diff options
author | Philipp Wollermann <philwo@google.com> | 2017-03-24 12:05:07 +0000 |
---|---|---|
committer | Yue Gan <yueg@google.com> | 2017-03-24 12:20:37 +0000 |
commit | d7b774bbef316a29c457771bd4309adc1a4bbdbd (patch) | |
tree | 1233c9c3339c9195bee1b966d9bb2ea85dad309b /src/main/tools | |
parent | 7429648a3bf241becf38711f876201dd5c6c5cb5 (diff) |
sandbox: No longer change the user to 'nobody' by default.
This can be reactivated by passing the --sandbox_fake_username flag
to Bazel.
Reasoning: 'nobody' has a non-existent home directory on many Linux
distros, leading to issues when tools try to stat / read / write to the
home directory.
Related to #2688.
RELNOTES: The Linux sandbox no longer changes the user to 'nobody' by
default, instead the current user is used as is. The old behavior can be
restored via the --sandbox_fake_username flag.
--
PiperOrigin-RevId: 151115218
MOS_MIGRATED_REVID=151115218
Diffstat (limited to 'src/main/tools')
-rw-r--r-- | src/main/tools/linux-sandbox-options.cc | 20 | ||||
-rw-r--r-- | src/main/tools/linux-sandbox-options.h | 2 | ||||
-rw-r--r-- | src/main/tools/linux-sandbox-pid1.cc | 13 | ||||
-rw-r--r-- | src/main/tools/linux-sandbox.cc | 4 |
4 files changed, 33 insertions, 6 deletions
diff --git a/src/main/tools/linux-sandbox-options.cc b/src/main/tools/linux-sandbox-options.cc index 96354ec8ec..78831e6f03 100644 --- a/src/main/tools/linux-sandbox-options.cc +++ b/src/main/tools/linux-sandbox-options.cc @@ -73,7 +73,8 @@ static void Usage(char *program_name, const char *fmt, ...) { " The -M option specifies which directory to mount, the -m option " "specifies where to\n" " -N if set, a new network namespace will be created\n" - " -R if set, make the uid/gid be root, otherwise use nobody\n" + " -R if set, make the uid/gid be root\n" + " -U if set, make the uid/gid be nobody\n" " -D if set, debug info will be printed\n" " @FILE read newline-separated arguments from FILE\n" " -- command to run inside sandbox, followed by arguments\n"); @@ -123,8 +124,8 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) { int c; bool source_specified; - while ((c = getopt(args->size(), args->data(), ":CW:T:t:l:L:w:e:M:m:HNRD")) != - -1) { + while ((c = getopt(args->size(), args->data(), + ":CW:T:t:l:L:w:e:M:m:HNRUD")) != -1) { if (c != 'M' && c != 'm') source_specified = false; switch (c) { case 'C': @@ -200,8 +201,21 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) { opt.create_netns = true; break; case 'R': + if (opt.fake_username) { + Usage(args->front(), + "The -R option cannot be used at the same time us the -U " + "option."); + } opt.fake_root = true; break; + case 'U': + if (opt.fake_root) { + Usage(args->front(), + "The -U option cannot be used at the same time us the -R " + "option."); + } + opt.fake_username = true; + break; case 'D': opt.debug = true; break; diff --git a/src/main/tools/linux-sandbox-options.h b/src/main/tools/linux-sandbox-options.h index 5c78e46d31..daf1fd684e 100644 --- a/src/main/tools/linux-sandbox-options.h +++ b/src/main/tools/linux-sandbox-options.h @@ -46,6 +46,8 @@ struct Options { bool create_netns; // Pretend to be root inside the namespace (-R) bool fake_root; + // Set the username inside the sandbox to 'nobody' (-U) + bool fake_username; // Print debugging messages (-D) bool debug; // Command to run (--) diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 76dccbad24..17a71432b9 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -120,8 +120,13 @@ static void SetupUserNamespace() { } } - int inner_uid = 0, inner_gid = 0; - if (!opt.fake_root) { + int inner_uid, inner_gid; + if (opt.fake_root) { + // Change our username to 'root'. + inner_uid = 0; + inner_gid = 0; + } else if (opt.fake_username) { + // Change our username to 'nobody'. struct passwd *pwd = getpwnam("nobody"); if (pwd == NULL) { DIE("unable to find passwd entry for user nobody") @@ -129,6 +134,10 @@ static void SetupUserNamespace() { inner_uid = pwd->pw_uid; inner_gid = pwd->pw_gid; + } else { + // Do not change the username inside the sandbox. + inner_uid = global_outer_uid; + inner_gid = global_outer_gid; } WriteFile("/proc/self/uid_map", "%d %d 1\n", inner_uid, global_outer_uid); diff --git a/src/main/tools/linux-sandbox.cc b/src/main/tools/linux-sandbox.cc index 0d73174727..9d2fd01767 100644 --- a/src/main/tools/linux-sandbox.cc +++ b/src/main/tools/linux-sandbox.cc @@ -25,12 +25,14 @@ * - If the process takes longer than the timeout (-T), it will be killed with * SIGTERM. If it does not exit within the grace period (-t), it all of its * children will be killed with SIGKILL. + * - If option -R is passed, the process will run as user 'root'. + * - If option -U is passed, the process will run as user 'nobody'. + * - Otherwise, the process runs using the current uid / gid. * - If linux-sandbox itself gets killed, the process and all of its children * will be killed. * - If linux-sandbox's parent dies, it will kill itself, the process and all * the children. * - Network access is allowed, but can be disabled via -N. - * - The process runs as user "nobody", unless fakeroot is enabled (-R). * - The hostname and domainname will be set to "sandbox". * - The process runs in its own PID namespace, so other processes on the * system are invisible. |