WIP/cpp -> next #31
22
exile.c
22
exile.c
@ -1702,11 +1702,11 @@ int exile_clone_handle(void *arg)
|
|||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("Failed to enable policy\n");
|
EXILE_LOG_ERROR("Failed to enable policy\n");
|
||||||
close(child_read_pipe[1]);
|
close(params->child_read_pipe[1]);
|
||||||
close(child_write_pipe[0]);
|
close(params->child_write_pipe[0]);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
ret = dup2(child_read_pipe[1], 1);
|
ret = dup2(params->child_read_pipe[1], 1);
|
||||||
if(ret == -1)
|
if(ret == -1)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("Failed to redirect stdout to pipe\n");
|
EXILE_LOG_ERROR("Failed to redirect stdout to pipe\n");
|
||||||
@ -1714,8 +1714,8 @@ int exile_clone_handle(void *arg)
|
|||||||
}
|
}
|
||||||
ret = params->func(params->funcarg);
|
ret = params->func(params->funcarg);
|
||||||
fclose(stdout);
|
fclose(stdout);
|
||||||
close(child_read_pipe[1]);
|
close(params->child_read_pipe[1]);
|
||||||
close(child_write_pipe[0]);
|
close(params->child_write_pipe[0]);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1733,14 +1733,14 @@ int exile_clone_handle(void *arg)
|
|||||||
* Return value: Negative on error, otherwise the file descriptor to read from*/
|
* Return value: Negative on error, otherwise the file descriptor to read from*/
|
||||||
int exile_launch(struct exile_launch_params *launch_params, struct exile_launch_result *launch_result)
|
int exile_launch(struct exile_launch_params *launch_params, struct exile_launch_result *launch_result)
|
||||||
{
|
{
|
||||||
int ret = pipe(child_read_pipe);
|
int ret = pipe(launch_params->child_read_pipe);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("read pipe creation failed\n");
|
EXILE_LOG_ERROR("read pipe creation failed\n");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = pipe(child_write_pipe);
|
ret = pipe(launch_params->child_write_pipe);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
EXILE_LOG_ERROR("write pipe creation failed\n");
|
EXILE_LOG_ERROR("write pipe creation failed\n");
|
||||||
@ -1768,12 +1768,12 @@ int exile_launch(struct exile_launch_params *launch_params, struct exile_launch_
|
|||||||
EXILE_LOG_ERROR("clone failed(): %s\n", strerror(errno));
|
EXILE_LOG_ERROR("clone failed(): %s\n", strerror(errno));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
close(child_read_pipe[1]);
|
close(launch_params->child_read_pipe[1]);
|
||||||
close(child_write_pipe[0]);
|
close(launch_params->child_write_pipe[0]);
|
||||||
|
|
||||||
launch_result->tid = ret;
|
launch_result->tid = ret;
|
||||||
launch_result->read_fd = child_read_pipe[0];
|
launch_result->read_fd = launch_params->child_read_pipe[0];
|
||||||
launch_result->write_fd = child_write_pipe[1];
|
launch_result->write_fd = launch_params->child_write_pipe[1];
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
5
exile.h
5
exile.h
@ -497,6 +497,8 @@ struct exile_launch_params
|
|||||||
struct exile_policy *policy; /* Policy to activate before jumping to func */
|
struct exile_policy *policy; /* Policy to activate before jumping to func */
|
||||||
int (*func)(void *); /* Function to be sandboxed */
|
int (*func)(void *); /* Function to be sandboxed */
|
||||||
void *funcarg; /* Arg to be passed */
|
void *funcarg; /* Arg to be passed */
|
||||||
|
int child_read_pipe[2];
|
||||||
|
int child_write_pipe[2];
|
||||||
};
|
};
|
||||||
|
|
||||||
struct exile_launch_result
|
struct exile_launch_result
|
||||||
@ -506,9 +508,6 @@ struct exile_launch_result
|
|||||||
int write_fd;
|
int write_fd;
|
||||||
};
|
};
|
||||||
|
|
||||||
static int child_read_pipe[2];
|
|
||||||
static int child_write_pipe[2];
|
|
||||||
|
|
||||||
int exile_clone_handle(void *arg);
|
int exile_clone_handle(void *arg);
|
||||||
/* Helper to easily execute a single function sandboxed.
|
/* Helper to easily execute a single function sandboxed.
|
||||||
*
|
*
|
||||||
|
|||||||
5
test.c
5
test.c
@ -548,12 +548,14 @@ int test_fail_flags()
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int *read_pipe = NULL;
|
||||||
int do_launch_test(void *arg)
|
int do_launch_test(void *arg)
|
||||||
{
|
{
|
||||||
int num = *(int *)(arg);
|
int num = *(int *)(arg);
|
||||||
num += 1;
|
num += 1;
|
||||||
char buffer[512] = { 0 };
|
char buffer[512] = { 0 };
|
||||||
read(child_write_pipe[0], buffer, sizeof(buffer)-1);
|
read(*read_pipe, buffer, sizeof(buffer)-1);
|
||||||
printf("Sandboxed +1: %i\n", num);
|
printf("Sandboxed +1: %i\n", num);
|
||||||
printf("Echoing: %s\n", buffer);
|
printf("Echoing: %s\n", buffer);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
@ -569,6 +571,7 @@ int test_launch()
|
|||||||
params.func = &do_launch_test;
|
params.func = &do_launch_test;
|
||||||
params.funcarg = #
|
params.funcarg = #
|
||||||
params.policy = policy;
|
params.policy = policy;
|
||||||
|
read_pipe = ¶ms.child_write_pipe[0];
|
||||||
int launchfd = exile_launch(¶ms, &res);
|
int launchfd = exile_launch(¶ms, &res);
|
||||||
if(launchfd < 0)
|
if(launchfd < 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Laddar…
Referens i nytt ärende
Block a user