1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
/*
* Handle command line arguments
*
* Copyright 1999-2015 Gentoo Foundation
* Licensed under the GPL-2
*/
#include "headers.h"
#include "sbutil.h"
#include "sandbox.h"
/* Setting to -1 will load defaults from the config file. */
int opt_use_namespaces = -1;
int opt_use_ns_cgroup = -1;
int opt_use_ns_ipc = -1;
int opt_use_ns_mnt = -1;
int opt_use_ns_net = -1;
int opt_use_ns_pid = -1;
int opt_use_ns_sysv = -1;
int opt_use_ns_time = -1;
int opt_use_ns_user = -1;
int opt_use_ns_uts = -1;
bool opt_use_bash = false;
int opt_debug = -1;
static const struct {
const char *name;
int *opt;
int default_val;
} config_opts[] = {
/* Default these to off until they can get more testing. */
{ "NAMESPACES_ENABLE", &opt_use_namespaces, false, },
{ "NAMESPACE_CGROUP_ENABLE", &opt_use_ns_cgroup, false, },
{ "NAMESPACE_IPC_ENABLE", &opt_use_ns_ipc, false, },
{ "NAMESPACE_MNT_ENABLE", &opt_use_ns_mnt, false, },
{ "NAMESPACE_NET_ENABLE", &opt_use_ns_net, false, },
{ "NAMESPACE_PID_ENABLE", &opt_use_ns_pid, false, },
{ "NAMESPACE_SYSV_ENABLE", &opt_use_ns_sysv, false, },
{ "NAMESPACE_TIME_ENABLE", &opt_use_ns_time, false, },
{ "NAMESPACE_USER_ENABLE", &opt_use_ns_user, false, },
{ "NAMESPACE_UTS_ENABLE", &opt_use_ns_uts, false, },
{ "SANDBOX_DEBUG", &opt_debug, false, },
};
static void read_config(void)
{
size_t i;
for (i = 0; i < ARRAY_SIZE(config_opts); ++i) {
int *opt = config_opts[i].opt;
if (*opt == -1)
*opt = sb_get_cnf_bool(config_opts[i].name, config_opts[i].default_val);
}
}
static const char sb_sonfigure_opts[] = SANDBOX_CONFIGURE_OPTS;
static void show_version(void)
{
printf(
"Gentoo path sandbox\n"
" version: " PACKAGE_VERSION "\n"
" C lib: " LIBC_VERSION " (" LIBC_PATH ")\n"
" build: " __DATE__ " " __TIME__ "\n"
" contact: " PACKAGE_BUGREPORT " via https://bugs.gentoo.org/\n"
" rtld: "
#ifdef BROKEN_RTLD_NEXT
"next is broken ;(\n"
#else
"next is OK! :D\n"
#endif
#ifndef SB_SCHIZO
# define SB_SCHIZO "no"
#endif
" schizo: " SB_SCHIZO "\n"
"\nconfigured with these options:\n%s\n",
sb_sonfigure_opts
);
exit(0);
}
#define PARSE_FLAGS "+cdhV"
#define a_argument required_argument
static struct option const long_opts[] = {
{"ns-on", no_argument, &opt_use_namespaces, true},
{"ns-off", no_argument, &opt_use_namespaces, false},
{"ns-cgroup-on", no_argument, &opt_use_ns_cgroup, true},
{"ns-cgroup-off", no_argument, &opt_use_ns_cgroup, false},
{"ns-ipc-on", no_argument, &opt_use_ns_ipc, true},
{"ns-ipc-off", no_argument, &opt_use_ns_ipc, false},
{"ns-mnt-on", no_argument, &opt_use_ns_mnt, true},
{"ns-mnt-off", no_argument, &opt_use_ns_mnt, false},
{"ns-net-on", no_argument, &opt_use_ns_net, true},
{"ns-net-off", no_argument, &opt_use_ns_net, false},
{"ns-pid-on", no_argument, &opt_use_ns_pid, true},
{"ns-pid-off", no_argument, &opt_use_ns_pid, false},
{"ns-sysv-on", no_argument, &opt_use_ns_sysv, true},
{"ns-sysv-off", no_argument, &opt_use_ns_sysv, false},
{"ns-time-on", no_argument, &opt_use_ns_time, true},
{"ns-time-off", no_argument, &opt_use_ns_time, false},
{"ns-user-on", no_argument, &opt_use_ns_user, true},
{"ns-user-off", no_argument, &opt_use_ns_user, false},
{"ns-uts-on", no_argument, &opt_use_ns_uts, true},
{"ns-uts-off", no_argument, &opt_use_ns_uts, false},
{"bash", no_argument, NULL, 'c'},
{"debug", no_argument, NULL, 'd'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{"run-configure", no_argument, NULL, 0x800},
{NULL, no_argument, NULL, 0x0}
};
static const char * const opts_help[] = {
"Enable the use of namespaces",
"Disable the use of namespaces",
"Enable the use of cgroup namespaces",
"Disable the use of cgroup namespaces",
"Enable the use of IPC (and System V) namespaces",
"Disable the use of IPC (and System V) namespaces",
"Enable the use of mount namespaces",
"Disable the use of mount namespaces",
"Enable the use of network namespaces",
"Disable the use of network namespaces",
"Enable the use of process (pid) namespaces",
"Disable the use of process (pid) namespaces",
"Enable the use of System V namespaces",
"Disable the use of System V namespaces",
"Enable the use of time namespaces",
"Disable the use of time namespaces",
"Enable the use of user namespaces",
"Disable the use of user namespaces",
"Enable the use of UTS (hostname/uname) namespaces",
"Disable the use of UTS (hostname/uname) namespaces",
"Run command through bash shell",
"Enable debug output",
"Print this help and exit",
"Print version and exit",
"Run local sandbox configure in same way and exit (developer only)",
NULL
};
static void show_usage(int status)
{
const char a_arg[] = "<arg>";
size_t a_arg_len = strlen(a_arg) + 2;
size_t i;
int optlen;
FILE *fp = status ? stderr : stdout;
fprintf(fp,
"Usage: sandbox [options] [program [program args...]]\n"
"\n"
"Sandbox will start up a sandbox session and execute the specified program.\n"
"If no program is specified, an interactive shell is automatically launched.\n"
"You can use this to quickly test out sandbox behavior.\n"
"\n"
"Upon startup, initial settings are taken from these files / directories:\n"
"\t" SANDBOX_CONF_FILE "\n"
"\t" SANDBOX_CONFD_DIR "\n"
);
fprintf(fp, "\nOptions: -[%s]\n", PARSE_FLAGS + 1);
/* prescan the --long opt length to auto-align */
optlen = 0;
for (i = 0; long_opts[i].name; ++i) {
int l = strlen(long_opts[i].name);
if (long_opts[i].has_arg == a_argument)
l += a_arg_len;
optlen = MAX(l, optlen);
}
for (i = 0; long_opts[i].name; ++i) {
/* first output the short flag if it has one */
if (long_opts[i].val > '~' || long_opts[i].val < ' ')
printf(" ");
else
printf(" -%c, ", long_opts[i].val);
/* then the long flag */
if (long_opts[i].has_arg == no_argument)
printf("--%-*s", optlen, long_opts[i].name);
else
printf("--%s %s %*s", long_opts[i].name, a_arg,
(int)(optlen - strlen(long_opts[i].name) - a_arg_len), "");
/* finally the help text */
printf(" * %s\n", opts_help[i]);
}
fprintf(fp, "\nContact: " PACKAGE_BUGREPORT " via https://bugs.gentoo.org/\n");
exit(status);
}
static void run_configure(int argc, char *argv[])
{
int i;
char *cmd;
xasprintf(&cmd, "set -x; ./configure %s", sb_sonfigure_opts);
/* This doesn't need to be fast, so keep it simple. */
for (i = optind; i < argc; ++i)
xasprintf(&cmd, "%s %s", cmd, argv[i]);
exit(system(cmd));
}
void parseargs(int argc, char *argv[])
{
int i;
while ((i = getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) {
switch (i) {
case 'c':
opt_use_bash = true;
break;
case 'd':
if (opt_debug <= 0)
opt_debug = 1;
else
++opt_debug;
break;
case 'V':
show_version();
case 'h':
show_usage(0);
case 0x800:
run_configure(argc, argv);
case '?':
show_usage(1);
default:
sb_ebort("ISE: unhandled CLI option %c\n", i);
}
}
read_config();
}
|
GitWeb