コミットを比較
2 コミット
60776be416
...
dbdb35db37
| 作成者 | SHA1 | 日付 | |
|---|---|---|---|
| dbdb35db37 | |||
| 0a851790b8 |
12
qssb.h
12
qssb.h
@ -102,7 +102,7 @@ struct qssb_policy
|
|||||||
int syscall_default_policy;
|
int syscall_default_policy;
|
||||||
int *blacklisted_syscalls;
|
int *blacklisted_syscalls;
|
||||||
int *allowed_syscalls;
|
int *allowed_syscalls;
|
||||||
const char *chroot_target_path;
|
char chroot_target_path[PATH_MAX];
|
||||||
const char *chdir_path;
|
const char *chdir_path;
|
||||||
struct qssb_path_policy *path_policies;
|
struct qssb_path_policy *path_policies;
|
||||||
};
|
};
|
||||||
@ -120,7 +120,7 @@ struct qssb_policy *qssb_init_policy()
|
|||||||
result->no_new_privs = 1;
|
result->no_new_privs = 1;
|
||||||
result->namespace_options = QSSB_UNSHARE_MOUNT | QSSB_UNSHARE_USER;
|
result->namespace_options = QSSB_UNSHARE_MOUNT | QSSB_UNSHARE_USER;
|
||||||
result->chdir_path = NULL;
|
result->chdir_path = NULL;
|
||||||
result->chroot_target_path = NULL;
|
result->chroot_target_path[0] = '\0';
|
||||||
result->path_policies = NULL;
|
result->path_policies = NULL;
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -298,7 +298,7 @@ static int mount_to_chroot(const char *chroot_target_path, struct qssb_path_poli
|
|||||||
|
|
||||||
/* Ends the policy as best as possible. */
|
/* Ends the policy as best as possible. */
|
||||||
/* TODO: can this function do actually anything useful?*/
|
/* TODO: can this function do actually anything useful?*/
|
||||||
static int qssb_end_policy(struct qssb_policy *ctxt)
|
int qssb_end_policy(struct qssb_policy *ctxt)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -306,7 +306,7 @@ static int qssb_end_policy(struct qssb_policy *ctxt)
|
|||||||
/*
|
/*
|
||||||
* Frees the memory taken by a qssb_policy object
|
* Frees the memory taken by a qssb_policy object
|
||||||
*/
|
*/
|
||||||
static void qssb_free_policy(struct qssb_policy *ctxt)
|
void qssb_free_policy(struct qssb_policy *ctxt)
|
||||||
{
|
{
|
||||||
free(ctxt);
|
free(ctxt);
|
||||||
}
|
}
|
||||||
@ -491,11 +491,10 @@ int qssb_enable_policy(struct qssb_policy *policy)
|
|||||||
{
|
{
|
||||||
if(policy->chroot_target_path == NULL)
|
if(policy->chroot_target_path == NULL)
|
||||||
{
|
{
|
||||||
char *target_dir = (char *) calloc(1, PATH_MAX * sizeof(char));
|
|
||||||
char random_str[17];
|
char random_str[17];
|
||||||
if(random_string(random_str, sizeof(random_str)) == 16)
|
if(random_string(random_str, sizeof(random_str)) == 16)
|
||||||
{
|
{
|
||||||
int res = snprintf(target_dir, PATH_MAX, "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
|
int res = snprintf(policy->chroot_target_path, sizeof(policy->chroot_target_path), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
|
||||||
if(res < 0)
|
if(res < 0)
|
||||||
{
|
{
|
||||||
QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
|
QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
|
||||||
@ -506,7 +505,6 @@ int qssb_enable_policy(struct qssb_policy *policy)
|
|||||||
QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
|
QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
policy->chroot_target_path = target_dir;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
読み込み中…
新しいイシューから参照
ユーザーをブロックする