From owner-p4-projects@FreeBSD.ORG Thu Jun 18 15:37:11 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4D046106572D; Thu, 18 Jun 2009 15:37:10 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB095106564A for ; Thu, 18 Jun 2009 15:37:09 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 94F7C8FC16 for ; Thu, 18 Jun 2009 15:37:09 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5IFb9Ib036454 for ; Thu, 18 Jun 2009 15:37:09 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5IFb9j3036452 for perforce@freebsd.org; Thu, 18 Jun 2009 15:37:09 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 18 Jun 2009 15:37:09 GMT Message-Id: <200906181537.n5IFb9j3036452@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164669 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 15:37:11 -0000 http://perforce.freebsd.org/chv.cgi?CH=164669 Change 164669 by rwatson@rwatson_freebsd_capabilities on 2009/06/18 15:36:56 Pass in specific libraries required for gzsandbox rather than relying on libcapability passing in the right ones for us. In the future the sandbox runtime linker will take care of this. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#4 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#5 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#4 (text+ko) ==== @@ -7,8 +7,8 @@ MAN= gzip.1 gzexe.1 zdiff.1 zforce.1 zmore.1 znew.1 SRCS= gzip.c gzsandbox.c -DPADD= ${LIBZ} ${LIBCAPABILITY} -LDADD= -lz -lcapability +DPADD= ${LIBZ} ${LIBCAPABILITY} ${LIBSBUF} +LDADD= -lz -lcapability -lsbuf WARNS?= 6 CFLAGS+= -rdynamic # For sandbox cap_main ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#5 (text+ko) ==== @@ -40,6 +40,7 @@ #include #include +#include #include #include #include @@ -48,7 +49,21 @@ #include "gzip.h" +#define LC_LIB_LIBZ_SO "/lib/libz.so.4" +#define LC_LIBZ_SO "libz.so.4" + +#define LC_USR_LIB_LIBBZ2_SO "/usr/lib/libbz2.so.3" +#define LC_LIBBZ2_SO "libbz2.so.3" + #define LC_USR_BIN_GZIP_SANDBOX "/usr/bin/gzip" + +struct lc_library gzsandbox_libs[] = { + { LC_LIB_LIBZ_SO, LC_LIBZ_SO, -1 }, + { LC_USR_LIB_LIBBZ2_SO, LC_LIBBZ2_SO, -1 }, +}; +static const u_int gzsandbox_libs_count = sizeof(gzsandbox_libs) / + sizeof(gzsandbox_libs[0]); + static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX), NULL }; @@ -63,9 +78,29 @@ static void gzsandbox_initialize(void) { + u_int i; + if (gzsandbox_initialized) + return; + gzsandbox_enabled = lch_autosandbox_isenabled("gzip"); gzsandbox_initialized = 1; - gzsandbox_enabled = lch_autosandbox_isenabled("gzip"); + if (!gzsandbox_enabled) + return; + + /* + * If sandboxes are in use, open libraries that we'll require in the + * sandbox and kick it off. + */ + for (i = 0; i < gzsandbox_libs_count; i++) { + gzsandbox_libs[i].lcl_fd = + open(gzsandbox_libs[i].lcl_libpath, O_RDONLY); + if (gzsandbox_libs[i].lcl_fd < 0) + err(-1, "open: %s", gzsandbox_libs[i].lcl_libname); + } + if (lch_start_libs(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, + LCH_PERMIT_STDERR, gzsandbox_libs, gzsandbox_libs_count, &lcsp) + < 0) + err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); } struct host_gz_compress_req { @@ -88,12 +123,6 @@ int fdarray[2]; size_t len; - if (lcsp == NULL) { - if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, - LCH_PERMIT_STDERR, &lcsp) < 0) - err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); - } - bzero(&req, sizeof(req)); strlcpy(req.hgc_req_origname, origname, sizeof(req.hgc_req_origname)); @@ -144,8 +173,7 @@ uint32_t mtime) { - if (!gzsandbox_initialized) - gzsandbox_initialize(); + gzsandbox_initialize(); if (gzsandbox_enabled) return (gz_compress_insandbox(in, out, gsizep, origname, mtime)); @@ -174,12 +202,6 @@ int fdarray[2]; size_t len; - if (lcsp == NULL) { - if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, - LCH_PERMIT_STDERR, &lcsp) < 0) - err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); - } - bzero(&req, sizeof(req)); req.hgu_req_prelen = prelen; strlcpy(req.hgu_req_filename, filename, @@ -234,8 +256,7 @@ off_t *gsizep, const char *filename) { - if (!gzsandbox_initialized) - gzsandbox_initialize(); + gzsandbox_initialize(); if (gzsandbox_enabled) return (gz_uncompress_insandbox(in, out, pre, prelen, gsizep, filename)); @@ -263,12 +284,6 @@ int fdarray[2]; size_t len; - if (lcsp == NULL) { - if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, - LCH_PERMIT_STDERR, &lcsp) < 0) - err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); - } - bzero(&req, sizeof(req)); req.hub_req_prelen = prelen; iov_req[0].iov_base = &req; @@ -319,8 +334,7 @@ unbzip2_wrapper(int in, int out, char *pre, size_t prelen, off_t *bytes_in) { - if (!gzsandbox_initialized) - gzsandbox_initialize(); + gzsandbox_initialize(); if (gzsandbox_enabled) return (unbzip2_insandbox(in, out, pre, prelen, bytes_in)); else