aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/main/tools
diff options
context:
space:
mode:
authorGravatar Philipp Wollermann <philwo@google.com>2017-03-24 09:47:11 +0000
committerGravatar Yue Gan <yueg@google.com>2017-03-24 12:20:06 +0000
commit3e2329a73ffd5d60e5e2babe60ebe5bf322c07da (patch)
treeb1a66c81c4e59eedc84fb28bc8a02ec68fe3ed73 /src/main/tools
parent2879971666e0cc3f1f24ae91b88c4400af77e7f3 (diff)
sandbox: Remove the flag --sandbox_block_path.
It is in the way of optimizing the performance of the sandbox, because it requires us to create two helper files (an unreadable file and an unreadable directory) which are bind-mounted on top of paths specified via this flag. These two helper files were created on a tmpfs mounted by the sandbox until now, which ensured that they were automatically deleted on exit. However, mounting tmpfs on /dev/shm or /tmp causes issues like #2686 or #1882. By removing this flag, we can get rid of the two helper files, which means we can also remove the reliance on a "sandbox temp directory" completely in the next change. -- PiperOrigin-RevId: 151107496 MOS_MIGRATED_REVID=151107496
Diffstat (limited to 'src/main/tools')
-rw-r--r--src/main/tools/linux-sandbox-options.cc8
-rw-r--r--src/main/tools/linux-sandbox-options.h2
-rw-r--r--src/main/tools/linux-sandbox-pid1.cc47
-rw-r--r--src/main/tools/linux-sandbox.cc2
4 files changed, 1 insertions, 58 deletions
diff --git a/src/main/tools/linux-sandbox-options.cc b/src/main/tools/linux-sandbox-options.cc
index 7db09f0dd8..3bd9a7e243 100644
--- a/src/main/tools/linux-sandbox-options.cc
+++ b/src/main/tools/linux-sandbox-options.cc
@@ -66,8 +66,6 @@ static void Usage(char *program_name, const char *fmt, ...) {
" -L <file> redirect stderr to a file\n"
" -w <file> make a file or directory writable for the sandboxed "
"process\n"
- " -i <file> make a file or directory inaccessible for the "
- "sandboxed process\n"
" -e <dir> mount an empty tmpfs on a directory\n"
" -M/-m <source/target> directory to mount inside the sandbox\n"
" Multiple directories can be specified and each of them will be "
@@ -126,7 +124,7 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
bool source_specified;
while ((c = getopt(args->size(), args->data(),
- ":CS:W:T:t:l:L:w:i:e:M:m:HNRD")) != -1) {
+ ":CS:W:T:t:l:L:w:e:M:m:HNRD")) != -1) {
if (c != 'M' && c != 'm') source_specified = false;
switch (c) {
case 'C':
@@ -183,10 +181,6 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
opt.writable_files.push_back(strdup(optarg));
break;
- case 'i':
- ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
- opt.inaccessible_files.push_back(strdup(optarg));
- break;
case 'e':
ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
opt.tmpfs_dirs.push_back(strdup(optarg));
diff --git a/src/main/tools/linux-sandbox-options.h b/src/main/tools/linux-sandbox-options.h
index 342ed12c97..6f57eba3a4 100644
--- a/src/main/tools/linux-sandbox-options.h
+++ b/src/main/tools/linux-sandbox-options.h
@@ -36,8 +36,6 @@ struct Options {
const char *stderr_path;
// Files or directories to make writable for the sandboxed process (-w)
std::vector<const char *> writable_files;
- // Files or directories to make inaccessible for the sandboxed process (-i)
- std::vector<const char *> inaccessible_files;
// Directories where to mount an empty tmpfs (-e)
std::vector<const char *> tmpfs_dirs;
// Source of files or directories to explicitly bind mount in the sandbox (-M)
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc
index 2aba1273bf..0be62d9e5f 100644
--- a/src/main/tools/linux-sandbox-pid1.cc
+++ b/src/main/tools/linux-sandbox-pid1.cc
@@ -55,8 +55,6 @@
#include <unistd.h>
static int global_child_pid;
-static char global_inaccessible_directory[] = "tmp/empty.XXXXXX";
-static char global_inaccessible_file[] = "tmp/empty.XXXXXX";
static void SetupSelfDestruction(int *sync_pipe) {
// We could also poll() on the pipe fd to find out when the parent goes away,
@@ -147,26 +145,6 @@ static void SetupUtsNamespace() {
}
}
-static void SetupHelperFiles() {
- if (mkdtemp(global_inaccessible_directory) == NULL) {
- DIE("mkdtemp(%s)", global_inaccessible_directory);
- }
- if (chmod(global_inaccessible_directory, 0) < 0) {
- DIE("chmod(%s, 0)", global_inaccessible_directory);
- }
-
- int handle = mkstemp(global_inaccessible_file);
- if (handle < 0) {
- DIE("mkstemp(%s)", global_inaccessible_file);
- }
- if (fchmod(handle, 0)) {
- DIE("fchmod(%s, 0)", global_inaccessible_file);
- }
- if (close(handle) < 0) {
- DIE("close(%s)", global_inaccessible_file);
- }
-}
-
// Recursively creates the file or directory specified in "path" and its parent
// directories.
static int CreateTarget(const char *path, bool is_directory) {
@@ -265,31 +243,6 @@ static void MountFilesystems() {
writable_file + 1);
}
}
-
- SetupHelperFiles();
-
- for (const char *inaccessible_file : opt.inaccessible_files) {
- struct stat sb;
- if (stat(inaccessible_file, &sb) < 0) {
- DIE("stat(%s)", inaccessible_file);
- }
-
- if (S_ISDIR(sb.st_mode)) {
- PRINT_DEBUG("inaccessible dir: %s", inaccessible_file);
- if (mount(global_inaccessible_directory, inaccessible_file + 1, NULL,
- MS_BIND, NULL) < 0) {
- DIE("mount(%s, %s, NULL, MS_BIND, NULL)", global_inaccessible_directory,
- inaccessible_file + 1);
- }
- } else {
- PRINT_DEBUG("inaccessible file: %s", inaccessible_file);
- if (mount(global_inaccessible_file, inaccessible_file + 1, NULL, MS_BIND,
- NULL) < 0) {
- DIE("mount(%s, %s, NULL, MS_BIND, NULL", global_inaccessible_file,
- inaccessible_file + 1);
- }
- }
- }
}
// We later remount everything read-only, except the paths for which this method
diff --git a/src/main/tools/linux-sandbox.cc b/src/main/tools/linux-sandbox.cc
index e450ccdd0d..799ece4ebb 100644
--- a/src/main/tools/linux-sandbox.cc
+++ b/src/main/tools/linux-sandbox.cc
@@ -20,8 +20,6 @@
* - The working directory (-W) will be made read-write, though.
* - Individual files or directories can be made writable (but not deletable)
* (-w).
- * - Individual files or directories can be made inaccessible / unreadable
- * (-i).
* - tmpfs will be mounted on /tmp.
* - tmpfs can be mounted on top of existing directories (-e), too.
* - If the process takes longer than the timeout (-T), it will be killed with