/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Contents of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 304 - (show annotations) (download) (as text)
Sat Jul 8 23:24:31 2006 UTC (7 years, 9 months ago) by azarah
File MIME type: text/x-csrc
File size: 19019 byte(s)
Free child argv we allocated earlier, as at execve() duplicates
this, so no need to keep it around and waiste more memory.  Make
sure we will not in future free them twice.

1 /*
2 ** Path sandbox for the gentoo linux portage package system, initially
3 ** based on the ROCK Linux Wrapper for getting a list of created files
4 **
5 ** to integrate with bash, bash should have been built like this
6 **
7 ** ./configure --prefix=<prefix> --host=<host> --without-gnu-malloc
8 **
9 ** it's very important that the --enable-static-link option is NOT specified
10 **
11 ** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
12 ** Distributed under the terms of the GNU General Public License, v2 or later
13 ** Author : Geert Bevin <gbevin@uwyn.com>
14 ** $Header$
15 */
16
17 /* #define _GNU_SOURCE */
18
19 #include <errno.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <limits.h>
24 #include <string.h>
25 #include <sys/wait.h>
26 #include <signal.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29
30 #include "sandbox.h"
31 #include "rcscripts/rcutil.h"
32
33 struct sandbox_info_t {
34 char sandbox_log[SB_PATH_MAX];
35 char sandbox_debug_log[SB_PATH_MAX];
36 char sandbox_lib[SB_PATH_MAX];
37 char sandbox_rc[SB_PATH_MAX];
38 char work_dir[SB_PATH_MAX];
39 char var_tmp_dir[SB_PATH_MAX];
40 char tmp_dir[SB_PATH_MAX];
41 char *home_dir;
42 } sandbox_info_t;
43
44 static int print_debug = 0;
45
46 volatile static int stop_called = 0;
47 volatile static pid_t child_pid = 0;
48
49 static char log_domain[] = "sandbox";
50
51 extern char **environ;
52
53 int sandbox_setup(struct sandbox_info_t *sandbox_info, bool interactive)
54 {
55 if (NULL != getenv(ENV_PORTAGE_TMPDIR)) {
56 /* Portage handle setting SANDBOX_WRITE itself. */
57 sandbox_info->work_dir[0] = '\0';
58 } else {
59 if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {
60 perror("sandbox: Failed to get current directory");
61 return -1;
62 }
63 if (interactive)
64 setenv(ENV_SANDBOX_WORKDIR, sandbox_info->work_dir, 1);
65 }
66
67 /* Do not resolve symlinks, etc .. libsandbox will handle that. */
68 if (!rc_is_dir(VAR_TMPDIR, TRUE)) {
69 perror("sandbox: Failed to get var_tmp_dir");
70 return -1;
71 }
72 snprintf(sandbox_info->var_tmp_dir, SB_PATH_MAX, "%s", VAR_TMPDIR);
73
74 if (-1 == get_tmp_dir(sandbox_info->tmp_dir)) {
75 perror("sandbox: Failed to get tmp_dir");
76 return -1;
77 }
78 setenv(ENV_TMPDIR, sandbox_info->tmp_dir, 1);
79
80 sandbox_info->home_dir = getenv("HOME");
81 if (!sandbox_info->home_dir) {
82 sandbox_info->home_dir = sandbox_info->tmp_dir;
83 setenv("HOME", sandbox_info->home_dir, 1);
84 }
85
86 /* Generate sandbox lib path */
87 get_sandbox_lib(sandbox_info->sandbox_lib);
88
89 /* Generate sandbox bashrc path */
90 get_sandbox_rc(sandbox_info->sandbox_rc);
91
92 /* Generate sandbox log full path */
93 get_sandbox_log(sandbox_info->sandbox_log);
94 if (rc_file_exists(sandbox_info->sandbox_log)) {
95 if (-1 == unlink(sandbox_info->sandbox_log)) {
96 perror("sandbox: Could not unlink old log file");
97 return -1;
98 }
99 }
100
101 /* Generate sandbox debug log full path */
102 get_sandbox_debug_log(sandbox_info->sandbox_debug_log);
103 if (rc_file_exists(sandbox_info->sandbox_debug_log)) {
104 if (-1 == unlink(sandbox_info->sandbox_debug_log)) {
105 perror("sandbox: Could not unlink old debug log file");
106 return -1;
107 }
108 }
109
110 return 0;
111 }
112
113 int print_sandbox_log(char *sandbox_log)
114 {
115 int sandbox_log_file = -1;
116 char *beep_count_env = NULL;
117 int i, color, beep_count = 0;
118 long len = 0;
119 char *buffer = NULL;
120
121 if (!rc_is_file(sandbox_log, FALSE)) {
122 perror("sandbox: Log file is not a regular file");
123 return 0;
124 }
125
126 sandbox_log_file = open(sandbox_log, O_RDONLY);
127 if (-1 == sandbox_log_file) {
128 perror("sandbox: Could not open Log file");
129 return 0;
130 }
131
132 len = file_length(sandbox_log_file);
133 buffer = (char *)xmalloc((len + 1) * sizeof(char));
134 memset(buffer, 0, len + 1);
135 read(sandbox_log_file, buffer, len);
136 close(sandbox_log_file);
137
138 color = ((is_env_on(ENV_NOCOLOR)) ? 0 : 1);
139
140 SB_EERROR(color,
141 "--------------------------- ACCESS VIOLATION SUMMARY ---------------------------",
142 "\n");
143 SB_EERROR(color, "LOG FILE = \"%s\"", "\n\n", sandbox_log);
144 fprintf(stderr, "%s", buffer);
145 if (NULL != buffer)
146 free(buffer);
147 SB_EERROR(color,
148 "--------------------------------------------------------------------------------",
149 "\n");
150
151 beep_count_env = getenv(ENV_SANDBOX_BEEP);
152 if (beep_count_env)
153 beep_count = atoi(beep_count_env);
154 else
155 beep_count = DEFAULT_BEEP_COUNT;
156
157 for (i = 0; i < beep_count; i++) {
158 fputc('\a', stderr);
159 if (i < beep_count - 1)
160 sleep(1);
161 }
162
163 return 1;
164 }
165
166 void stop(int signum)
167 {
168 if (0 == stop_called) {
169 stop_called = 1;
170 printf("sandbox: Caught signal %d in pid %d\n",
171 signum, getpid());
172 } else {
173 fprintf(stderr,
174 "sandbox: Signal already caught and busy still cleaning up!\n");
175 }
176 }
177
178 void usr1_handler(int signum, siginfo_t *siginfo, void *ucontext)
179 {
180 if (0 == stop_called) {
181 stop_called = 1;
182 printf("sandbox: Caught signal %d in pid %d\n",
183 signum, getpid());
184
185 /* FIXME: This is really bad form, as we should kill the whole process
186 * tree, but currently that is too much work and not worth the
187 * effort. Thus we only kill the calling process and our child
188 * for now.
189 */
190 if (siginfo->si_pid > 0)
191 kill(siginfo->si_pid, SIGKILL);
192 kill(child_pid, SIGKILL);
193 } else {
194 fprintf(stderr,
195 "sandbox: Signal already caught and busy still cleaning up!\n");
196 }
197 }
198
199 char *sandbox_subst_env_vars(dyn_buf_t *env_data)
200 {
201 dyn_buf_t *new_data = NULL;
202 char *tmp_ptr, *tmp_data = NULL;
203 char *var_start, *var_stop;
204
205 new_data = new_dyn_buf();
206 if (NULL == new_data)
207 return NULL;
208
209 tmp_data = read_line_dyn_buf(env_data);
210 if (NULL == tmp_data)
211 goto error;
212 tmp_ptr = tmp_data;
213
214 while (NULL != (var_start = strchr(tmp_ptr, '$'))) {
215 char *env = NULL;
216
217 var_stop = strchr(var_start, '}');
218
219 /* We only support ${} style env var names, so just skip any
220 * '$' that do not follow this syntax */
221 if (('{' != var_start[1]) || (NULL == var_stop)) {
222 tmp_ptr = var_start + 1;
223 continue;
224 }
225
226 /* Terminate part before env string so that we can copy it */
227 var_start[0] = '\0';
228 /* Move var_start past '${' */
229 var_start += 2;
230 /* Terminate the name of the env var */
231 var_stop[0] = '\0';
232
233 if (strlen(var_start) > 0)
234 env = getenv(var_start);
235 if (-1 == sprintf_dyn_buf(new_data, "%s%s",
236 tmp_ptr ? tmp_ptr : "",
237 env ? env : ""))
238 goto error;
239
240 /* Move tmp_ptr past the '}' of the env var */
241 tmp_ptr = var_stop + 1;
242 }
243
244 if (0 != strlen(tmp_ptr))
245 if (-1 == write_dyn_buf(new_data, tmp_ptr, strlen(tmp_ptr)))
246 goto error;
247
248 free(tmp_data);
249
250 tmp_data = read_line_dyn_buf(new_data);
251 if (NULL == tmp_data)
252 goto error;
253
254 free_dyn_buf(new_data);
255
256 return tmp_data;
257
258 error:
259 if (NULL != new_data)
260 free_dyn_buf(new_data);
261 if (NULL != tmp_data)
262 free(tmp_data);
263
264 return NULL;
265 }
266
267 void sandbox_set_env_var(const char *env_var)
268 {
269 char *config;
270
271 /* We check if the variable is set in the environment, and if not, we
272 * get it from sandbox.conf, and if they exist, we just add them to the
273 * environment if not already present. */
274 config = rc_get_cnf_entry(SANDBOX_CONF_FILE, env_var, NULL);
275 if (NULL != config) {
276 setenv(ENV_SANDBOX_VERBOSE, config, 0);
277 free(config);
278 }
279 }
280
281 int sandbox_set_env_access_var(const char *access_var)
282 {
283 dyn_buf_t *env_data = NULL;
284 int count = 0;
285 char *config = NULL;
286 char **confd_files = NULL;
287 bool use_confd = TRUE;
288
289 env_data = new_dyn_buf();
290 if (NULL == env_data)
291 return -1;
292
293 /* Now get the defaults for the access variable from sandbox.conf.
294 * These do not get overridden via the environment. */
295 config = rc_get_cnf_entry(SANDBOX_CONF_FILE, access_var, ":");
296 if (NULL != config) {
297 if (-1 == write_dyn_buf(env_data, config, strlen(config)))
298 goto error;
299 free(config);
300 config = NULL;
301 }
302 /* Append whatever might be already set. If anything is set, we do
303 * not process the sandbox.d/ files for this variable. */
304 if (NULL != getenv(access_var)) {
305 use_confd = FALSE;
306 if (-1 == sprintf_dyn_buf(env_data, env_data->wr_index ? ":%s" : "%s",
307 getenv(access_var)))
308 goto error;
309 }
310
311 if (!use_confd)
312 goto done;
313
314 /* Now scan the files in sandbox.d/ if the access variable was not
315 * alreay set. */
316 confd_files = rc_ls_dir(SANDBOX_CONFD_DIR, FALSE, TRUE);
317 if (NULL != confd_files) {
318 while (NULL != confd_files[count]) {
319 config = rc_get_cnf_entry(confd_files[count], access_var, ":");
320 if (NULL != config) {
321 if (-1 == sprintf_dyn_buf(env_data,
322 env_data->wr_index ? ":%s" : "%s",
323 config))
324 goto error;
325 free(config);
326 config = NULL;
327 }
328 count++;
329 }
330
331 str_list_free(confd_files);
332 }
333
334 done:
335 if (env_data->wr_index > 0) {
336 char *subst;
337
338 subst = sandbox_subst_env_vars(env_data);
339 if (NULL == subst)
340 goto error;
341
342 setenv(access_var, subst, 1);
343 free(subst);
344 }
345
346 free_dyn_buf(env_data);
347
348 return 0;
349
350 error:
351 if (NULL != env_data)
352 free_dyn_buf(env_data);
353 if (NULL != config)
354 free(config);
355 if (NULL != confd_files)
356 str_list_free(confd_files);
357
358 return -1;
359 }
360
361 int sandbox_setup_env_config(struct sandbox_info_t *sandbox_info)
362 {
363 sandbox_set_env_var(ENV_SANDBOX_VERBOSE);
364 sandbox_set_env_var(ENV_SANDBOX_DEBUG);
365 sandbox_set_env_var(ENV_SANDBOX_BEEP);
366 sandbox_set_env_var(ENV_NOCOLOR);
367
368 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_DENY))
369 return -1;
370 if (NULL == getenv(ENV_SANDBOX_DENY))
371 setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1);
372
373 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_READ))
374 return -1;
375 if (NULL == getenv(ENV_SANDBOX_READ))
376 setenv(ENV_SANDBOX_READ, "/", 1);
377
378 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_WRITE))
379 return -1;
380 if ((NULL == getenv(ENV_SANDBOX_WRITE)) &&
381 (NULL != sandbox_info->work_dir))
382 setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1);
383
384 if (-1 == sandbox_set_env_access_var(ENV_SANDBOX_PREDICT))
385 return -1;
386 if ((NULL == getenv(ENV_SANDBOX_PREDICT)) &&
387 (NULL != sandbox_info->home_dir))
388 setenv(ENV_SANDBOX_PREDICT, sandbox_info->home_dir, 1);
389
390 return 0;
391 }
392
393 int sandbox_setenv(char ***envp, const char *name, const char *val) {
394 char *tmp_string = NULL;
395
396 /* strlen(name) + strlen(val) + '=' + '\0' */
397 tmp_string = xmalloc((strlen(name) + strlen(val) + 2) * sizeof(char));
398 if (NULL == tmp_string)
399 goto error;
400
401 snprintf(tmp_string, strlen(name) + strlen(val) + 2,
402 "%s=%s", name, val);
403
404 str_list_add_item((*envp), tmp_string, error);
405
406 return 0;
407
408 error:
409 perror("sandbox: Out of memory (sandbox_setenv)");
410 exit(EXIT_FAILURE);
411 }
412
413 /* We setup the environment child side only to prevent issues with
414 * setting LD_PRELOAD parent side */
415 char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info, bool interactive)
416 {
417 int have_ld_preload = 0;
418
419 char **new_environ = NULL;
420 char **env_ptr;
421 char *ld_preload_envvar = NULL;
422 char *orig_ld_preload_envvar = NULL;
423 char sb_pid[64];
424
425 if (-1 == sandbox_setup_env_config(sandbox_info))
426 return NULL;
427
428 /* Unset these, as its easier than replacing when setting up our
429 * new environment below */
430 unsetenv(ENV_SANDBOX_ON);
431 unsetenv(ENV_SANDBOX_PID);
432 unsetenv(ENV_SANDBOX_LIB);
433 unsetenv(ENV_SANDBOX_BASHRC);
434 unsetenv(ENV_SANDBOX_LOG);
435 unsetenv(ENV_SANDBOX_DEBUG_LOG);
436 unsetenv(ENV_SANDBOX_WORKDIR);
437 unsetenv(ENV_SANDBOX_ACTIVE);
438 unsetenv(ENV_SANDBOX_INTRACTV);
439 unsetenv(ENV_BASH_ENV);
440
441 if (NULL != getenv(ENV_LD_PRELOAD)) {
442 have_ld_preload = 1;
443 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD);
444
445 ld_preload_envvar = xcalloc(strlen(orig_ld_preload_envvar) +
446 strlen(sandbox_info->sandbox_lib) + 2,
447 sizeof(char));
448 if (NULL == ld_preload_envvar)
449 return NULL;
450 snprintf(ld_preload_envvar, strlen(orig_ld_preload_envvar) +
451 strlen(sandbox_info->sandbox_lib) + 2, "%s %s",
452 sandbox_info->sandbox_lib, orig_ld_preload_envvar);
453 } else {
454 ld_preload_envvar = rc_strndup(sandbox_info->sandbox_lib,
455 strlen(sandbox_info->sandbox_lib));
456 if (NULL == ld_preload_envvar)
457 return NULL;
458 }
459 /* Do not unset this, as strange things might happen */
460 /* unsetenv(ENV_LD_PRELOAD); */
461
462 snprintf(sb_pid, sizeof(sb_pid), "%i", getpid());
463
464 /* First add our new variables to the beginning - this is due to some
465 * weirdness that I cannot remember */
466 sandbox_setenv(&new_environ, ENV_SANDBOX_ON, "1");
467 sandbox_setenv(&new_environ, ENV_SANDBOX_PID, sb_pid);
468 sandbox_setenv(&new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib);
469 sandbox_setenv(&new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc);
470 sandbox_setenv(&new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log);
471 sandbox_setenv(&new_environ, ENV_SANDBOX_DEBUG_LOG,
472 sandbox_info->sandbox_debug_log);
473 /* Is this an interactive session? */
474 if (interactive)
475 sandbox_setenv(&new_environ, ENV_SANDBOX_INTRACTV, "1");
476 /* Just set the these if not already set so that is_env_on() work */
477 if (!getenv(ENV_SANDBOX_VERBOSE))
478 sandbox_setenv(&new_environ, ENV_SANDBOX_VERBOSE, "1");
479 if (!getenv(ENV_SANDBOX_DEBUG))
480 sandbox_setenv(&new_environ, ENV_SANDBOX_DEBUG, "0");
481 if (!getenv(ENV_NOCOLOR))
482 sandbox_setenv(&new_environ, ENV_NOCOLOR, "no");
483 /* If LD_PRELOAD was not set, set it here, else do it below */
484 if (1 != have_ld_preload)
485 sandbox_setenv(&new_environ, ENV_LD_PRELOAD, ld_preload_envvar);
486
487 /* Make sure our bashrc gets preference */
488 sandbox_setenv(&new_environ, ENV_BASH_ENV, sandbox_info->sandbox_rc);
489
490 /* This one should NEVER be set in ebuilds, as it is the one
491 * private thing libsandbox.so use to test if the sandbox
492 * should be active for this pid, or not.
493 *
494 * azarah (3 Aug 2002)
495 */
496
497 sandbox_setenv(&new_environ, ENV_SANDBOX_ACTIVE, SANDBOX_ACTIVE);
498
499 /* Now add the rest */
500 env_ptr = environ;
501 while (NULL != *env_ptr) {
502 if ((1 == have_ld_preload) &&
503 (strstr(*env_ptr, LD_PRELOAD_EQ) == *env_ptr))
504 /* If LD_PRELOAD was set, and this is it in the original
505 * environment, replace it with our new copy */
506 /* XXX: The following works as it just add whatever as
507 * the last variable to nev_environ */
508 sandbox_setenv(&new_environ, ENV_LD_PRELOAD,
509 ld_preload_envvar);
510 else
511 str_list_add_item_copy(new_environ, (*env_ptr), error);
512
513 env_ptr++;
514 }
515
516 if (NULL != ld_preload_envvar)
517 free(ld_preload_envvar);
518
519 return new_environ;
520
521 error:
522 if (NULL != new_environ)
523 str_list_free(new_environ);
524 if (NULL != ld_preload_envvar)
525 free(ld_preload_envvar);
526
527 return NULL;
528 }
529
530 int spawn_shell(char *argv_bash[], char **env, int debug)
531 {
532 int status = 0;
533 int ret = 0;
534
535 child_pid = fork();
536
537 /* Child's process */
538 if (0 == child_pid) {
539 execve(argv_bash[0], argv_bash, env);
540 _exit(EXIT_FAILURE);
541 } else if (child_pid < 0) {
542 if (debug)
543 fprintf(stderr, "Process failed to spawn!\n");
544 return 0;
545 }
546
547 /* execve() creates a copy of this, so no need to use more memory than
548 * absolutely needed. */
549 str_list_free(argv_bash);
550 str_list_free(env);
551
552 ret = waitpid(child_pid, &status, 0);
553 if ((-1 == ret) || (status > 0)) {
554 if (debug)
555 fprintf(stderr, "Process returned with failed exit status!\n");
556 return 0;
557 }
558
559 return 1;
560 }
561
562 int main(int argc, char **argv)
563 {
564 struct sigaction act_new;
565
566 int success = 1;
567 int sandbox_log_presence = 0;
568
569 struct sandbox_info_t sandbox_info;
570
571 char **sandbox_environ;
572 char **argv_bash = NULL;
573
574 char *run_str = "-c";
575
576 rc_log_domain(log_domain);
577
578 /* Only print info if called with no arguments .... */
579 if (argc < 2)
580 print_debug = 1;
581
582 if (print_debug)
583 printf("========================== Gentoo linux path sandbox ===========================\n");
584
585 /* check if a sandbox is already running */
586 if (NULL != getenv(ENV_SANDBOX_ACTIVE)) {
587 fprintf(stderr, "Not launching a new sandbox instance\n");
588 fprintf(stderr, "Another one is already running in this process hierarchy.\n");
589 exit(EXIT_FAILURE);
590 }
591
592 /* determine the location of all the sandbox support files */
593 if (print_debug)
594 printf("Detection of the support files.\n");
595
596 if (-1 == sandbox_setup(&sandbox_info, print_debug)) {
597 fprintf(stderr, "sandbox: Failed to setup sandbox.");
598 exit(EXIT_FAILURE);
599 }
600
601 /* verify the existance of required files */
602 if (print_debug)
603 printf("Verification of the required files.\n");
604
605 #ifndef SB_HAVE_MULTILIB
606 if (!rc_file_exists(sandbox_info.sandbox_lib)) {
607 perror("sandbox: Could not open the sandbox library");
608 exit(EXIT_FAILURE);
609 }
610 #endif
611 if (!rc_file_exists(sandbox_info.sandbox_rc)) {
612 perror("sandbox: Could not open the sandbox rc file");
613 exit(EXIT_FAILURE);
614 }
615
616 /* set up the required environment variables */
617 if (print_debug)
618 printf("Setting up the required environment variables.\n");
619
620 /* If not in portage, cd into it work directory */
621 if ('\0' != sandbox_info.work_dir[0])
622 chdir(sandbox_info.work_dir);
623
624 /* Setup bash argv */
625 str_list_add_item_copy(argv_bash, "/bin/bash", oom_error);
626 str_list_add_item_copy(argv_bash, "-rcfile", oom_error);
627 str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error);
628 if (argc >= 2) {
629 int i;
630
631 str_list_add_item_copy(argv_bash, run_str, oom_error);
632 str_list_add_item_copy(argv_bash, argv[1], oom_error);
633 for (i = 2; i < argc; i++) {
634 char *tmp_ptr;
635
636 tmp_ptr = xrealloc(argv_bash[4],
637 (strlen(argv_bash[4]) +
638 strlen(argv[i]) + 2) *
639 sizeof(char));
640 if (NULL == tmp_ptr)
641 goto oom_error;
642
643 snprintf(argv_bash[4] + strlen(argv_bash[4]),
644 strlen(argv[i]) + 2, " %s",
645 argv[i]);
646 }
647 }
648
649 /* Setup the child environment stuff.
650 * XXX: We free this in spawn_shell(). */
651 sandbox_environ = sandbox_setup_environ(&sandbox_info, print_debug);
652 if (NULL == sandbox_environ)
653 goto oom_error;
654
655 /* set up the required signal handlers */
656 signal(SIGHUP, &stop);
657 signal(SIGINT, &stop);
658 signal(SIGQUIT, &stop);
659 signal(SIGTERM, &stop);
660 act_new.sa_sigaction = usr1_handler;
661 sigemptyset (&act_new.sa_mask);
662 act_new.sa_flags = SA_SIGINFO | SA_RESTART;
663 sigaction (SIGUSR1, &act_new, NULL);
664
665 /* STARTING PROTECTED ENVIRONMENT */
666 if (print_debug) {
667 printf("The protected environment has been started.\n");
668 printf("--------------------------------------------------------------------------------\n");
669 }
670
671 if (print_debug)
672 printf("Process being started in forked instance.\n");
673
674 /* Start Bash */
675 if (!spawn_shell(argv_bash, sandbox_environ, print_debug))
676 success = 0;
677
678 /* As spawn_shell() free both argv_bash and sandbox_environ, make sure
679 * we do not run into issues in future if we need a OOM error below
680 * this ... */
681 argv_bash = NULL;
682 sandbox_environ = NULL;
683
684 if (print_debug)
685 printf("Cleaning up sandbox process\n");
686
687 if (print_debug) {
688 printf("========================== Gentoo linux path sandbox ===========================\n");
689 printf("The protected environment has been shut down.\n");
690 }
691
692 if (rc_file_exists(sandbox_info.sandbox_log)) {
693 sandbox_log_presence = 1;
694 print_sandbox_log(sandbox_info.sandbox_log);
695 } else if (print_debug) {
696 printf("--------------------------------------------------------------------------------\n");
697 }
698
699 if ((sandbox_log_presence) || (!success))
700 return 1;
701 else
702 return 0;
703
704 oom_error:
705 if (NULL != argv_bash)
706 str_list_free(argv_bash);
707
708 perror("sandbox: Out of memory (environ)");
709 exit(EXIT_FAILURE);
710 }
711
712 // vim:noexpandtab noai:cindent ai

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20