PERFORCE change 173905 for review
Jonathan Anderson
jona at FreeBSD.org
Fri Jan 29 13:10:06 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=173905
Change 173905 by jona at jona-belle-freebsd8 on 2010/01/29 13:09:11
fdlist changes to libcapsicum - WARNING: due to some kernel bug, this library code might cause a panic
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_io.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 $
*/
#ifndef _LIBCAPABILITY_H_
@@ -117,15 +117,15 @@
* Interfaces to start and stop capability mode sandboxs.
*/
int lch_start(const char *sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcspp);
+ struct lc_fdlist *fds, struct lc_sandbox **lcspp);
int lch_start_libs(const char *sandbox, char *const argv[], u_int flags,
- struct lc_library *lclp, u_int lcl_count,
+ struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds,
struct lc_sandbox **lcspp);
int lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp);
int lch_startfd_libs(int fd_sandbox, const char *binname,
char *const argv[], u_int flags, struct lc_library *lclp,
- u_int lcl_count, struct lc_sandbox **lcspp);
+ u_int lcl_count, struct lc_fdlist *fds, struct lc_sandbox **lcspp);
void lch_stop(struct lc_sandbox *lcsp);
/*
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 (text+ko) ====
@@ -30,15 +30,21 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#2 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 $
*/
+#include <sys/mman.h>
+#include <sys/stat.h>
+
#include <errno.h>
#include <libcapsicum.h>
#include <pthread.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include "libcapsicum_sandbox_api.h"
+
struct lc_fdlist_entry {
@@ -87,6 +93,41 @@
struct lc_fdlist*
lc_fdlist_global(void) {
+ if (global_fdlist == NULL) {
+
+ char *env = getenv(LIBCAPABILITY_SANDBOX_FDLIST);
+ printf("%s: %s\n", LIBCAPABILITY_SANDBOX_FDLIST, env);
+
+ if ((env != NULL) && (strnlen(env, 8) < 7)) {
+
+ for (int i = 0; (i < 7) && env[i]; i++)
+ if ((env[i] < '0') || (env[i] > '9'))
+ return NULL;
+
+ int fd = -1;
+ if (sscanf(env, "%d", &fd) != 1)
+ return NULL;
+
+ if (fd < 0)
+ return NULL;
+
+ printf("testing FD %i...", fd); fflush(stdout);
+ struct stat stats;
+ if (fstat(fd, &stats) < 0)
+ return NULL;
+
+ printf(" done. Size: %lu\n", stats.st_size);
+
+ printf("mapping FD %i... ", fd); fflush(stdout);
+ /*
+ global_fdlist = mmap(NULL, stats.st_size,
+ PROT_READ | PROT_WRITE,
+ MAP_NOSYNC | MAP_PRIVATE, fd, 0);
+ */
+ printf(" done.\n");
+ }
+ }
+
return global_fdlist;
}
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 (text+ko) ====
@@ -30,11 +30,12 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#2 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 $
*/
#include <sys/param.h>
#include <sys/capability.h>
+#include <sys/mman.h>
#include <sys/procdesc.h>
#include <sys/sbuf.h>
#include <sys/socket.h>
@@ -147,12 +148,41 @@
lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc,
int fd_libcapsicum, int fd_libsbuf, int fd_devnull, u_int flags,
struct lc_library *lclp, u_int lcl_count, const char *binname,
- char *const argv[])
+ char *const argv[], struct lc_fdlist *fds)
{
int *fd_array, fdcount;
struct sbuf *sbufp;
+ int shmfd, fdlistsize;
+ /*void *shm;*/
+ char fdliststr[8];
u_int i;
+
+ /* create an anonymous shared memory segment for the FD list */
+ shmfd = shm_open(SHM_ANON, O_RDWR, 0600);
+ if (shmfd < 0) return;
+
+ fdlistsize = lc_fdlist_size(fds);
+ if (ftruncate(shmfd, fdlistsize) < 0) return;
+
+
+ printf("%dB of memory to mmap\n", fdlistsize);
+
+
+ /* map it and copy the list */
+ /*
+ shm = mmap(NULL, fdlistsize, PROT_READ | PROT_WRITE,
+ MAP_NOSYNC | MAP_SHARED, shmfd, 0);
+
+ if (shm == MAP_FAILED) return;
+ memcpy(shm, fds, fdlistsize);
+
+ if (munmap(shm, fdlistsize)) return;
+ */
+
+
+
+
if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0)
return;
if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0)
@@ -168,7 +198,7 @@
if (lc_limitfd(fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0)
return;
- fdcount = 10 + lcl_count;
+ fdcount = 11 + lcl_count;
fd_array = malloc(fdcount * sizeof(int));
if (fd_array == NULL)
return;
@@ -193,10 +223,11 @@
fd_array[7] = fd_libcapsicum;
fd_array[8] = fd_libsbuf;
fd_array[9] = fd_devnull;
+ fd_array[10] = shmfd;
for (i = 0; i < lcl_count; i++) {
if (lc_limitfd(lclp->lcl_fd, LIBCAPABILITY_CAPMASK_LIB) < 0)
return;
- fd_array[i + 10] = lclp[i].lcl_fd;
+ fd_array[i + 11] = lclp[i].lcl_fd;
}
if (lch_installfds(fdcount, fd_array) < 0)
@@ -209,7 +240,7 @@
3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBCAPABILITY_SO,
8, LIBSBUF_SO, 9, _PATH_DEVNULL);
for (i = 0; i < lcl_count; i++)
- (void)sbuf_printf(sbufp, ",%d:%s", i + 10,
+ (void)sbuf_printf(sbufp, ",%d:%s", i + 11,
lclp[i].lcl_libname);
sbuf_finish(sbufp);
if (sbuf_overflowed(sbufp))
@@ -229,6 +260,10 @@
return;
sbuf_delete(sbufp);
+ sprintf(fdliststr, "%d", 10);
+ if (setenv(LIBCAPABILITY_SANDBOX_FDLIST, fdliststr, 1) == -1)
+ return;
+
if (cap_enter() < 0)
return;
@@ -238,7 +273,7 @@
int
lch_startfd_libs(int fd_sandbox, const char *binname, char *const argv[],
u_int flags, struct lc_library *lclp, u_int lcl_count,
- struct lc_sandbox **lcspp)
+ struct lc_fdlist *fds, struct lc_sandbox **lcspp)
{
struct lc_sandbox *lcsp;
int fd_devnull, fd_ldso, fd_libc, fd_libcapsicum, fd_libsbuf;
@@ -304,7 +339,7 @@
if (pid == 0) {
lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc,
fd_libcapsicum, fd_libsbuf, fd_devnull, flags, lclp,
- lcl_count, binname, argv);
+ lcl_count, binname, argv, fds);
exit(-1);
}
#ifndef IN_CAP_MODE
@@ -353,12 +388,13 @@
{
return (lch_startfd_libs(fd_sandbox, binname, argv, flags, NULL, 0,
- lcspp));
+ fds, lcspp));
}
int
lch_start_libs(const char *sandbox, char *const argv[], u_int flags,
- struct lc_library *lclp, u_int lcl_count, struct lc_sandbox **lcspp)
+ struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds,
+ struct lc_sandbox **lcspp)
{
char binname[MAXPATHLEN];
int error, fd_sandbox, ret;
@@ -371,7 +407,7 @@
return (-1);
ret = lch_startfd_libs(fd_sandbox, binname, argv, flags, lclp,
- lcl_count, lcspp);
+ lcl_count, fds, lcspp);
error = errno;
close(fd_sandbox);
errno = error;
@@ -380,10 +416,10 @@
int
lch_start(const char *sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcspp)
+ struct lc_fdlist *fds, struct lc_sandbox **lcspp)
{
- return (lch_start_libs(sandbox, argv, flags, NULL, 0, lcspp));
+ return (lch_start_libs(sandbox, argv, flags, NULL, 0, fds, lcspp));
}
void
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 $
*/
#include <sys/param.h>
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 $
*/
#ifndef _LIBCAPABILITY_INTERNAL_H_
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox.c#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 $
*/
#ifndef _LIBCAPABILITY_SANDBOX_API_H_
@@ -41,6 +41,7 @@
* make about the runtime environment set up by libcapsicum hosts.
*/
#define LIBCAPABILITY_SANDBOX_API_ENV "LIBCAPABILITY_SANDBOX"
+#define LIBCAPABILITY_SANDBOX_FDLIST "LIBCAPABILITY_FDLIST"
#define LIBCAPABILITY_SANDBOX_API_SOCK "sock"
/*
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_io.c#2 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#5 (text+ko) ====
More information about the p4-projects
mailing list