[gentoo-commits] proj/sandbox:master commit in: libsbutil/src/
commit: 3bdb6de54f80f7ddd9fa52f9181b3ab9dde87790 Author: Sam James gentoo org> AuthorDate: Sun Aug 6 00:20:01 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Tue Aug 8 15:29:35 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3bdb6de5 libsbutil: fix -Wold-style-declaration Signed-off-by: Sam James gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> libsbutil/src/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsbutil/src/debug.c b/libsbutil/src/debug.c index 42652a3..b901fe8 100644 --- a/libsbutil/src/debug.c +++ b/libsbutil/src/debug.c @@ -11,7 +11,7 @@ #include "headers.h" #include "rcscripts/rcutil.h" -volatile static int debug_errno = 0; +static volatile int debug_errno = 0; #define log_domain "sandbox"
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 6a6a6a6c9680e5868544887a7ab4d141833abfb6
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jul 17 13:43:51 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Mon Jul 17 13:43:51 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6a6a6a6c
sb_exists: drop use of faccessat
faccessat appears to perform quite poorly under certain conditions.
Go back to using fstatat until this can be debugged.
Bug: https://bugs.gentoo.org/910273
Signed-off-by: Mike Gilbert gentoo.org>
libsbutil/sb_exists.c | 10 --
1 file changed, 10 deletions(-)
diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
index 9ec7730..d34f0cc 100644
--- a/libsbutil/sb_exists.c
+++ b/libsbutil/sb_exists.c
@@ -10,15 +10,5 @@
int sb_exists(int dirfd, const char *pathname, int flags)
{
struct stat64 buf;
-
- if (faccessat(dirfd, pathname, F_OK, flags) == 0)
- return 0;
-
- /* musl's faccessat gives EINVAL when the kernel does not support
-* faccessat2 and AT_SYMLINK_NOFOLLOW is set.
-* https://www.openwall.com/lists/musl/2023/06/19/1 */
- if (errno != EINVAL)
- return -1;
-
return fstatat64(dirfd, pathname, , flags);
}
[gentoo-commits] proj/sandbox:master commit in: libsbutil/src/, libsandbox/wrapper-funcs/, libsbutil/, libsandbox/
commit: b55840ebe3278032777a3b52cecc6dac325dcf85
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jun 19 15:50:46 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Wed Jun 21 14:40:08 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=b55840eb
libsbutil: add sb_exists function
This provides a central place to work around a bug on musl where
faccessat sets errno to EINVAL when the kernel does not support
faccessat2.
Bug: https://bugs.gentoo.org/908765
Signed-off-by: Mike Gilbert gentoo.org>
libsandbox/pre_check_openat.c | 2 +-
libsandbox/wrapper-funcs/fopen_pre_check.c | 2 +-
libsbutil/local.mk | 1 +
libsbutil/sb_exists.c | 24
libsbutil/sbutil.h | 1 +
libsbutil/src/file.c | 2 +-
6 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/libsandbox/pre_check_openat.c b/libsandbox/pre_check_openat.c
index 8fd3b23..99c03eb 100644
--- a/libsandbox/pre_check_openat.c
+++ b/libsandbox/pre_check_openat.c
@@ -19,7 +19,7 @@ bool sb_openat_pre_check(const char *func, const char
*pathname, int dirfd, int
save_errno();
/* Doesn't exist -> skip permission checks */
- if (faccessat(dirfd, pathname, F_OK, (flags & O_NOFOLLOW) ?
AT_SYMLINK_NOFOLLOW : 0) == -1) {
+ if (sb_exists(dirfd, pathname, (flags & O_NOFOLLOW) ?
AT_SYMLINK_NOFOLLOW : 0) == -1) {
sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname,
strerror(errno));
return false;
}
diff --git a/libsandbox/wrapper-funcs/fopen_pre_check.c
b/libsandbox/wrapper-funcs/fopen_pre_check.c
index 95108e0..e3ed2c6 100644
--- a/libsandbox/wrapper-funcs/fopen_pre_check.c
+++ b/libsandbox/wrapper-funcs/fopen_pre_check.c
@@ -11,7 +11,7 @@ bool sb_fopen_pre_check(const char *func, const char
*pathname, const char *mode
save_errno();
/* If we're trying to read, fail normally if file does not stat
*/
- if (faccessat(AT_FDCWD, pathname, F_OK, 0) == -1) {
+ if (sb_exists(AT_FDCWD, pathname, 0) == -1) {
sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
func, pathname, strerror(errno));
return false;
diff --git a/libsbutil/local.mk b/libsbutil/local.mk
index 126c7ce..1cb5de7 100644
--- a/libsbutil/local.mk
+++ b/libsbutil/local.mk
@@ -16,6 +16,7 @@ noinst_LTLIBRARIES += %D%/libsbutil.la
%D%/environment.c \
%D%/sb_backtrace.c\
%D%/sb_efuncs.c \
+ %D%/sb_exists.c \
%D%/sb_gdb.c \
%D%/sb_method.c \
%D%/sb_open.c \
diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
new file mode 100644
index 000..9ec7730
--- /dev/null
+++ b/libsbutil/sb_exists.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2023 Gentoo Authors
+ * Distributed under the terms of the GNU General Public License v2
+ */
+
+#include "headers.h"
+#include "sbutil.h"
+
+/* Wrapper for faccessat to work around buggy behavior on musl */
+int sb_exists(int dirfd, const char *pathname, int flags)
+{
+ struct stat64 buf;
+
+ if (faccessat(dirfd, pathname, F_OK, flags) == 0)
+ return 0;
+
+ /* musl's faccessat gives EINVAL when the kernel does not support
+* faccessat2 and AT_SYMLINK_NOFOLLOW is set.
+* https://www.openwall.com/lists/musl/2023/06/19/1 */
+ if (errno != EINVAL)
+ return -1;
+
+ return fstatat64(dirfd, pathname, , flags);
+}
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index c146b80..4061dd3 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -111,6 +111,7 @@ size_t sb_write(int fd, const void *buf, size_t count);
int sb_close(int fd);
void sb_close_all_fds(void);
int sb_copy_file_to_fd(const char *file, int ofd);
+int sb_exists(int dirfd, const char *pathname, int flags);
/* Reliable output */
__printf(1, 2) void sb_printf(const char *format, ...);
diff --git a/libsbutil/src/file.c b/libsbutil/src/file.c
index 5a361f4..64a6f0e 100644
--- a/libsbutil/src/file.c
+++ b/libsbutil/src/file.c
@@ -15,7 +15,7 @@
bool
rc_file_exists (const char *pathname)
{
- return faccessat(AT_FDCWD, pathname, F_OK, AT_SYMLINK_NOFOLLOW) == 0;
+ return sb_exists(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW) == 0;
}
bool
[gentoo-commits] proj/sandbox:master commit in: libsbutil/include/rcscripts/util/, libsandbox/wrapper-funcs/, tests/, ...
commit: 632cc66ba52eb6aa7fd3e457c64d9186389a20b4
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Nov 6 03:14:42 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Nov 6 03:14:42 2021 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=632cc66b
change FS calls to use 64-bit interfaces explicitly
Make sure we use 64-bit FS interfaces when accessing the FS. This
is needed not only to stat or open large files, but even files with
64-bit inodes.
Bug: https://bugs.gentoo.org/583282
Signed-off-by: Mike Frysinger gentoo.org>
configure.ac | 7 +++
libsandbox/canonicalize.c | 8
libsandbox/libsandbox.c | 14 +++---
libsandbox/pre_check_mkdirat.c| 6 +++---
libsandbox/trace.c| 2 +-
libsandbox/wrapper-funcs/__wrapper_exec.c | 4 ++--
libsbutil/include/rcscripts/util/file.h | 2 +-
libsbutil/sb_close.c | 4 ++--
libsbutil/src/file.c | 24
src/namespaces.c | 4 ++--
tests/get-group.c | 4 ++--
tests/get-user.c | 4 ++--
tests/test-skel-0.c | 2 +-
tests/trace-memory_static_tst.c | 4 ++--
14 files changed, 48 insertions(+), 41 deletions(-)
diff --git a/configure.ac b/configure.ac
index 56ca87f..698051f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,6 +25,13 @@ AS_IF([test "$ac_cv_prog_cc_c99" = "no"], [AC_MSG_ERROR([A
C99+ compiler is requ
AM_PROG_CC_C_O
AC_ISC_POSIX
AC_USE_SYSTEM_EXTENSIONS
+dnl http://www.gnu.org/s/libc/manual/html_node/Feature-Test-Macros.html
+dnl _LARGEFILE_SOURCE: enable support for new LFS funcs (ftello/etc...)
+dnl _LARGEFILE64_SOURCE: enable support for 64-bit variants
(off64_t/fseeko64/etc...)
+dnl NB: We do not want -D_FILE_OFFSET_BITS=64 because we need to interpose
both 32-bit
+dnl and 64-bit FS interfaces, and having the C library rewrite them makes that
difficult.
+dnl Along those lines, we do not use AC_SYS_LARGEFILE.
+AS_VAR_APPEND([CPPFLAGS], [" -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"])
dnl Checks for programs.
AM_PROG_AR
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index 6519340..f742ed4 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -92,7 +92,7 @@ erealpath(const char *name, char *resolved)
goto error;
}
- /* This stat() business uses relative paths atm */
+ /* This stat business uses relative paths atm. */
if (trace_pid)
goto no_recover;
@@ -100,14 +100,14 @@ erealpath(const char *name, char *resolved)
* If not, try a little harder to consume this path in
* case it has symlinks out into a better world ...
*/
- struct stat st;
- if (lstat(rpath, ) == -1 && errno == EACCES) {
+ struct stat64 st;
+ if (lstat64(rpath, ) == -1 && errno == EACCES) {
char *p = rpath;
strcpy(rpath, name);
do {
p = strchr(p, '/');
if (p) *p = '\0';
- if (lstat(rpath, ))
+ if (lstat64(rpath, ))
break;
if (S_ISLNK(st.st_mode)) {
ssize_t cnt = readlink(rpath, rpath,
path_max);
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index b4db9ba..0ca2bc9 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -333,7 +333,7 @@ static char *resolve_path(const char *path, int follow_link)
char *egetcwd(char *buf, size_t size)
{
- struct stat st;
+ struct stat64 st;
char *tmpbuf;
/* We can't let the C lib allocate memory for us since we have our
@@ -376,12 +376,12 @@ char *egetcwd(char *buf, size_t size)
*/
if ((tmpbuf) && (errno == 0)) {
save_errno();
- if (!lstat(buf, ))
+ if (!lstat64(buf, ))
/* errno is set only on failure */
errno = 0;
if (errno == ENOENT)
- /* If lstat() failed with eerror = ENOENT, then its
+ /* If lstat failed with eerror = ENOENT, then its
* possible that we are running on an older kernel
* which had issues with returning invalid paths if
* they got too long. Return with errno = ENAMETOOLONG,
@@ -396,8 +396,8 @@ char *egetcwd(char *buf, size_t size)
free(buf);
/* Not sure if we should
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: f4872fb69fe16fc416e4211d12811da61e8738b2 Author: Mike Frysinger gentoo org> AuthorDate: Fri Nov 5 09:47:58 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Nov 5 09:47:58 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f4872fb6 Revert "Force sandbox-internal functions to use 64bit file interface" This reverts commit 19c215f245faf9a453e7171bddccc690c03f7b72. We do not want different LFS interfaces being used in different modules as it makes debugging a nightmare when different functions think basic structures have different layouts & sizes. This also doesn't address the LFS issues sandbox has when code still crashes in libsandbox itself when checking accesses. Bug: https://bugs.gentoo.org/681892 Signed-off-by: Mike Frysinger gentoo.org> libsbutil/local.mk | 1 - 1 file changed, 1 deletion(-) diff --git a/libsbutil/local.mk b/libsbutil/local.mk index bede5bf..126c7ce 100644 --- a/libsbutil/local.mk +++ b/libsbutil/local.mk @@ -2,7 +2,6 @@ noinst_LTLIBRARIES += %D%/libsbutil.la %C%_libsbutil_la_CPPFLAGS = \ $(AM_CPPFLAGS) \ - -D_FILE_OFFSET_BITS=64 \ -I$(top_srcdir)/%D% \ -I$(top_srcdir)/%D%/include %C%_libsbutil_la_LDFLAGS = -no-undefined
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 19c215f245faf9a453e7171bddccc690c03f7b72 Author: Andreas K. Hüttel gentoo org> AuthorDate: Wed Nov 3 21:05:53 2021 + Commit: Andreas K. Hüttel gentoo org> CommitDate: Wed Nov 3 21:05:53 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=19c215f2 Force sandbox-internal functions to use 64bit file interface This works around problems when a 64bit qemu is emulating a 32bit architecture. LFS has been present since glibc-2.2 and kernel 2.4. Signed-off-by: Andreas K. Hüttel gentoo.org> libsbutil/local.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/libsbutil/local.mk b/libsbutil/local.mk index 126c7ce..bede5bf 100644 --- a/libsbutil/local.mk +++ b/libsbutil/local.mk @@ -2,6 +2,7 @@ noinst_LTLIBRARIES += %D%/libsbutil.la %C%_libsbutil_la_CPPFLAGS = \ $(AM_CPPFLAGS) \ + -D_FILE_OFFSET_BITS=64 \ -I$(top_srcdir)/%D% \ -I$(top_srcdir)/%D%/include %C%_libsbutil_la_LDFLAGS = -no-undefined
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 7c92fad8b8e613ada5b4ce951829ed420a4aaac7 Author: Mike Frysinger gentoo org> AuthorDate: Wed Nov 3 04:56:17 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Nov 3 04:56:17 2021 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=7c92fad8 libsbutil: drop fsync when logging This was added as part of running multiple tracers in parallel in the hopes (hack) it would make logs less intermingled. Unfortunately, it didn't really accomplish that, and it upsets `file` when verbose output is enabled due to file's own seccomp filter (which doesn't have fsync). We could add this to file's seccomp filter (since it's a pretty benign syscall), but easier to just drop it at this point since it's not all that useful. Bug: https://bugs.gentoo.org/821403 Signed-off-by: Mike Frysinger gentoo.org> libsbutil/sb_efuncs.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libsbutil/sb_efuncs.c b/libsbutil/sb_efuncs.c index 1283784..7ded90d 100644 --- a/libsbutil/sb_efuncs.c +++ b/libsbutil/sb_efuncs.c @@ -52,7 +52,6 @@ static void sb_vefunc(const char *prog, const char *color, const char *format, v sb_fdprintf(fd, " %s*%s ", color, COLOR_NORMAL); sb_vfdprintf(fd, format, args); - fsync(fd); if (opened) close(fd); }
[gentoo-commits] proj/sandbox:master commit in: libsbutil/, libsandbox/, /, src/
commit: e20993aae51de13bfc4028105aa7756771046c64
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Oct 21 06:50:34 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Oct 21 06:50:34 2021 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e20993aa
build: flatten build a bit to avoid (most) recursive make
Provides a bit of a speed up.
Signed-off-by: Mike Frysinger gentoo.org>
.gitignore | 3 +-
Makefile.am | 20 -
configure.ac | 5 +--
libsandbox/Makefile | 4 ++
libsandbox/{Makefile.am => local.mk} | 81 +++-
libsbutil/Makefile | 4 ++
libsbutil/Makefile.am| 71 ---
libsbutil/local.mk | 65 +
src/Makefile | 4 ++
src/Makefile.am | 17
src/local.mk | 15 +++
11 files changed, 148 insertions(+), 141 deletions(-)
diff --git a/.gitignore b/.gitignore
index 76d3d1a..04a0f20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,8 @@ a.out
.deps
.libs
.dirstamp
-Makefile
+/Makefile
+/tests/Makefile
Makefile.in
f
diff --git a/Makefile.am b/Makefile.am
index b0ea65f..c01f973 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,23 +2,19 @@ ACLOCAL_AMFLAGS = -I m4
MAKEFLAGS = --no-print-directory
AM_CPPFLAGS = $(SANDBOX_DEFINES)
-SUBDIRS = \
- libsbutil \
- libsandbox \
- src\
- tests
+SUBDIRS = tests
confdir = $(sysconfdir)
confddir = $(sysconfdir)/sandbox.d
+bin_PROGRAMS =
dist_conf_DATA = etc/sandbox.conf
confd_DATA = etc/sandbox.d/00default
dist_pkgdata_DATA = data/sandbox.bashrc
+lib_LTLIBRARIES =
noinst_LTLIBRARIES =
-libsandbox: libsbutil
-src: libsbutil
-tests: src
+CLEANFILES =
EXTRA_DIST = \
headers.h \
@@ -31,8 +27,6 @@ EXTRA_DIST = \
scripts/gen_symbol_header.awk \
scripts/gen_trace_header.awk
-DISTCLEANFILES = $(CLEANFILES)
-
ChangeLog:
touch ChangeLog
@@ -47,3 +41,9 @@ dist-hook:
touch "$(distdir)/ChangeLog" ; \
fi ; \
fi
+
+include libsandbox/local.mk
+include libsbutil/local.mk
+include src/local.mk
+
+DISTCLEANFILES = $(CLEANFILES)
diff --git a/configure.ac b/configure.ac
index dac7d9c..99c0d01 100644
--- a/configure.ac
+++ b/configure.ac
@@ -56,7 +56,7 @@ AC_DEFUN([SB_CHECK_SCHIZO],[dnl
], [
enable_schizo=yes
AS_VAR_APPEND([SB_SCHIZO_SETTINGS], " $1:$2")
- AS_VAR_APPEND([SB_SCHIZO_HEADERS], "
trace_syscalls_$1.h")
+ AS_VAR_APPEND([SB_SCHIZO_HEADERS], "
libsandbox/trace_syscalls_$1.h")
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED([SB_SCHIZO_$1], 1, [Support for
$1/$2 is available])
], [
@@ -464,9 +464,6 @@ AC_CONFIG_FILES([src/sandbox.sh], [chmod +x src/sandbox.sh])
AC_CONFIG_FILES([
Makefile
etc/sandbox.d/00default
- libsandbox/Makefile
- libsbutil/Makefile
- src/Makefile
tests/atlocal
tests/Makefile
tests/package.m4
diff --git a/libsandbox/Makefile b/libsandbox/Makefile
new file mode 100644
index 000..ab08445
--- /dev/null
+++ b/libsandbox/Makefile
@@ -0,0 +1,4 @@
+# Helper for developers.
+all libsandbox: libsandbox/libsandbox.la ;
+clean: ; rm -f *.o *.l[ao] .libs/*
+%: ; $(MAKE) -C .. $@
diff --git a/libsandbox/Makefile.am b/libsandbox/local.mk
similarity index 52%
rename from libsandbox/Makefile.am
rename to libsandbox/local.mk
index ac9a548..9ddecb9 100644
--- a/libsandbox/Makefile.am
+++ b/libsandbox/local.mk
@@ -1,36 +1,38 @@
-AUTOMAKE_OPTIONS = foreign
+lib_LTLIBRARIES += %D%/libsandbox.la
-lib_LTLIBRARIES = libsandbox.la
-
-AM_CPPFLAGS = \
+%C%_libsandbox_la_CPPFLAGS = \
+ $(AM_CPPFLAGS) \
+ -I%D% \
-I$(top_srcdir) \
+ -I$(top_srcdir)/%D% \
-I$(top_srcdir)/libsbutil \
- -I$(top_srcdir)/libsbutil/include \
- $(SANDBOX_DEFINES)
+ -I$(top_srcdir)/libsbutil/include
-libsandbox_la_CFLAGS = $(CFLAG_EXCEPTIONS)
+%C%_libsandbox_la_CFLAGS = $(CFLAG_EXCEPTIONS)
# Could use the following to libsandbox_la_LIBADD, but then libtool links it
# with --whole-archive, and libsandbox.so increase with a few KB in size:
-# $(top_builddir)/libsbutil/libsbutil.la
-libsandbox_la_LIBSBLIB = $(top_builddir)/libsbutil/.libs/libsbutil.a
-libsandbox_la_LIBADD = \
+# libsbutil/libsbutil.la
+libsbutil/.libs/libsbutil.a: libsbutil/libsbutil.la
+%C%_libsandbox_la_LIBSBLIB = libsbutil/.libs/libsbutil.a
+%C%_libsandbox_la_LIBADD = \
-lc $(LIBDL) \
- $(libsandbox_la_LIBSBLIB)
+ $(%C%_libsandbox_la_LIBSBLIB)
# Do not add -nostdlib or -nostartfiles, as then our constructor
# and destructor
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 3ddaca746855efb229595738f33a9ba00e8f001b
Author: Mike Frysinger gentoo org>
AuthorDate: Mon Oct 18 06:33:10 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Oct 18 06:33:10 2021 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3ddaca74
libsbutil: add assert to testing code path
This makes it more obvious when the env is (incorrectly) partially setup.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/get_sandbox_conf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsbutil/get_sandbox_conf.c b/libsbutil/get_sandbox_conf.c
index af0140e..1178f8a 100644
--- a/libsbutil/get_sandbox_conf.c
+++ b/libsbutil/get_sandbox_conf.c
@@ -19,6 +19,7 @@ char *get_sandbox_conf(void)
save_errno();
if (is_env_on(ENV_SANDBOX_TESTING)) {
char *abs = getenv("abs_top_srcdir");
+ sb_assert(abs != NULL);
ret = xmalloc(strlen(abs) + strlen(LOCAL_SANDBOX_CONF_FILE) +
1);
sprintf(ret, "%s%s", abs, LOCAL_SANDBOX_CONF_FILE);
}
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 87d6537245b6f7cbf028e4c0e187cda7484729f0
Author: Guenther Brunthaler gmx net>
AuthorDate: Sun Nov 27 18:30:36 2016 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Nov 27 18:30:36 2016 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=87d65372
libsbutil: elide sb_maybe_gdb when -DNDEBUG is used
Since sb_maybe_gdb is set up as a stub macro, make sure we don't define
the function either to cut down on size and build failures (when the
macro tries to expand the function prototype).
URL: https://bugs.gentoo.org/600550
libsbutil/sb_gdb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libsbutil/sb_gdb.c b/libsbutil/sb_gdb.c
index 6112379..021a3c4 100644
--- a/libsbutil/sb_gdb.c
+++ b/libsbutil/sb_gdb.c
@@ -62,6 +62,7 @@ void sb_gdb(void)
}
}
+#ifndef NDEBUG
void sb_maybe_gdb(void)
{
if (is_env_on("SANDBOX_GDB")) {
@@ -69,3 +70,4 @@ void sb_maybe_gdb(void)
sb_gdb();
}
}
+#endif
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 1ec4f132c73bbf52104f84a95d168f8f609a5d14 Author: Mike Frysinger gentoo org> AuthorDate: Mon Jan 18 06:16:54 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Jan 18 06:16:54 2016 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=1ec4f132 libsbutil: clean up same.h distdir usage In commit 7a923f646ce10b7dec3c7ae5fe2079c10aa21752, we dropped the same.h header, but the build still listed it. Drop it from the distdir list. Signed-off-by: Mike Frysinger gentoo.org> libsbutil/Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --git a/libsbutil/Makefile.am b/libsbutil/Makefile.am index 0c41500..684d126 100644 --- a/libsbutil/Makefile.am +++ b/libsbutil/Makefile.am @@ -61,7 +61,6 @@ libsbutil_la_SOURCES =\ gnulib/hash-triple.c \ gnulib/hash-triple.h \ gnulib/pathmax.h \ - gnulib/same.h \ gnulib/same-inode.h \ gnulib/xalloc.h \ gnulib/xalloc-oversized.h \
[gentoo-commits] proj/sandbox:master commit in: libsbutil/gnulib/
commit: 7a923f646ce10b7dec3c7ae5fe2079c10aa21752
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Dec 20 21:08:16 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Dec 20 21:08:16 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=7a923f64
libsbutil: gnulib: hand disable same_name usage
We don't provide same_name because the one caller we don't use, but it
relies on gc-sections to avoid link errors. That flag doesn't work on
ia64 though, so we need to hand delete the one caller. Ugh.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/gnulib/hash-triple.c | 9 -
libsbutil/gnulib/same.h| 25 -
2 files changed, 34 deletions(-)
diff --git a/libsbutil/gnulib/hash-triple.c b/libsbutil/gnulib/hash-triple.c
index c3b6d9f..06cfbdf 100644
--- a/libsbutil/gnulib/hash-triple.c
+++ b/libsbutil/gnulib/hash-triple.c
@@ -24,7 +24,6 @@
#include
#include "hash-pjw.h"
-#include "same.h"
#include "same-inode.h"
#define STREQ(a, b) (strcmp (a, b) == 0)
@@ -52,14 +51,6 @@ triple_hash_no_name (void const *x, size_t table_size)
/* Compare two F_triple structs. */
bool
-triple_compare (void const *x, void const *y)
-{
- struct F_triple const *a = x;
- struct F_triple const *b = y;
- return (SAME_INODE (*a, *b) && same_name (a->name, b->name)) ? true : false;
-}
-
-bool
triple_compare_ino_str (void const *x, void const *y)
{
struct F_triple const *a = x;
diff --git a/libsbutil/gnulib/same.h b/libsbutil/gnulib/same.h
deleted file mode 100644
index ee313c5..000
--- a/libsbutil/gnulib/same.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/* Determine whether two file names refer to the same file.
-
- Copyright (C) 1997-2000, 2003-2004, 2009-2015 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: a60b397d75e121232b8066db7333b82a6f9a951c
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Dec 20 01:11:13 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Dec 20 01:11:13 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a60b397d
sb_efuncs: avoid pointless stdio indirection
We were setting up a FILE* from a file descriptor to pass to sb_fprintf
which is a simple macro that calls fileno(fp) to pass the fd down. We
can call the fd funcs directly and avoid the whole stdio business.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/sb_efuncs.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/libsbutil/sb_efuncs.c b/libsbutil/sb_efuncs.c
index c855257..2de3116 100644
--- a/libsbutil/sb_efuncs.c
+++ b/libsbutil/sb_efuncs.c
@@ -35,8 +35,8 @@ static void sbio_init(void)
*/
static void sb_vefunc(const char *prog, const char *color, const char *format,
va_list args)
{
+ bool opened;
int fd;
- FILE *fp;
if (likely(sbio_message_path))
fd = sbio_open(sbio_message_path, O_WRONLY|O_APPEND|O_CLOEXEC,
0);
@@ -44,15 +44,15 @@ static void sb_vefunc(const char *prog, const char *color,
const char *format, v
fd = -1;
if (fd == -1)
fd = sbio_open(sbio_fallback_path, O_WRONLY|O_CLOEXEC, 0);
- fp = fd == -1 ? NULL : fdopen(fd, "ae");
- if (!fp)
- fp = stderr;
+ opened = (fd != -1);
+ if (fd == -1)
+ fd = fileno(stderr);
- sb_fprintf(fp, " %s*%s ", color, COLOR_NORMAL);
- sb_vfprintf(fp, format, args);
+ sb_fdprintf(fd, " %s*%s ", color, COLOR_NORMAL);
+ sb_vfdprintf(fd, format, args);
- if (fp != stderr)
- fclose(fp);
+ if (opened)
+ close(fd);
}
void sb_einfo(const char *format, ...)
[gentoo-commits] proj/sandbox:master commit in: libsbutil/, src/
commit: 6738f1fe7622a73f4d1c5024b03fa538de98db37
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Sep 26 23:46:22 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Sep 26 23:46:22 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6738f1fe
libsbutil: add helpers for reading config options (w/out env export)
All sandbox settings thus far have been for libsandbox.so to process.
With newer features though, we have settings that might only apply to
the main sandbox program. Add some helper functions for parsing out
those settings (which a later commit will utilize).
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/environment.c | 43 ++-
libsbutil/sbutil.h | 2 ++
src/environ.c | 6 ++
src/sandbox.h | 2 ++
4 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/libsbutil/environment.c b/libsbutil/environment.c
index 70fdb72..805b9e6 100644
--- a/libsbutil/environment.c
+++ b/libsbutil/environment.c
@@ -10,9 +10,27 @@
#include "headers.h"
#include "sbutil.h"
-static bool env_is_in(const char *env, const char *values[], bool *set)
+static const char * const true_values[] = {
+ "1", "true", "yes", NULL,
+};
+
+static const char * const false_values[] = {
+ "0", "false", "no", NULL,
+};
+
+static bool val_is_in(const char *val, const char * const values[])
{
size_t i = 0;
+
+ while (values[i])
+ if (!strcasecmp(val, values[i++]))
+ return true;
+
+ return false;
+}
+
+static bool env_is_in(const char *env, const char * const values[], bool *set)
+{
const char *val;
if (unlikely(!env))
@@ -23,19 +41,21 @@ static bool env_is_in(const char *env, const char
*values[], bool *set)
if (unlikely(!*set))
return false;
- while (values[i])
- if (!strcasecmp(val, values[i++]))
- return true;
+ return val_is_in(val, values);
+}
- return false;
+bool is_val_on(const char *val)
+{
+ return val_is_in(val, true_values);
+}
+bool is_val_off(const char *val)
+{
+ return val_is_in(val, false_values);
}
bool is_env_set_on(const char *env, bool *set)
{
- static const char *values[] = {
- "1", "true", "yes", NULL,
- };
- return env_is_in(env, values, set);
+ return env_is_in(env, true_values, set);
}
bool is_env_on(const char *env)
{
@@ -45,10 +65,7 @@ bool is_env_on(const char *env)
bool is_env_set_off(const char *env, bool *set)
{
- static const char *values[] = {
- "0", "false", "no", NULL,
- };
- return env_is_in(env, values, set);
+ return env_is_in(env, false_values, set);
}
bool is_env_off(const char *env)
{
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 56fe6d3..15979da 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -73,6 +73,8 @@ void get_sandbox_log(char *path, const char *tmpdir);
void get_sandbox_debug_log(char *path, const char *tmpdir);
void get_sandbox_message_path(char *path);
int get_tmp_dir(char *path);
+bool is_val_on(const char *);
+bool is_val_off(const char *);
bool is_env_on(const char *);
bool is_env_off(const char *);
bool is_env_set_on(const char *, bool *);
diff --git a/src/environ.c b/src/environ.c
index 5f22829..346bc26 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -101,6 +101,12 @@ static void setup_cfg_var(const char *env_var)
}
}
+bool sb_get_cnf_bool(const char *key, bool default_val)
+{
+ const char *val = rc_get_cnf_entry(sb_conf_file(), key, NULL);
+ return val ? is_val_on(val) : default_val;
+}
+
/* Get passed access variable from sandbox.conf for sandbox.d/, and set it in
* the environment. */
static int setup_access_var(const char *access_var)
diff --git a/src/sandbox.h b/src/sandbox.h
index 361d468..4233bd6 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -26,6 +26,8 @@ struct sandbox_info_t {
extern char **setup_environ(struct sandbox_info_t *sandbox_info);
+extern bool sb_get_cnf_bool(const char *, bool);
+
#define sb_warn(fmt, args...) fprintf(stderr, "%s:%s " fmt "\n", "sandbox",
__func__, ## args)
#define sb_pwarn(fmt, args...) sb_warn(fmt ": %s\n", ## args, strerror(errno))
#define _sb_err(func, fmt, args...) do { sb_##func(fmt, ## args);
exit(EXIT_FAILURE); } while (0)
[gentoo-commits] proj/sandbox:master commit in: libsbutil/, src/
commit: 6ec0de3146977b4b913c77edc58f840f5ce712b4
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Sep 26 23:46:22 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Sep 26 23:46:22 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6ec0de31
libsbutil: add helpers for reading config options (w/out env export)
All sandbox settings thus far have been for libsandbox.so to process.
With newer features though, we have settings that might only apply to
the main sandbox program. Add some helper functions for parsing out
those settings (which a later commit will utilize).
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/environment.c | 43 ++-
libsbutil/sbutil.h | 2 ++
src/environ.c | 6 ++
src/sandbox.h | 2 ++
4 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/libsbutil/environment.c b/libsbutil/environment.c
index 70fdb72..805b9e6 100644
--- a/libsbutil/environment.c
+++ b/libsbutil/environment.c
@@ -10,9 +10,27 @@
#include "headers.h"
#include "sbutil.h"
-static bool env_is_in(const char *env, const char *values[], bool *set)
+static const char * const true_values[] = {
+ "1", "true", "yes", NULL,
+};
+
+static const char * const false_values[] = {
+ "0", "false", "no", NULL,
+};
+
+static bool val_is_in(const char *val, const char * const values[])
{
size_t i = 0;
+
+ while (values[i])
+ if (!strcasecmp(val, values[i++]))
+ return true;
+
+ return false;
+}
+
+static bool env_is_in(const char *env, const char * const values[], bool *set)
+{
const char *val;
if (unlikely(!env))
@@ -23,19 +41,21 @@ static bool env_is_in(const char *env, const char
*values[], bool *set)
if (unlikely(!*set))
return false;
- while (values[i])
- if (!strcasecmp(val, values[i++]))
- return true;
+ return val_is_in(val, values);
+}
- return false;
+bool is_val_on(const char *val)
+{
+ return val_is_in(val, true_values);
+}
+bool is_val_off(const char *val)
+{
+ return val_is_in(val, false_values);
}
bool is_env_set_on(const char *env, bool *set)
{
- static const char *values[] = {
- "1", "true", "yes", NULL,
- };
- return env_is_in(env, values, set);
+ return env_is_in(env, true_values, set);
}
bool is_env_on(const char *env)
{
@@ -45,10 +65,7 @@ bool is_env_on(const char *env)
bool is_env_set_off(const char *env, bool *set)
{
- static const char *values[] = {
- "0", "false", "no", NULL,
- };
- return env_is_in(env, values, set);
+ return env_is_in(env, false_values, set);
}
bool is_env_off(const char *env)
{
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 56fe6d3..15979da 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -73,6 +73,8 @@ void get_sandbox_log(char *path, const char *tmpdir);
void get_sandbox_debug_log(char *path, const char *tmpdir);
void get_sandbox_message_path(char *path);
int get_tmp_dir(char *path);
+bool is_val_on(const char *);
+bool is_val_off(const char *);
bool is_env_on(const char *);
bool is_env_off(const char *);
bool is_env_set_on(const char *, bool *);
diff --git a/src/environ.c b/src/environ.c
index 5f22829..346bc26 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -101,6 +101,12 @@ static void setup_cfg_var(const char *env_var)
}
}
+bool sb_get_cnf_bool(const char *key, bool default_val)
+{
+ const char *val = rc_get_cnf_entry(sb_conf_file(), key, NULL);
+ return val ? is_val_on(val) : default_val;
+}
+
/* Get passed access variable from sandbox.conf for sandbox.d/, and set it in
* the environment. */
static int setup_access_var(const char *access_var)
diff --git a/src/sandbox.h b/src/sandbox.h
index 361d468..4233bd6 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -26,6 +26,8 @@ struct sandbox_info_t {
extern char **setup_environ(struct sandbox_info_t *sandbox_info);
+extern bool sb_get_cnf_bool(const char *, bool);
+
#define sb_warn(fmt, args...) fprintf(stderr, "%s:%s " fmt "\n", "sandbox",
__func__, ## args)
#define sb_pwarn(fmt, args...) sb_warn(fmt ": %s\n", ## args, strerror(errno))
#define _sb_err(func, fmt, args...) do { sb_##func(fmt, ## args);
exit(EXIT_FAILURE); } while (0)
[gentoo-commits] proj/sandbox:master commit in: libsbutil/gnulib/
commit: e2f06703fe28a3dcc70b847d3b7723bf5c346763
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Sep 26 23:42:05 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Sep 26 23:42:05 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e2f06703
libsbutil: gnulib: mark xgetcwd static inline
Rather than use gnu inline where gcc can create external references
(which we don't provide), just always inline the xgetcwd func. This
fixes building at -O0 optimization levels.
URL: https://bugs.gentoo.org/561342
Reported-by: Pryka gmail.com>
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/gnulib/xgetcwd.h | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/libsbutil/gnulib/xgetcwd.h b/libsbutil/gnulib/xgetcwd.h
index 765fab4..fbe0a7c 100644
--- a/libsbutil/gnulib/xgetcwd.h
+++ b/libsbutil/gnulib/xgetcwd.h
@@ -6,16 +6,12 @@
* Licensed under the GPL-2
*/
-_GL_INLINE_HEADER_BEGIN
-
extern char *egetcwd(char *buf, size_t size);
-_GL_INLINE char *xgetcwd(void)
+static inline char *xgetcwd(void)
{
char *ret = egetcwd(NULL, 0);
if (ret == NULL && errno == ENOMEM)
xalloc_die();
return ret;
}
-
-_GL_INLINE_HEADER_END
[gentoo-commits] proj/sandbox:master commit in: libsbutil/, libsbutil/gnulib/, /
commit: 105b7e047e98e8f9211a30133d0cc1cb97aef9b0
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Sep 20 07:03:30 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Sep 20 07:03:30 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=105b7e04
libsbutil: gnulib: import modules for canonicalize_filename_mode
This lays the groundwork for fixing handling of broken symlinks. The
gnulib code is hand imported because using the gnulib tool imports a
ton of code we do not want. Only the bare minimum is imported so we
can use the canonicalize_filename_mode function.
This function is needed to canonicalize symlinks that are ultimately
broken. The current sandbox/C library code only supports two modes:
(1) dereference a single symlink
(2) dereference *all* symlinks, but only if all links are valid
For sandbox, we need to know the final path a symlink points to even
if that path doesn't (yet) exist.
Note: This commit doesn't actually fix the bug, just brings in the
functions we need to do so.
URL: https://bugs.gentoo.org/540828
Reported-by: Rick Farina gentoo.org>
Signed-off-by: Mike Frysinger gentoo.org>
configure.ac |5 +-
headers.h |2 +
libsbutil/Makefile.am | 24 +
libsbutil/gnulib/areadlink-with-size.c | 104 +++
libsbutil/gnulib/areadlink.h | 33 +
libsbutil/gnulib/bitrotate.c |3 +
libsbutil/gnulib/bitrotate.h | 136
libsbutil/gnulib/canonicalize.c| 354 +
libsbutil/gnulib/canonicalize.h| 48 ++
libsbutil/gnulib/careadlinkat.h| 67 ++
libsbutil/gnulib/dosname.h | 53 ++
libsbutil/gnulib/file-set.c| 74 ++
libsbutil/gnulib/file-set.h| 15 +
libsbutil/gnulib/gl-inline.h | 92 +++
libsbutil/gnulib/glue.h| 10 +
libsbutil/gnulib/hash-pjw.c| 40 ++
libsbutil/gnulib/hash-pjw.h| 23 +
libsbutil/gnulib/hash-triple.c | 77 ++
libsbutil/gnulib/hash-triple.h | 24 +
libsbutil/gnulib/hash.c| 1225
libsbutil/gnulib/hash.h| 103 +++
libsbutil/gnulib/pathmax.h | 83 +++
libsbutil/gnulib/same-inode.h | 33 +
libsbutil/gnulib/same.h| 25 +
libsbutil/gnulib/xalloc-oversized.h| 38 +
libsbutil/gnulib/xalloc.h |1 +
libsbutil/gnulib/xgetcwd.h | 21 +
libsbutil/sbutil.h |3 +
28 files changed, 2715 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 73227db..e705d41 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
AC_PREREQ([2.61])
AC_INIT([sandbox], [2.8], [sand...@gentoo.org])
-AM_INIT_AUTOMAKE([1.12 dist-xz no-dist-gzip silent-rules -Wall])
+AM_INIT_AUTOMAKE([1.12 dist-xz no-dist-gzip silent-rules subdir-objects -Wall])
AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm
AC_CONFIG_HEADER([config.h])
AC_CONFIG_MACRO_DIR([m4])
@@ -417,6 +417,9 @@ if test "x${LDFLAG_VER}" = "x" ; then
fi
AC_SUBST([LDFLAG_VER])
+dnl Add some glue for gnulib modules that include config.h directly.
+AH_BOTTOM([#include "headers.h"])
+
AC_CONFIG_TESTDIR([tests])
AC_CONFIG_FILES([src/sandbox.sh], [chmod +x src/sandbox.sh])
diff --git a/headers.h b/headers.h
index 42b7c25..1dc140e 100644
--- a/headers.h
+++ b/headers.h
@@ -146,4 +146,6 @@
# include "localdecls.h"
#endif
+#include "libsbutil/gnulib/glue.h"
+
#endif
diff --git a/libsbutil/Makefile.am b/libsbutil/Makefile.am
index 39a5ab6..0c41500 100644
--- a/libsbutil/Makefile.am
+++ b/libsbutil/Makefile.am
@@ -42,6 +42,30 @@ libsbutil_la_SOURCES =\
src/config.c \
include/rcscripts/util/dynbuf.h \
src/dynbuf.c \
+ gnulib/areadlink.h\
+ gnulib/areadlink-with-size.c \
+ gnulib/bitrotate.c\
+ gnulib/bitrotate.h\
+ gnulib/canonicalize.c \
+ gnulib/canonicalize.h \
+ gnulib/careadlinkat.h \
+ gnulib/dosname.h \
+ gnulib/file-set.c \
+ gnulib/file-set.h \
+ gnulib/gl-inline.h\
+ gnulib/glue.h \
+ gnulib/hash.c \
+ gnulib/hash.h \
+ gnulib/hash-pjw.c \
+ gnulib/hash-pjw.h \
+ gnulib/hash-triple.c \
+ gnulib/hash-triple.h \
+ gnulib/pathmax.h \
+ gnulib/same.h \
+ gnulib/same-inode.h \
+
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 7e7a7a025dd2d43daf0b8ca14135e14bcaf871ce
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Sep 20 06:35:25 2015 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Sep 20 06:35:25 2015 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=7e7a7a02
libsbutil: undef memory redirect calls
Sometimes the C library will redirect a call to strdup to __strdup which
breaks when we're using the libsandbox memory allocator. This was fixed
in libsandbox in commit d7801453aced46a6f31d8455877edeb31a5211cc, but we
didn't notice in libsbutil as no calls to strdup happened to come up.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/sb_memory.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libsbutil/sb_memory.c b/libsbutil/sb_memory.c
index bdc054f..ebc1c8e 100644
--- a/libsbutil/sb_memory.c
+++ b/libsbutil/sb_memory.c
@@ -11,6 +11,12 @@
#include "headers.h"
#include "sbutil.h"
+/* Make sure the C library doesn't rewrite calls to funcs libsandbox provides.
*/
+#undef calloc
+#undef malloc
+#undef realloc
+#undef strdup
+
void *
__xcalloc(size_t nmemb, size_t size, const char *file, const char *func,
size_t line)
{
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 1a018e80058697408ce95142ffc292a5929fcc2b Author: Mike Frysinger gentoo org> AuthorDate: Sun Mar 3 10:33:13 2013 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Mar 3 10:33:13 2013 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=1a018e80 sb_efuncs: fix thinko in message patch Forgot to assign the fallback open to the fd. Whee. Signed-off-by: Mike Frysinger gentoo.org> libsbutil/sb_efuncs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsbutil/sb_efuncs.c b/libsbutil/sb_efuncs.c index 80064c6..c855257 100644 --- a/libsbutil/sb_efuncs.c +++ b/libsbutil/sb_efuncs.c @@ -43,7 +43,7 @@ static void sb_vefunc(const char *prog, const char *color, const char *format, v else fd = -1; if (fd == -1) - sbio_open(sbio_fallback_path, O_WRONLY|O_CLOEXEC, 0); + fd = sbio_open(sbio_fallback_path, O_WRONLY|O_CLOEXEC, 0); fp = fd == -1 ? NULL : fdopen(fd, "ae"); if (!fp) fp = stderr;
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 2469bbf7607b7544d5df4b0645a0798a226bb5d6
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Feb 23 04:58:44 2013 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Feb 23 04:58:44 2013 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=2469bbf7
environ: add set variants to env_is_{on,off}
In some situations, we want to know the tristate of "is on", "is off", and
"is set" instead of just lumping the "is not set" case in with "is off".
Add some helpers for that.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/environment.c | 26 +++---
libsbutil/sbutil.h | 2 ++
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/libsbutil/environment.c b/libsbutil/environment.c
index b24189f..70fdb72 100644
--- a/libsbutil/environment.c
+++ b/libsbutil/environment.c
@@ -10,15 +10,17 @@
#include "headers.h"
#include "sbutil.h"
-static bool env_is_in(const char *env, const char *values[])
+static bool env_is_in(const char *env, const char *values[], bool *set)
{
size_t i = 0;
const char *val;
if (unlikely(!env))
- return false;
+ return (*set = false);
+
val = getenv(env);
- if (unlikely(!val))
+ *set = (val != NULL);
+ if (unlikely(!*set))
return false;
while (values[i])
@@ -28,18 +30,28 @@ static bool env_is_in(const char *env, const char *values[])
return false;
}
-bool is_env_on(const char *env)
+bool is_env_set_on(const char *env, bool *set)
{
static const char *values[] = {
"1", "true", "yes", NULL,
};
- return env_is_in(env, values);
+ return env_is_in(env, values, set);
+}
+bool is_env_on(const char *env)
+{
+ bool set;
+ return is_env_set_on(env, );
}
-bool is_env_off(const char *env)
+bool is_env_set_off(const char *env, bool *set)
{
static const char *values[] = {
"0", "false", "no", NULL,
};
- return env_is_in(env, values);
+ return env_is_in(env, values, set);
+}
+bool is_env_off(const char *env)
+{
+ bool set;
+ return is_env_set_off(env, );
}
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 993d7ad..02b88cb 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -75,6 +75,8 @@ void get_sandbox_message_path(char *path);
int get_tmp_dir(char *path);
bool is_env_on(const char *);
bool is_env_off(const char *);
+bool is_env_set_on(const char *, bool *);
+bool is_env_set_off(const char *, bool *);
static inline bool is_env_var(const char *env, const char *var, size_t vlen)
{
return !strncmp(env, var, vlen) && env[vlen] == '=';
[gentoo-commits] proj/sandbox:master commit in: libsbutil/, libsandbox/, tests/
commit: a3ff1534945c3898332b2481c9fd355dfbd56e1f
Author: Mike Frysinger gentoo org>
AuthorDate: Sat Jun 23 18:52:51 2012 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sat Jun 23 18:52:51 2012 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a3ff1534
libsandbox: clean up open file handles in parent tracing process
Currently, if a non-static app sets up a pipe (with cloexec enabled) and
executes a static app, the handle to that pipe is left open in the parent
process. This causes trouble when the parent is waiting for that to be
closed immediately.
Since none of the fds in the forked parent process matter to us, we can
just go ahead and clean up all fds before we start tracing the child.
URL: http://bugs.gentoo.org/364877
Reported-by: Victor Stinner haypocalc.com>
Signed-off-by: Mike Frysinger gentoo.org>
libsandbox/trace.c | 3 +-
libsbutil/sb_close.c | 26 +++-
libsbutil/sbutil.h | 1 +
tests/Makefile.am| 2 +
tests/pipe-fork_static_tst.c | 18 +
tests/pipe-fork_tst.c| 95
tests/script-9.sh| 5 +++
tests/script.at | 1 +
8 files changed, 149 insertions(+), 2 deletions(-)
diff --git a/libsandbox/trace.c b/libsandbox/trace.c
index 32ad2d6..dfbab18 100644
--- a/libsandbox/trace.c
+++ b/libsandbox/trace.c
@@ -504,8 +504,9 @@ void trace_main(const char *filename, char *const argv[])
/* Not all kernel versions support this, so ignore return */
ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void
*)PTRACE_O_TRACESYSGOOD);
#endif
+ sb_close_all_fds();
trace_loop();
- return;
+ sb_ebort("ISE: child should have quit, as should we\n");
}
sb_debug("child setting up ...");
diff --git a/libsbutil/sb_close.c b/libsbutil/sb_close.c
index 17a4560..5379197 100644
--- a/libsbutil/sb_close.c
+++ b/libsbutil/sb_close.c
@@ -3,7 +3,7 @@
*
* IO functions.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2012 Gentoo Foundation
* Licensed under the GPL-2
*/
@@ -29,3 +29,27 @@ int sb_close(int fd)
return res;
}
+
+/* Quickly close all the open fds (good for daemonization) */
+void sb_close_all_fds(void)
+{
+ DIR *dirp;
+ struct dirent *de;
+ int dfd, fd;
+ const char *fd_dir = sb_get_fd_dir();
+
+ dirp = opendir(fd_dir);
+ if (!dirp)
+ sb_ebort("could not process %s\n", fd_dir);
+ dfd = dirfd(dirp);
+
+ while ((de = readdir(dirp)) != NULL) {
+ if (de->d_name[0] == '.')
+ continue;
+ fd = atoi(de->d_name);
+ if (fd != dfd)
+ close(fd);
+ }
+
+ closedir(dirp);
+}
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 02b88cb..479734b 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -97,6 +97,7 @@ int sb_open(const char *path, int flags, mode_t mode);
size_t sb_read(int fd, void *buf, size_t count);
size_t sb_write(int fd, const void *buf, size_t count);
int sb_close(int fd);
+void sb_close_all_fds(void);
int sb_copy_file_to_fd(const char *file, int ofd);
/* Reliable output */
diff --git a/tests/Makefile.am b/tests/Makefile.am
index cd8f9c2..1d32e2e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -72,6 +72,8 @@ check_PROGRAMS = \
\
getcwd-gnulib_tst \
libsigsegv_tst \
+ pipe-fork_tst \
+ pipe-fork_static_tst \
sb_printf_tst \
sigsuspend-zsh_tst \
sigsuspend-zsh_static_tst
diff --git a/tests/pipe-fork_static_tst.c b/tests/pipe-fork_static_tst.c
new file mode 100644
index 000..3f4839e
--- /dev/null
+++ b/tests/pipe-fork_static_tst.c
@@ -0,0 +1,18 @@
+/*
+https://bugs.gentoo.org/364877
+written by Victor Stinner
+*/
+
+#include "headers.h"
+
+int main(int argc, char *argv[])
+{
+ const size_t n = 1024* 1024;
+ char *data;
+ alarm(10);
+ data = malloc(n);
+ memset(data, 'a', n);
+ if (write(1, data, n)) {}
+ free(data);
+ return 0;
+}
diff --git a/tests/pipe-fork_tst.c b/tests/pipe-fork_tst.c
new file mode 100644
index 000..72669bf
--- /dev/null
+++ b/tests/pipe-fork_tst.c
@@ -0,0 +1,95 @@
+/*
+https://bugs.gentoo.org/364877
+written by Victor Stinner
+*/
+
+#include "headers.h"
+
+static void cloexec(int fd)
+{
+ int flags;
+
+ flags = fcntl(fd, F_GETFD);
+ if (flags == -1) {
+ perror("fcntl(F_GETFD)");
+ exit(1);
+ }
+ fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
+}
+
+int main(int argc, char *argv[])
+{
+ int err;
+ pid_t child;
+ int outpipe[2];
+ int errpipe[2];
+ ssize_t n;
+ char buffer[4096];
+ char *dir = dirname(argv[0]);
+ char
[gentoo-commits] proj/sandbox:master commit in: libsbutil/
commit: 9ea6140984ba4e18ce2aaedb7ebc21466b60c433
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Mar 3 10:34:09 2013 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Mar 3 10:34:09 2013 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9ea61409
sandbox: accept SANDBOX_LOG vars whatever their values
Commit 40abb498ca4a24495fe34e133379382ce8c3eaca subtly broke the sandbox
with portage. It changed how the sandbox log env var was accessed by
moving from getenv() to get_sandbox_log(). The latter has path checking
and will kick out values that contain a slash. That means every time a
new process starts, a new sandbox log path will be generated, and when a
program triggers a violation, it'll write to the new file. Meanwhile,
portage itself watches the original one which never gets updated.
This code has been around forever w/out documentation, and I can't think
of a reason we need it. So punt it.
Signed-off-by: Mike Frysinger gentoo.org>
libsbutil/get_sandbox_log.c | 14 +-
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c
index a79b399..bdb4278 100644
--- a/libsbutil/get_sandbox_log.c
+++ b/libsbutil/get_sandbox_log.c
@@ -21,17 +21,13 @@ static void _get_sb_log(char *path, const char *tmpdir,
const char *env, const c
sandbox_log_env = getenv(env);
- if (sandbox_log_env && is_env_on(ENV_SANDBOX_TESTING)) {
- /* When testing, just use what the env says to */
+ if (sandbox_log_env) {
+ /* If the env is viable, roll with it. We aren't really
+* about people breaking the security of the sandbox by
+* exporting SANDBOX_LOG=/dev/null.
+*/
strncpy(path, sandbox_log_env, SB_PATH_MAX);
} else {
- /* THIS CHUNK BREAK THINGS BY DOING THIS:
-*
SANDBOX_LOG=/tmp/sandbox-app-admin/superadduser-1.0.7-11063.log
-*/
- if ((NULL != sandbox_log_env) &&
- (NULL != strchr(sandbox_log_env, '/')))
- sandbox_log_env = NULL;
-
/* If running as a user w/out write access to /var/log, don't
* shit ourselves.
*/
