = environ;
521 while (NULL != *env_ptr) {
522 if ((1 == have_ld_preload) &&
523 (strstr(*env_ptr, LD_PRELOAD_EQ) == *env_ptr)) {
524 /* If LD_PRELOAD was set, and this is it in the original
525 * environment, replace it with our new copy */
526 /* XXX: The following works as it just add whatever as
527 * the last variable to nev_environ */
528 sandbox_setenv(new_environ, ENV_LD_PRELOAD,
529 ld_preload_envvar);
530 } else {
531 char *new_var;
532
533 new_var = xstrndup(*env_ptr, strlen(*env_ptr));
534 if (NULL == new_var)
535 goto error;
536
537 new_environ[env_size] = new_var;
538 }
539
540 env_ptr++;
541 env_size++;
542 }
543
544 if (NULL != ld_preload_envvar)
545 free(ld_preload_envvar);
546
547 return new_environ;
548
549 error:
550 if (NULL != new_environ)
551 str_list_free(new_environ);
552 if (NULL != ld_preload_envvar)
553 free(ld_preload_envvar);
554
555 return NULL;
556 }
557
558 int spawn_shell(char *argv_bash[], char *env[], int debug)
559 {
560 int status = 0;
561 int ret = 0;
562
563 child_pid = fork();
564
565 /* Child's process */
566 if (0 == child_pid) {
567 execve(argv_bash[0], argv_bash, env);
568 _exit(EXIT_FAILURE);
569 } else if (child_pid < 0) {
570 if (debug)
571 fprintf(stderr, "Process failed to spawn!\n");
572 return 0;
573 }
574 ret = waitpid(child_pid, &status, 0);
575 if ((-1 == ret) || (status > 0)) {
576 if (debug)
577 fprintf(stderr, "Process returned with failed exit status!\n");
578 return 0;
579 }
580
581 return 1;
582 }
583
584 int main(int argc, char **argv)
585 {
586 struct sigaction act_new;
587
588 int i = 0, success = 1;
589 int sandbox_log_presence = 0;
590 long len;
591
592 struct sandbox_info_t sandbox_info;
593
594 char **sandbox_environ;
595 char **argv_bash = NULL;
596
597 char *run_str = "-c";
598
599 rc_log_domain(log_domain);
600
601 /* Only print info if called with no arguments .... */
602 if (argc < 2)
603 print_debug = 1;
604
605 if (print_debug)
606 printf("========================== Gentoo linux path sandbox ===========================\n");
607
608 /* check if a sandbox is already running */
609 if (NULL != getenv(ENV_SANDBOX_ACTIVE)) {
610 fprintf(stderr, "Not launching a new sandbox instance\n");
611 fprintf(stderr, "Another one is already running in this process hierarchy.\n");
612 exit(EXIT_FAILURE);
613 }
614
615 /* determine the location of all the sandbox support files */
616 if (print_debug)
617 printf("Detection of the support files.\n");
618
619 if (-1 == sandbox_setup(&sandbox_info, print_debug)) {
620 fprintf(stderr, "sandbox: Failed to setup sandbox.");
621 exit(EXIT_FAILURE);
622 }
623
624 /* verify the existance of required files */
625 if (print_debug)
626 printf("Verification of the required files.\n");
627
628 #ifndef SB_HAVE_MULTILIB
629 if (!rc_file_exists(sandbox_info.sandbox_lib)) {
630 perror("sandbox: Could not open the sandbox library");
631 exit(EXIT_FAILURE);
632 }
633 #endif
634 if (!rc_file_exists(sandbox_info.sandbox_rc)) {
635 perror("sandbox: Could not open the sandbox rc file");
636 exit(EXIT_FAILURE);
637 }
638
639 /* set up the required environment variables */
640 if (print_debug)
641 printf("Setting up the required environment variables.\n");
642
643 /* Setup the child environment stuff */
644 sandbox_environ = sandbox_setup_environ(&sandbox_info, print_debug);
645 if (NULL == sandbox_environ) {
646 perror("sandbox: Out of memory (environ)");
647 exit(EXIT_FAILURE);
648 }
649
650 /* If not in portage, cd into it work directory */
651 if ('\0' != sandbox_info.work_dir[0])
652 chdir(sandbox_info.work_dir);
653
654 argv_bash = (char **)xmalloc(6 * sizeof(char *));
655 argv_bash[0] = strdup("/bin/bash");
656 argv_bash[1] = strdup("-rcfile");
657 argv_bash[2] = strdup(sandbox_info.sandbox_rc);
658
659 if (argc < 2)
660 argv_bash[3] = NULL;
661 else
662 argv_bash[3] = strdup(run_str); /* "-c" */
663
664 argv_bash[4] = NULL; /* strdup(run_arg); */
665 argv_bash[5] = NULL;
666
667 if (argc >= 2) {
668 for (i = 1; i < argc; i++) {
669 if (NULL == argv_bash[4])
670 len = 0;
671 else
672 len = strlen(argv_bash[4]);
673
674 argv_bash[4] = (char *)xrealloc(argv_bash[4],
675 (len + strlen(argv[i]) + 2) * sizeof(char));
676
677 if (0 == len)
678 argv_bash[4][0] = 0;
679 if (1 != i)
680 strcat(argv_bash[4], " ");
681
682 strcat(argv_bash[4], argv[i]);
683 }
684 }
685
686 /* set up the required signal handlers */
687 signal(SIGHUP, &stop);
688 signal(SIGINT, &stop);
689 signal(SIGQUIT, &stop);
690 signal(SIGTERM, &stop);
691 act_new.sa_sigaction = usr1_handler;
692 sigemptyset (&act_new.sa_mask);
693 act_new.sa_flags = SA_SIGINFO | SA_RESTART;
694 sigaction (SIGUSR1, &act_new, NULL);
695
696 /* STARTING PROTECTED ENVIRONMENT */
697 if (print_debug) {
698 printf("The protected environment has been started.\n");
699 printf("--------------------------------------------------------------------------------\n");
700 }
701
702 if (print_debug)
703 printf("Process being started in forked instance.\n");
704
705 /* Start Bash */
706 if (!spawn_shell(argv_bash, sandbox_environ, print_debug))
707 success = 0;
708
709 /* Free bash and envp stuff */
710 str_list_free(argv_bash);
711 str_list_free(sandbox_environ);
712
713 if (print_debug)
714 printf("Cleaning up sandbox process\n");
715
716 if (print_debug) {
717 printf("========================== Gentoo linux path sandbox ===========================\n");
718 printf("The protected environment has been shut down.\n");
719 }
720
721 if (rc_file_exists(sandbox_info.sandbox_log)) {
722 sandbox_log_presence = 1;
723 print_sandbox_log(sandbox_info.sandbox_log);
724 } else if (print_debug) {
725 printf("--------------------------------------------------------------------------------\n");
726 }
727
728 if ((sandbox_log_presence) || (!success))
729 return 1;
730 else
731 return 0;
732 }
733
734 // vim:noexpandtab noai:cindent ai

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20