Date: Sat, 13 Jun 2009 10:00:32 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164253 for review Message-ID: <200906131000.n5DA0WAf090301@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164253 Change 164253 by rwatson@rwatson_freebsd_capabilities on 2009/06/13 10:00:15 Demonstrate nested sandboxes in libcapability_exec/sandbox_echo by having sandbox_echo launch a second sandbox that will actually implement echo, and the first will just proxy between the host and the second sandbox. Use err() to report sandbox errors on stderr, since we authorize this example sandboxed app to write to stderr, and it makes things significantly easier to debug. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 (text+ko) ==== @@ -48,7 +48,7 @@ main(int argc, char *argv[]) { struct lc_sandbox *lcsp; - char *sandbox_argv[2] = { argv[1], NULL }; + char *sandbox_argv[3] = { argv[1], "nested", NULL }; struct iovec iov; size_t len; char ch; ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 (text+ko) ==== @@ -38,30 +38,81 @@ #include <sys/uio.h> #include <err.h> +#include <errno.h> #include <libcapability.h> +#include <stdio.h> #include <stdlib.h> +#include <string.h> +#include <unistd.h> +#define MYNAME "sandbox_echo" + int main(int argc, char *argv[]) { + char *sandbox_argv[3] = { MYNAME, NULL }; + struct lc_sandbox *lcsp; struct lc_host *lchp; u_int32_t opno, seqno; struct iovec iov; u_char *buffer; size_t len; + int fd; if (lcs_get(&lchp) < 0) errx(-1, "libcapability sandbox binary"); - while (1) { - if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0) - return (-2); - if (len != 1) - return (-3); - iov.iov_base = buffer; - iov.iov_len = 1; - if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) - return (-4); - free(buffer); + if (argc > 1 && strcmp(argv[1], "nested") == 0) { + + fprintf(stderr, "%s\n", getenv("LD_CAPLIBINDEX")); + if (ld_caplibindex_lookup(MYNAME, &fd) < 0) + err(-10, "ld_caplibindex_lookup(%s)", MYNAME); + + if (lch_startfd_flags(fd, MYNAME, sandbox_argv, + LCH_PERMIT_STDERR, &lcsp) < 0) + err(-1, "lch_start %s", argv[1]); + while (1) { + if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) + < 0) { + if (errno != EPIPE) + err(-2, "lcs_recvrpc"); + else + exit(-1); + } + if (len != 1) + errx(-3, "lcs_recvrpc len"); + iov.iov_base = buffer; + iov.iov_len = 1; + if (lch_rpc(lcsp, opno, &iov, 1, &iov, 1, &len) < 0) + err(-4, "lch_rpc"); + if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) { + if (errno != EPIPE) + err(-5, "lcs_sendrpc"); + else + exit(-5); + } + free(buffer); + } + } else { + while (1) { + if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) + < 0) { + if (errno != EPIPE) + err(-6, "lcs_recvrpc"); + else + exit(-6); + } + if (len != 1) + errx(-7, "lcs_recvrpc len"); + iov.iov_base = buffer; + iov.iov_len = 1; + if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) { + if (errno != EPIPE) + err(-8, "lcs_sendrpc"); + else + exit(-8); + } + free(buffer); + } } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906131000.n5DA0WAf090301>