From owner-svn-soc-all@FreeBSD.ORG Wed Sep 4 21:18:22 2013 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id BF62EA37 for ; Wed, 4 Sep 2013 21:18:22 +0000 (UTC) (envelope-from dpl@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9CD8726A0 for ; Wed, 4 Sep 2013 21:18:22 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.7/8.14.7) with ESMTP id r84LIMDs081067 for ; Wed, 4 Sep 2013 21:18:22 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.7/8.14.6/Submit) id r84LIMKB081057 for svn-soc-all@FreeBSD.org; Wed, 4 Sep 2013 21:18:22 GMT (envelope-from dpl@FreeBSD.org) Date: Wed, 4 Sep 2013 21:18:22 GMT Message-Id: <201309042118.r84LIMKB081057@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r256914 - soc2013/dpl/head/lib/libzcap MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2013 21:18:22 -0000 Author: dpl Date: Wed Sep 4 21:18:22 2013 New Revision: 256914 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=256914 Log: Simplified capsicum.h. Now it doesn't include other files, except what is needed. Also, it has been guarded. Also, I'm working on the infrastructure of the sandbox. Modified: soc2013/dpl/head/lib/libzcap/capsicum.c soc2013/dpl/head/lib/libzcap/capsicum.h soc2013/dpl/head/lib/libzcap/zconf.h Modified: soc2013/dpl/head/lib/libzcap/capsicum.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/capsicum.c Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/capsicum.c Wed Sep 4 21:18:22 2013 (r256914) @@ -1,10 +1,12 @@ #include "capsicum.h" #include "zlib.h" +#include +#include +#include #include -#include #include -#include +#include #include #include @@ -13,8 +15,8 @@ #include #include -extern struct sandbox; -extern struct slisthead sandboxes; +struct sandbox; +struct slisthead sandboxes; struct sandbox * startSandbox(void *data); int stopSandbox(struct sandbox *sandbox); @@ -56,12 +58,12 @@ int stopSandbox(struct sandbox *sandbox) { - int sandboxpid; + int pid; - if ((sandboxpid = pdgetpid(sandbox->pd)) < 0) + if (pdgetpid(sandbox->pd, &pid) < 0) err(1, "Couldn't get child PID"); - if (kill(SIGKILL, sandboxpid) < 0) + if (kill(SIGKILL, pid) < 0) err(1, "Couldn't kill child"); SLIST_REMOVE(&sandboxes, sandbox, entry, entries); @@ -72,14 +74,15 @@ void startNullSandbox(void) { + struct sandbox newsandbox; if (!slist_initiated) { sandboxes = SLIST_HEAD_INITIALIZER(head); SLIST_INIT(&sandboxes); /* Here we add a sandbox used for non-structure related stuff */ /* This will be the first sandbox always */ if (SLIST_EMPTY(&sandboxes)) { - newsandbox = startChild(newsandbox, NULL); - SLIST_INSERT_HEAD(&sandboxes, newsandbox, entries); + newsandbox = startChild(NULL); + SLIST_INSERT_HEAD(sandboxes, newsandbox, entries); } } slist_initiated = 1; @@ -112,7 +115,7 @@ int procd, sv[2]; struct sandbox *newsandbox; - if ((newsandbox = malloc(sizeof (struct sandbox)) == NULL) + if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL) err(1, "Couldn't allocate memory for sandboxes"); sv[0] = sv[1] = 0; @@ -120,7 +123,7 @@ perror("zcaplib: socketpair()"); procd = pdfork(); - if (pid == 0 ){ + if (procd == 0 ){ if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0) err(1, "Couldn't limit rights"); if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT) < 0) @@ -137,20 +140,23 @@ err(1, "Couldn't find zlibworker."); } exit(0); - } else if (pid == -1) { + } else if (procd == -1) { err(1, "Couldn't fork"); } else { close(sv[1]); signal(SIGCHLD, suicide); atexit(killChild); - sandbox->dataptr = data; - sandbox->pd = procd; - sandbox->socket = sv[0]; + newsandbox->dataptr = data; + newsandbox->pd = procd; + newsandbox->socket = sv[0]; } } void killChild(void) { - kill(pid, SIGKILL); + int pid; + SLIST_FOREACH(sandbox, &sandboxes, entries) + if (pdgetpid(sandbox->pd, &pid) > 0) + kill(SIGKILL, pid) } void suicide(int signal) { kill(getpid(), SIGKILL); Modified: soc2013/dpl/head/lib/libzcap/capsicum.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/capsicum.h Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/capsicum.h Wed Sep 4 21:18:22 2013 (r256914) @@ -1,20 +1,12 @@ /* * We're using Capsicum! */ -#define CAPSICUM -#include -#include -#include -#include - -#include -#include -#include -#include -#include +#ifndef CAPSICUM_H +#define CAPSICUM_H -#include "commands.h" +#include +#include #define MAXLEN (5*1024) @@ -41,3 +33,5 @@ int socket; /* Socket we have to pass the data through */ SLIST_ENTRY(entry) entries; /* Singly-linked list. */ }; + +#endif /* CAPSICUM_H */ \ No newline at end of file Modified: soc2013/dpl/head/lib/libzcap/zconf.h ============================================================================== --- soc2013/dpl/head/lib/libzcap/zconf.h Wed Sep 4 20:55:56 2013 (r256913) +++ soc2013/dpl/head/lib/libzcap/zconf.h Wed Sep 4 21:18:22 2013 (r256914) @@ -480,7 +480,6 @@ /* * This is hard-configured for FreeBSD. */ -#include "capsicum.h" #define z_off_t off_t #ifndef _FILE_OFFSET_BITS #define _FILE_OFFSET_BITS 64