Commit Graph

161 Commits

Author SHA1 Message Date
Albert S. 44b9a17bec Allow specifying uid/gid to map in user namespace 2022-12-27 13:25:12 +01:00
Albert S. f662398ac3 test: test_launch_get(): Fix typo and remove redundant call 2022-12-27 13:14:39 +01:00
Albert S. 7b859d0aed exile_launch_get(): Remove redundant seek 2022-12-26 18:36:17 +01:00
Albert S. 5cd0a36ced test.sh: Fix regression causing status code to be lost
The changes in 01c5cbf701
did not take into account that "tee" would change the exit code.

Use a protable alternative to &>> now.
2022-12-26 18:29:32 +01:00
Albert S. 618f223491 enter_namespaces(): Fix uid/gid mapping
This was not caught before because a test was missing, fprintf() without ferror()
didn't help, and calling code did not depend on uid maps so far.

Add tests.
2022-12-26 18:23:34 +01:00
Albert S. 01c5cbf701 test.sh: Make it more portable 2022-12-20 10:50:42 +01:00
Albert S. 769f729dc5 README.md: Update 2022-10-26 10:27:38 +02:00
Albert S. 40d23af355 concat_path(): Add missing free() calls 2022-10-23 19:54:21 +02:00
Albert S. b5f83499f3 exile_append_syscall_policy(): Add missing free() 2022-10-23 19:52:56 +02:00
Albert S. ff60ec227d perform_mounts(): Fix potential leak and fix iteration
We would not free 'concat_path' in all potential paths.
Also, the iteration would not continue potentially.

This was case unlikely to be hit in practise.
2022-10-23 19:48:33 +02:00
Albert S. e711a1d53a exile_landlock_is_available(): Fix availability check
The check only assumed the existance of ABI version 1, which
is not the case any more.

Closes: https://github.com/quitesimpleorg/exile.h/issues/1
2022-08-16 23:07:49 +02:00
Albert S. 6628bf4fb7 README: Update and minor improvements 2022-08-16 23:07:42 +02:00
Albert S. 3fa73b0b97 Close file fds by default, introduce policy->keep_fds_open
The better default is to close them, not keeping them open.

Does not close sockets and pipes to not interfere with IPC.

Issue: #10
2022-07-17 13:00:02 +02:00
Albert S. 8f38dc4480 check_policy_sanity(): Allow vows and syscall policies
Adjust checks to allow a mixed mode between syscall policies and vows.
Check for some easy to make mistakes in such scenario.
2022-06-09 10:02:12 +02:00
Albert S. 42d44b0cc1 README.md: Minor improvements throughout the file 2022-06-06 14:07:37 +02:00
Albert S. bd3641981c Introduce EXILE_SYSCALL_DENY_RET_NOSYS for syscalls like clone3()
clone3() is used more and more, but we cannot filter it. We can either
allow it fully or return ENONYS. Some libraries perform fallbacks to the
older clone() in that case, which we can filter again.
2022-06-06 14:07:37 +02:00
Albert S. bbbdfc44da exile.hpp: do_clone(): free stack memory 2022-05-29 19:25:53 +02:00
Albert S. 2dc61828f1 README: Clarify limitations 2022-04-29 21:25:21 +02:00
Albert S. cdc265cedf c++: exile_launch(): Correct std::enable_if logic if type is a ptr 2022-04-29 21:23:53 +02:00
Albert S. 91858efa51 vows map: Add memfd_create, rseq 2022-04-22 08:37:34 +02:00
Albert S. 88995d214d README.md: Minor improvements (typos, rephrasing) 2022-04-07 00:04:52 +02:00
Albert S. 6eb47daf84 README: Update Debian section 2022-03-28 19:25:55 +02:00
Albert S. 8bf87717a5 vows: ioctl: Make TIOCSTI illegal even when IOCTL vow is set 2022-03-28 19:14:02 +02:00
Albert S. bcaefffbe8 Improve various error messages 2022-03-28 19:04:28 +02:00
Albert S. ed5098f2c6 README: Begin demo section 2022-03-17 17:10:38 +01:00
Albert S. ea66ef76eb exile_flags_to_landlock(): Cover more with ALL_WRITE, except devices
More consistent with mount(), where MS_NODEV disallows those.

We may need to introduce a flag that simply allows everything
2022-03-17 15:47:22 +01:00
Albert S. 66def7a28f append_syscall_to_bpf(): Check for unlikely case of too many sock_filters 2022-03-17 15:47:22 +01:00
Albert S. dbf8e87440 exile.hpp: Mark do_clone inline, not static 2022-03-17 15:47:22 +01:00
Albert S. 98421fab90 Makefile: Build exile.o separately, link it in all tests 2022-03-17 15:47:22 +01:00
Albert S. 70c3fef500 exile.h: Retire static child_read/write_pipe vars 2022-03-17 15:47:22 +01:00
Albert S. 69829374c7 exile.h: Move definitions to new file exile.c
Especially with exile_launch(), we will be included
from more than one translation unit. Thus, ODR becomes
a headache now.

So move definitions to exile.c.
2022-03-17 15:47:22 +01:00
Albert S. 005851c645 exile.h: Add extern "C" guards 2022-03-17 15:47:22 +01:00
Albert S. 95fa11e928 c++: Add explicit exile_launch() std::basic_string variant 2022-03-17 15:47:22 +01:00
Albert S. 97e2025758 c++: Retire exile_launch_trivial(), use std::enable_if 2022-03-17 15:47:22 +01:00
Albert S. 8cfb73568a Makefile: Add 'tests' target, depend on headers too to rebuild on changes of those 2022-03-17 15:47:22 +01:00
Albert S. e7a5ba7f7f test.sh: Also run C++ tests 2022-03-17 15:47:22 +01:00
Albert S. e52eda186b Add test.cpp to test C++ API 2022-03-17 15:47:22 +01:00
Albert S. 90ed5bbae9 Begin C++ API: Add exile.hpp with exile_launch() wrappers 2022-03-17 15:47:22 +01:00
Albert S. 48b6de9036 struct syscall_vow_map: change 'str' to const char* 2022-03-17 15:47:22 +01:00
Albert S. 93acb13929 test: Introduce LOG(), avoid inconsistent printf/fprintf 2022-03-17 15:47:22 +01:00
Albert S. 9247a6636b Introduce exile_vows_from_str() 2022-03-17 15:47:22 +01:00
Albert S. 4a3ac8e0bc exile_launch(): Improve handling/logging of errors 2022-01-16 21:46:11 +01:00
Albert S. ed54575b89 exile_launch(): Open another pipe to also write to child 2022-01-16 21:46:11 +01:00
Albert S. 0caff45600 EXILE_LOG_ERROR: Prepend function name 2022-01-16 21:46:11 +01:00
Albert S. 080c0e53c2 test: test_mkpath(): Cleanup before run and on success 2022-01-16 21:46:11 +01:00
Albert S. 4adc13215b exile_append_path_policies(): Add sentinel macro, making *policy() version redundant 2022-01-16 21:46:11 +01:00
Albert S. bf29edf213 Update README with most recent draft 2022-01-16 21:46:11 +01:00
Albert S. 68bfd7e66c Update copyright header 2022-01-16 21:46:11 +01:00
Albert S. 58bc50db61 test: Begin testing exile_launch*() 2022-01-16 21:46:11 +01:00
Albert S. 1e63fa75ef Introduce exile_launch*(): Simplifies launching functions protected by policy
Those functions clone(), then activate the specified policy.
They then jump to the supplied function and pass an argument to it.

exile_launch() returns a read file descriptor, that can be
used by the parent process to get the data.

exile_launch_get() is a convenience wrapper, return a buffer
containing everything read from the sandboxed function.
2022-01-16 21:46:11 +01:00