updated README

2019-11-15 21:53:26 +01:00 · 2019-11-15 21:53:26 +01:00 · 1b8504c052
commit 1b8504c052
parent 6f1b27ee51
2 changed files with 62 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -1,10 +1,13 @@
-qssb (quite simple sandbox)
+qssb.h (quite simple sandbox)
-===========================
+=============================
-qssb.h is a simple header only library for easy sandboxing of
+qssb.h is a simple header only library that provides an interface
-applications.
+to sandbox applications. Using Seccomp and Linux Namespaces for that
 purpose requires some knowledge of annoying details which this library
 aims to abstract away as much as possible.
-It aims to provide an interface to avoid the annoying details that
+Status
-using Seccomp and Linux Namespaces requires.
+======
 No release yet, API is unstable.
 Features
 ========
@ -13,11 +16,25 @@ privileges, isolating the application from the network, etc.
 Requirements
 ============
-Kernel x.y.z.
+Kernel >=3.17
 sys/capabilities.h header. Depending on your system, libcap
 might be needed for this.
-Status
+
-======
+
-No release yet, API is unstable.
+FAQ
 ===
 Does the process need to be priviliged to utilize the library?
 ----------------------------------------------------------------
 No.
 It doesn't work on Debian!
 --------------------------
 You can thank a Debian-specific patch for that. In the future,
 the library may check against that. Execute
 echo 1 > /proc/sys/kernel/unprivileged_userns_clone to disable that
 patch for now.
 Documentation
 =============
@ -30,7 +47,7 @@ Real world project: cgit sandboxed: https://git.quitesimple.org/cgitsb
 Contributing
 ============
-Contributations are very welcome. Options: 
+Contributions are very welcome. Options: 
 1) Pull-Request: github.com/quitesimpleorg/qssb 
 2) Mail to qssb at quitesimple.org with instructions
 on where to pull the changes.
--- a/qssb.h
+++ b/qssb.h
@ -140,7 +140,18 @@ int random_string(char *buffer, size_t buffer_length)
 static int mkdir_structure(const char *p, mode_t mode)
 {
 	char path[PATH_MAX] = { 0 };
-	snprintf(path, sizeof(path), "%s/", p);
+	int res = snprintf(path, sizeof(path), "%s/", p);
 	if(res < 0)
 	{
 		QSSB_LOG_ERROR("qssb: mkdir_strucutre: error during path concatination\n");
 		return -EINVAL;
 	}
 	if(res >= PATH_MAX)
 	{
 		QSSB_LOG_ERROR("qssb: mkdir_structure: path concatination truncated\n");
 		return -EINVAL;
 	}
 	char *begin = path;
 	char *end = begin+1;
@ -193,7 +204,17 @@ static int mount_to_chroot(const char *chroot_target_path, char **paths, unsigne
 	while(path != NULL)
 	{
 		char path_inside_chroot[PATH_MAX];
-		snprintf(path_inside_chroot, sizeof(path_inside_chroot), "%s/%s", chroot_target_path, path);
+		int written = snprintf(path_inside_chroot, sizeof(path_inside_chroot), "%s/%s", chroot_target_path, path);
 		if(written < 0)
 		{
 			QSSB_LOG_ERROR("qssb: mount_to_chroot: Error during path concatination\n");
 			return -EINVAL;
 		}
 		if(written >= PATH_MAX)
 		{
 			QSSB_LOG_ERROR("qssb: mount_to_chroot: path concatination truncated\n");
 			return -EINVAL;
 		}
 		int ret = mkdir_structure(path_inside_chroot, 0700);
 		if(ret < 0)
 		{
@ -404,7 +425,17 @@ int qssb_enable_policy(struct qssb_policy *policy)
 		char random_str[17];
 		if(random_string(random_str, sizeof(random_str)) == 16)
 		{
-			snprintf(target_dir, sizeof(target_dir), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
+			int res = snprintf(target_dir, sizeof(target_dir), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
 			if(res < 0)
 			{
 				QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
 				return -EINVAL;
 			}
 			if(res >= PATH_MAX)
 			{
 				QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
 				return -EINVAL;
 			}
 			policy->chroot_target_path = target_dir;
 		}
 		else