From 3e2329a73ffd5d60e5e2babe60ebe5bf322c07da Mon Sep 17 00:00:00 2001 From: Philipp Wollermann Date: Fri, 24 Mar 2017 09:47:11 +0000 Subject: sandbox: Remove the flag --sandbox_block_path. It is in the way of optimizing the performance of the sandbox, because it requires us to create two helper files (an unreadable file and an unreadable directory) which are bind-mounted on top of paths specified via this flag. These two helper files were created on a tmpfs mounted by the sandbox until now, which ensured that they were automatically deleted on exit. However, mounting tmpfs on /dev/shm or /tmp causes issues like #2686 or #1882. By removing this flag, we can get rid of the two helper files, which means we can also remove the reliance on a "sandbox temp directory" completely in the next change. -- PiperOrigin-RevId: 151107496 MOS_MIGRATED_REVID=151107496 --- src/main/tools/linux-sandbox-options.cc | 8 +----- src/main/tools/linux-sandbox-options.h | 2 -- src/main/tools/linux-sandbox-pid1.cc | 47 --------------------------------- src/main/tools/linux-sandbox.cc | 2 -- 4 files changed, 1 insertion(+), 58 deletions(-) (limited to 'src/main/tools') diff --git a/src/main/tools/linux-sandbox-options.cc b/src/main/tools/linux-sandbox-options.cc index 7db09f0dd8..3bd9a7e243 100644 --- a/src/main/tools/linux-sandbox-options.cc +++ b/src/main/tools/linux-sandbox-options.cc @@ -66,8 +66,6 @@ static void Usage(char *program_name, const char *fmt, ...) { " -L redirect stderr to a file\n" " -w make a file or directory writable for the sandboxed " "process\n" - " -i make a file or directory inaccessible for the " - "sandboxed process\n" " -e mount an empty tmpfs on a directory\n" " -M/-m directory to mount inside the sandbox\n" " Multiple directories can be specified and each of them will be " @@ -126,7 +124,7 @@ static void ParseCommandLine(unique_ptr> args) { bool source_specified; while ((c = getopt(args->size(), args->data(), - ":CS:W:T:t:l:L:w:i:e:M:m:HNRD")) != -1) { + ":CS:W:T:t:l:L:w:e:M:m:HNRD")) != -1) { if (c != 'M' && c != 'm') source_specified = false; switch (c) { case 'C': @@ -183,10 +181,6 @@ static void ParseCommandLine(unique_ptr> args) { ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); opt.writable_files.push_back(strdup(optarg)); break; - case 'i': - ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); - opt.inaccessible_files.push_back(strdup(optarg)); - break; case 'e': ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); opt.tmpfs_dirs.push_back(strdup(optarg)); diff --git a/src/main/tools/linux-sandbox-options.h b/src/main/tools/linux-sandbox-options.h index 342ed12c97..6f57eba3a4 100644 --- a/src/main/tools/linux-sandbox-options.h +++ b/src/main/tools/linux-sandbox-options.h @@ -36,8 +36,6 @@ struct Options { const char *stderr_path; // Files or directories to make writable for the sandboxed process (-w) std::vector writable_files; - // Files or directories to make inaccessible for the sandboxed process (-i) - std::vector inaccessible_files; // Directories where to mount an empty tmpfs (-e) std::vector tmpfs_dirs; // Source of files or directories to explicitly bind mount in the sandbox (-M) diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 2aba1273bf..0be62d9e5f 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -55,8 +55,6 @@ #include static int global_child_pid; -static char global_inaccessible_directory[] = "tmp/empty.XXXXXX"; -static char global_inaccessible_file[] = "tmp/empty.XXXXXX"; static void SetupSelfDestruction(int *sync_pipe) { // We could also poll() on the pipe fd to find out when the parent goes away, @@ -147,26 +145,6 @@ static void SetupUtsNamespace() { } } -static void SetupHelperFiles() { - if (mkdtemp(global_inaccessible_directory) == NULL) { - DIE("mkdtemp(%s)", global_inaccessible_directory); - } - if (chmod(global_inaccessible_directory, 0) < 0) { - DIE("chmod(%s, 0)", global_inaccessible_directory); - } - - int handle = mkstemp(global_inaccessible_file); - if (handle < 0) { - DIE("mkstemp(%s)", global_inaccessible_file); - } - if (fchmod(handle, 0)) { - DIE("fchmod(%s, 0)", global_inaccessible_file); - } - if (close(handle) < 0) { - DIE("close(%s)", global_inaccessible_file); - } -} - // Recursively creates the file or directory specified in "path" and its parent // directories. static int CreateTarget(const char *path, bool is_directory) { @@ -265,31 +243,6 @@ static void MountFilesystems() { writable_file + 1); } } - - SetupHelperFiles(); - - for (const char *inaccessible_file : opt.inaccessible_files) { - struct stat sb; - if (stat(inaccessible_file, &sb) < 0) { - DIE("stat(%s)", inaccessible_file); - } - - if (S_ISDIR(sb.st_mode)) { - PRINT_DEBUG("inaccessible dir: %s", inaccessible_file); - if (mount(global_inaccessible_directory, inaccessible_file + 1, NULL, - MS_BIND, NULL) < 0) { - DIE("mount(%s, %s, NULL, MS_BIND, NULL)", global_inaccessible_directory, - inaccessible_file + 1); - } - } else { - PRINT_DEBUG("inaccessible file: %s", inaccessible_file); - if (mount(global_inaccessible_file, inaccessible_file + 1, NULL, MS_BIND, - NULL) < 0) { - DIE("mount(%s, %s, NULL, MS_BIND, NULL", global_inaccessible_file, - inaccessible_file + 1); - } - } - } } // We later remount everything read-only, except the paths for which this method diff --git a/src/main/tools/linux-sandbox.cc b/src/main/tools/linux-sandbox.cc index e450ccdd0d..799ece4ebb 100644 --- a/src/main/tools/linux-sandbox.cc +++ b/src/main/tools/linux-sandbox.cc @@ -20,8 +20,6 @@ * - The working directory (-W) will be made read-write, though. * - Individual files or directories can be made writable (but not deletable) * (-w). - * - Individual files or directories can be made inaccessible / unreadable - * (-i). * - tmpfs will be mounted on /tmp. * - tmpfs can be mounted on top of existing directories (-e), too. * - If the process takes longer than the timeout (-T), it will be killed with -- cgit v1.2.3