| zygote.c (296047) | zygote.c (301572) |
|---|---|
| 1/*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * Copyright (c) 2015 Mariusz Zaborski <oshogbo@FreeBSD.org> 4 * All rights reserved. 5 * 6 * This software was developed by Pawel Jakub Dawidek under sponsorship from 7 * the FreeBSD Foundation. 8 * --- 15 unchanged lines hidden (view full) --- 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * Copyright (c) 2015 Mariusz Zaborski <oshogbo@FreeBSD.org> 4 * All rights reserved. 5 * 6 * This software was developed by Pawel Jakub Dawidek under sponsorship from 7 * the FreeBSD Foundation. 8 * --- 15 unchanged lines hidden (view full) --- 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31#include <sys/cdefs.h> |
| 32__FBSDID("$FreeBSD: head/lib/libcasper/libcasper/zygote.c 296047 2016-02-25 18:23:40Z oshogbo $"); | 32__FBSDID("$FreeBSD: head/lib/libcasper/libcasper/zygote.c 301572 2016-06-08 02:03:53Z oshogbo $"); |
| 33 34#include <sys/types.h> 35#include <sys/capsicum.h> 36#include <sys/procdesc.h> 37#include <sys/socket.h> 38#include <sys/nv.h> 39 40#include <assert.h> 41#include <err.h> 42#include <errno.h> | 33 34#include <sys/types.h> 35#include <sys/capsicum.h> 36#include <sys/procdesc.h> 37#include <sys/socket.h> 38#include <sys/nv.h> 39 40#include <assert.h> 41#include <err.h> 42#include <errno.h> |
| 43#include <paths.h> | |
| 44#include <stdbool.h> 45#include <stdlib.h> 46#include <strings.h> 47#include <unistd.h> 48 49#include "zygote.h" 50 51/* Zygote info. */ 52static int zygote_sock = -1; 53 | 43#include <stdbool.h> 44#include <stdlib.h> 45#include <strings.h> 46#include <unistd.h> 47 48#include "zygote.h" 49 50/* Zygote info. */ 51static int zygote_sock = -1; 52 |
| 54static void 55stdnull(void) 56{ 57 int fd; 58 59 fd = open(_PATH_DEVNULL, O_RDWR); 60 if (fd == -1) 61 errx(1, "Unable to open %s", _PATH_DEVNULL); 62 63 if (setsid() == -1) 64 errx(1, "Unable to detach from session"); 65 66 if (dup2(fd, STDIN_FILENO) == -1) 67 errx(1, "Unable to cover stdin"); 68 if (dup2(fd, STDOUT_FILENO) == -1) 69 errx(1, "Unable to cover stdout"); 70 if (dup2(fd, STDERR_FILENO) == -1) 71 errx(1, "Unable to cover stderr"); 72 73 close(fd); 74} 75 | |
| 76int 77zygote_clone(zygote_func_t *func, int *chanfdp, int *procfdp) 78{ 79 nvlist_t *nvl; 80 int error; 81 82 if (zygote_sock == -1) { 83 /* Zygote didn't start. */ --- 24 unchanged lines hidden (view full) --- 108 * This function creates sandboxes on-demand whoever has access to it via 109 * 'sock' socket. Function sends two descriptors to the caller: process 110 * descriptor of the sandbox and socket pair descriptor for communication 111 * between sandbox and its owner. 112 */ 113static void 114zygote_main(int sock) 115{ | 53int 54zygote_clone(zygote_func_t *func, int *chanfdp, int *procfdp) 55{ 56 nvlist_t *nvl; 57 int error; 58 59 if (zygote_sock == -1) { 60 /* Zygote didn't start. */ --- 24 unchanged lines hidden (view full) --- 85 * This function creates sandboxes on-demand whoever has access to it via 86 * 'sock' socket. Function sends two descriptors to the caller: process 87 * descriptor of the sandbox and socket pair descriptor for communication 88 * between sandbox and its owner. 89 */ 90static void 91zygote_main(int sock) 92{ |
| 116 int error, fd, procfd; | 93 int error, procfd; |
| 117 int chanfd[2]; 118 nvlist_t *nvlin, *nvlout; 119 zygote_func_t *func; 120 pid_t pid; 121 122 assert(sock > STDERR_FILENO); 123 124 setproctitle("zygote"); 125 | 94 int chanfd[2]; 95 nvlist_t *nvlin, *nvlout; 96 zygote_func_t *func; 97 pid_t pid; 98 99 assert(sock > STDERR_FILENO); 100 101 setproctitle("zygote"); 102 |
| 126 stdnull(); 127 for (fd = STDERR_FILENO + 1; fd < sock; fd++) 128 close(fd); 129 closefrom(sock + 1); 130 | |
| 131 for (;;) { 132 nvlin = nvlist_recv(sock, 0); 133 if (nvlin == NULL) { 134 if (errno == ENOTCONN) { 135 /* Casper exited. */ 136 exit(0); 137 } 138 continue; --- 85 unchanged lines hidden --- | 103 for (;;) { 104 nvlin = nvlist_recv(sock, 0); 105 if (nvlin == NULL) { 106 if (errno == ENOTCONN) { 107 /* Casper exited. */ 108 exit(0); 109 } 110 continue; --- 85 unchanged lines hidden --- |