From 407dd44e827ff53214437720eb5d8bd99349d809 Mon Sep 17 00:00:00 2001 From: Philipp Wollermann Date: Fri, 24 Mar 2017 13:43:05 +0000 Subject: sandbox: Use std::string instead of char*. -- PiperOrigin-RevId: 151120717 MOS_MIGRATED_REVID=151120717 --- src/main/tools/linux-sandbox-options.cc | 24 ++++++------- src/main/tools/linux-sandbox-options.h | 15 ++++---- src/main/tools/linux-sandbox-pid1.cc | 64 ++++++++++++++++++--------------- src/main/tools/linux-sandbox.cc | 23 +++++------- 4 files changed, 63 insertions(+), 63 deletions(-) (limited to 'src/main') diff --git a/src/main/tools/linux-sandbox-options.cc b/src/main/tools/linux-sandbox-options.cc index b83c4f68ba..31bd2f425d 100644 --- a/src/main/tools/linux-sandbox-options.cc +++ b/src/main/tools/linux-sandbox-options.cc @@ -101,9 +101,9 @@ static void ParseCommandLine(unique_ptr> args) { if (c != 'M' && c != 'm') source_specified = false; switch (c) { case 'W': - if (opt.working_dir == NULL) { + if (opt.working_dir.empty()) { ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); - opt.working_dir = strdup(optarg); + opt.working_dir.assign(optarg); } else { Usage(args->front(), "Multiple working directories (-W) specified, expected one."); @@ -122,16 +122,16 @@ static void ParseCommandLine(unique_ptr> args) { } break; case 'l': - if (opt.stdout_path == NULL) { - opt.stdout_path = optarg; + if (opt.stdout_path.empty()) { + opt.stdout_path.assign(optarg); } else { Usage(args->front(), "Cannot redirect stdout to more than one destination."); } break; case 'L': - if (opt.stderr_path == NULL) { - opt.stderr_path = optarg; + if (opt.stderr_path.empty()) { + opt.stderr_path.assign(optarg); } else { Usage(args->front(), "Cannot redirect stderr to more than one destination."); @@ -139,17 +139,17 @@ static void ParseCommandLine(unique_ptr> args) { break; case 'w': ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); - opt.writable_files.push_back(strdup(optarg)); + opt.writable_files.emplace_back(optarg); break; case 'e': ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); - opt.tmpfs_dirs.push_back(strdup(optarg)); + opt.tmpfs_dirs.emplace_back(optarg); break; case 'M': ValidateIsAbsolutePath(optarg, args->front(), static_cast(c)); // Add the current source path to both source and target lists - opt.bind_mount_sources.push_back(strdup(optarg)); - opt.bind_mount_targets.push_back(strdup(optarg)); + opt.bind_mount_sources.emplace_back(optarg); + opt.bind_mount_targets.emplace_back(optarg); source_specified = true; break; case 'm': @@ -159,7 +159,7 @@ static void ParseCommandLine(unique_ptr> args) { "The -m option must be strictly preceded by an -M option."); } opt.bind_mount_targets.pop_back(); - opt.bind_mount_targets.push_back(strdup(optarg)); + opt.bind_mount_targets.emplace_back(optarg); source_specified = false; break; case 'H': @@ -261,7 +261,7 @@ void ParseOptions(int argc, char *argv[]) { opt.tmpfs_dirs.push_back("/tmp"); - if (opt.working_dir == NULL) { + if (opt.working_dir.empty()) { opt.working_dir = getcwd(NULL, 0); } } diff --git a/src/main/tools/linux-sandbox-options.h b/src/main/tools/linux-sandbox-options.h index daf1fd684e..a73ca64535 100644 --- a/src/main/tools/linux-sandbox-options.h +++ b/src/main/tools/linux-sandbox-options.h @@ -18,28 +18,29 @@ #include #include +#include #include // Options parsing result. struct Options { // Working directory (-W) - const char *working_dir; + std::string working_dir; // How long to wait before killing the child (-T) int timeout_secs; // How long to wait before sending SIGKILL in case of timeout (-t) int kill_delay_secs; // Where to redirect stdout (-l) - const char *stdout_path; + std::string stdout_path; // Where to redirect stderr (-L) - const char *stderr_path; + std::string stderr_path; // Files or directories to make writable for the sandboxed process (-w) - std::vector writable_files; + std::vector writable_files; // Directories where to mount an empty tmpfs (-e) - std::vector tmpfs_dirs; + std::vector tmpfs_dirs; // Source of files or directories to explicitly bind mount in the sandbox (-M) - std::vector bind_mount_sources; + std::vector bind_mount_sources; // Target of files or directories to explicitly bind mount in the sandbox (-m) - std::vector bind_mount_targets; + std::vector bind_mount_targets; // Set the hostname inside the sandbox to 'localhost' (-H) bool fake_hostname; // Create a new network namespace (-N) diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc index 367c92957e..0095d7262c 100644 --- a/src/main/tools/linux-sandbox-pid1.cc +++ b/src/main/tools/linux-sandbox-pid1.cc @@ -54,6 +54,8 @@ #include #include +#include + static int global_child_pid; static void SetupSelfDestruction(int *sync_pipe) { @@ -87,10 +89,10 @@ static void SetupMountNamespace() { } } -static void WriteFile(const char *filename, const char *fmt, ...) { - FILE *stream = fopen(filename, "w"); +static void WriteFile(const std::string &filename, const char *fmt, ...) { + FILE *stream = fopen(filename.c_str(), "w"); if (stream == NULL) { - DIE("fopen(%s)", filename); + DIE("fopen(%s)", filename.c_str()); } va_list ap; @@ -103,7 +105,7 @@ static void WriteFile(const char *filename, const char *fmt, ...) { } if (fclose(stream) != 0) { - DIE("fclose(%s)", filename); + DIE("fclose(%s)", filename.c_str()); } } @@ -155,55 +157,59 @@ static void SetupUtsNamespace() { } static void MountFilesystems() { - for (const char *tmpfs_dir : opt.tmpfs_dirs) { - PRINT_DEBUG("tmpfs: %s", tmpfs_dir); - if (mount("tmpfs", tmpfs_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_NOATIME, - NULL) < 0) { + for (const std::string &tmpfs_dir : opt.tmpfs_dirs) { + PRINT_DEBUG("tmpfs: %s", tmpfs_dir.c_str()); + if (mount("tmpfs", tmpfs_dir.c_str(), "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOATIME, NULL) < 0) { DIE("mount(tmpfs, %s, tmpfs, MS_NOSUID | MS_NODEV | MS_NOATIME, NULL)", - tmpfs_dir); + tmpfs_dir.c_str()); } } // Make sure that our working directory is a mount point. The easiest way to // do this is by bind-mounting it upon itself. - PRINT_DEBUG("working dir: %s", opt.working_dir); + PRINT_DEBUG("working dir: %s", opt.working_dir.c_str()); - if (mount(opt.working_dir, opt.working_dir, NULL, MS_BIND, NULL) < 0) { - DIE("mount(%s, %s, NULL, MS_BIND, NULL)", opt.working_dir, opt.working_dir); + if (mount(opt.working_dir.c_str(), opt.working_dir.c_str(), NULL, MS_BIND, + NULL) < 0) { + DIE("mount(%s, %s, NULL, MS_BIND, NULL)", opt.working_dir.c_str(), + opt.working_dir.c_str()); } for (size_t i = 0; i < opt.bind_mount_sources.size(); i++) { - const char *source = opt.bind_mount_sources.at(i); - const char *target = opt.bind_mount_targets.at(i); - PRINT_DEBUG("bind mount: %s -> %s", source, target); - if (mount(source, target, NULL, MS_BIND, NULL) < 0) { - DIE("mount(%s, %s, NULL, MS_BIND, NULL)", source, target); + std::string source = opt.bind_mount_sources.at(i); + std::string target = opt.bind_mount_targets.at(i); + PRINT_DEBUG("bind mount: %s -> %s", source.c_str(), target.c_str()); + if (mount(source.c_str(), target.c_str(), NULL, MS_BIND, NULL) < 0) { + DIE("mount(%s, %s, NULL, MS_BIND, NULL)", source.c_str(), target.c_str()); } } - for (const char *writable_file : opt.writable_files) { - PRINT_DEBUG("writable: %s", writable_file); - if (mount(writable_file, writable_file, NULL, MS_BIND, NULL) < 0) { - DIE("mount(%s, %s, NULL, MS_BIND, NULL)", writable_file, writable_file); + for (const std::string &writable_file : opt.writable_files) { + PRINT_DEBUG("writable: %s", writable_file.c_str()); + if (mount(writable_file.c_str(), writable_file.c_str(), NULL, MS_BIND, + NULL) < 0) { + DIE("mount(%s, %s, NULL, MS_BIND, NULL)", writable_file.c_str(), + writable_file.c_str()); } } } // We later remount everything read-only, except the paths for which this method // returns true. -static bool ShouldBeWritable(char *mnt_dir) { - if (strcmp(mnt_dir, opt.working_dir) == 0) { +static bool ShouldBeWritable(const std::string &mnt_dir) { + if (mnt_dir == opt.working_dir) { return true; } - for (const char *writable_file : opt.writable_files) { - if (strcmp(mnt_dir, writable_file) == 0) { + for (const std::string &writable_file : opt.writable_files) { + if (mnt_dir == writable_file) { return true; } } - for (const char *tmpfs_dir : opt.tmpfs_dirs) { - if (strcmp(mnt_dir, tmpfs_dir) == 0) { + for (const std::string &tmpfs_dir : opt.tmpfs_dirs) { + if (mnt_dir == tmpfs_dir) { return true; } } @@ -315,8 +321,8 @@ static void SetupNetworking() { } static void EnterSandbox() { - if (chdir(opt.working_dir) < 0) { - DIE("chdir(%s)", opt.working_dir); + if (chdir(opt.working_dir.c_str()) < 0) { + DIE("chdir(%s)", opt.working_dir.c_str()); } } diff --git a/src/main/tools/linux-sandbox.cc b/src/main/tools/linux-sandbox.cc index 9d2fd01767..ac81836197 100644 --- a/src/main/tools/linux-sandbox.cc +++ b/src/main/tools/linux-sandbox.cc @@ -68,6 +68,7 @@ #include #include +#include #include int global_outer_uid; @@ -211,12 +212,12 @@ static int WaitForPid1() { } } -static void Redirect(const char *target_path, int fd, const char *name) { - if (target_path != NULL && strcmp(target_path, "-") != 0) { +static void Redirect(const std::string &target_path, int fd) { + if (!target_path.empty() && target_path != "-") { const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_APPEND; - int fd_out = open(target_path, flags, 0666); + int fd_out = open(target_path.c_str(), flags, 0666); if (fd_out < 0) { - DIE("open(%s)", target_path); + DIE("open(%s)", target_path.c_str()); } // If we were launched with less than 3 fds (stdin, stdout, stderr) open, // but redirection is still requested via a command-line flag, something is @@ -225,7 +226,7 @@ static void Redirect(const char *target_path, int fd, const char *name) { if (fd_out < 3) { DIE("open(%s) returned a handle that is reserved for stdin / stdout / " "stderr", - target_path); + target_path.c_str()); } if (dup2(fd_out, fd) < 0) { DIE("dup2()"); @@ -236,14 +237,6 @@ static void Redirect(const char *target_path, int fd, const char *name) { } } -static void RedirectStdout(const char *stdout_path) { - Redirect(stdout_path, STDOUT_FILENO, "stdout"); -} - -static void RedirectStderr(const char *stderr_path) { - Redirect(stderr_path, STDERR_FILENO, "stderr"); -} - int main(int argc, char *argv[]) { // Ask the kernel to kill us with SIGKILL if our parent dies. if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) { @@ -252,8 +245,8 @@ int main(int argc, char *argv[]) { ParseOptions(argc, argv); - RedirectStdout(opt.stdout_path); - RedirectStderr(opt.stderr_path); + Redirect(opt.stdout_path, STDOUT_FILENO); + Redirect(opt.stderr_path, STDERR_FILENO); // This should never be called as a setuid binary, drop privileges just in // case. We don't need to be root, because we use user namespaces anyway. -- cgit v1.2.3