Date: Wed, 4 Sep 2013 21:18:22 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r256914 - soc2013/dpl/head/lib/libzcap Message-ID: <201309042118.r84LIMKB081057@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Wed Sep 4 21:18:22 2013 New Revision: 256914 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=256914 Log: Simplified capsicum.h. Now it doesn't include other files, except what is needed. Also, it has been guarded. Also, I'm working on the infrastructure of the sandbox. Modified: soc2013/dpl/head/lib/libzcap/capsicum.c soc2013/dpl/head/lib/libzcap/capsicum.h soc2013/dpl/head/lib/libzcap/zconf.h Modified: soc2013/dpl/head/lib/libzcap/capsicum.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/capsicum.c Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/capsicum.c Wed Sep 4 21:18:22 2013 (r256914) @@ -1,10 +1,12 @@ #include "capsicum.h" #include "zlib.h" +#include <sys/capability.h> +#include <sys/ioctl.h> +#include <sys/procdesc.h> #include <sys/queue.h> -#include <sys/types.h> #include <sys/socket.h> -#include <sys/ioctl.h> +#include <sys/types.h> #include <nv.h> #include <signal.h> @@ -13,8 +15,8 @@ #include <stdio.h> #include <err.h> -extern struct sandbox; -extern struct slisthead sandboxes; +struct sandbox; +struct slisthead sandboxes; struct sandbox * startSandbox(void *data); int stopSandbox(struct sandbox *sandbox); @@ -56,12 +58,12 @@ int stopSandbox(struct sandbox *sandbox) { - int sandboxpid; + int pid; - if ((sandboxpid = pdgetpid(sandbox->pd)) < 0) + if (pdgetpid(sandbox->pd, &pid) < 0) err(1, "Couldn't get child PID"); - if (kill(SIGKILL, sandboxpid) < 0) + if (kill(SIGKILL, pid) < 0) err(1, "Couldn't kill child"); SLIST_REMOVE(&sandboxes, sandbox, entry, entries); @@ -72,14 +74,15 @@ void startNullSandbox(void) { + struct sandbox newsandbox; if (!slist_initiated) { sandboxes = SLIST_HEAD_INITIALIZER(head); SLIST_INIT(&sandboxes); /* Here we add a sandbox used for non-structure related stuff */ /* This will be the first sandbox always */ if (SLIST_EMPTY(&sandboxes)) { - newsandbox = startChild(newsandbox, NULL); - SLIST_INSERT_HEAD(&sandboxes, newsandbox, entries); + newsandbox = startChild(NULL); + SLIST_INSERT_HEAD(sandboxes, newsandbox, entries); } } slist_initiated = 1; @@ -112,7 +115,7 @@ int procd, sv[2]; struct sandbox *newsandbox; - if ((newsandbox = malloc(sizeof (struct sandbox)) == NULL) + if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL) err(1, "Couldn't allocate memory for sandboxes"); sv[0] = sv[1] = 0; @@ -120,7 +123,7 @@ perror("zcaplib: socketpair()"); procd = pdfork(); - if (pid == 0 ){ + if (procd == 0 ){ if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0) err(1, "Couldn't limit rights"); if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT) < 0) @@ -137,20 +140,23 @@ err(1, "Couldn't find zlibworker."); } exit(0); - } else if (pid == -1) { + } else if (procd == -1) { err(1, "Couldn't fork"); } else { close(sv[1]); signal(SIGCHLD, suicide); atexit(killChild); - sandbox->dataptr = data; - sandbox->pd = procd; - sandbox->socket = sv[0]; + newsandbox->dataptr = data; + newsandbox->pd = procd; + newsandbox->socket = sv[0]; } } void killChild(void) { - kill(pid, SIGKILL); + int pid; + SLIST_FOREACH(sandbox, &sandboxes, entries) + if (pdgetpid(sandbox->pd, &pid) > 0) + kill(SIGKILL, pid) } void suicide(int signal) { kill(getpid(), SIGKILL); Modified: soc2013/dpl/head/lib/libzcap/capsicum.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/capsicum.h Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/capsicum.h Wed Sep 4 21:18:22 2013 (r256914) @@ -1,20 +1,12 @@ /* * We're using Capsicum! */ -#define CAPSICUM -#include <sys/capability.h> -#include <sys/types.h> -#include <sys/wait.h> -#include <sys/socket.h> - -#include <dnv.h> -#include <stdlib.h> -#include <signal.h> -#include <nv.h> -#include <unistd.h> +#ifndef CAPSICUM_H +#define CAPSICUM_H -#include "commands.h" +#include <sys/queue.h> +#include <nv.h> #define MAXLEN (5*1024) @@ -41,3 +33,5 @@ int socket; /* Socket we have to pass the data through */ SLIST_ENTRY(entry) entries; /* Singly-linked list. */ }; + +#endif /* CAPSICUM_H */ \ No newline at end of file Modified: soc2013/dpl/head/lib/libzcap/zconf.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/zconf.h Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/zconf.h Wed Sep 4 21:18:22 2013 (r256914) @@ -480,7 +480,6 @@ /* * This is hard-configured for FreeBSD. */ -#include "capsicum.h" #define z_off_t off_t #ifndef _FILE_OFFSET_BITS #define _FILE_OFFSET_BITS 64
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309042118.r84LIMKB081057>