crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

only create chroot directory when path policies are available

Browse Source
This commit is contained in:
Albert S. 2019-12-07 23:26:27 +01:00
parent 7547644013
commit ff2bc24c6b
1 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
qssb.h
View File

@ -481,33 +481,6 @@ int qssb_enable_policy(struct qssb_policy *policy)
return -EINVAL; return -EINVAL;
} }
if(policy->chroot_target_path == NULL)
{
char *target_dir = (char *) calloc(1, PATH_MAX * sizeof(char));
char random_str[17];
if(random_string(random_str, sizeof(random_str)) == 16)
{
int res = snprintf(target_dir, PATH_MAX, "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
if(res < 0)
{
QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
return -EINVAL;
}
if(res >= PATH_MAX)
{
QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
return -EINVAL;
}
policy->chroot_target_path = target_dir;
}
else
{
QSSB_LOG_ERROR("Error creating random sandbox directory name\n");
return -1;
}
}
if(enter_namespaces(policy->namespace_options) < 0) if(enter_namespaces(policy->namespace_options) < 0)
{ {
QSSB_LOG_ERROR("Error while trying to enter namespaces\n"); QSSB_LOG_ERROR("Error while trying to enter namespaces\n");
@ -516,6 +489,32 @@ int qssb_enable_policy(struct qssb_policy *policy)
if(policy->path_policies != NULL) if(policy->path_policies != NULL)
{ {
if(policy->chroot_target_path == NULL)
{
char *target_dir = (char *) calloc(1, PATH_MAX * sizeof(char));
char random_str[17];
if(random_string(random_str, sizeof(random_str)) == 16)
{
int res = snprintf(target_dir, PATH_MAX, "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
if(res < 0)
{
QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
return -EINVAL;
}
if(res >= PATH_MAX)
{
QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
return -EINVAL;
}
policy->chroot_target_path = target_dir;
}
else
{
QSSB_LOG_ERROR("Error creating random sandbox directory name\n");
return -1;
}
}
if(mount_to_chroot(policy->chroot_target_path, policy->path_policies) < 0) if(mount_to_chroot(policy->chroot_target_path, policy->path_policies) < 0)
{ {
QSSB_LOG_ERROR("mount_to_chroot: setup of path policies failed\n"); QSSB_LOG_ERROR("mount_to_chroot: setup of path policies failed\n");