aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2013-02-22 21:18:07 -0500
committerMike Frysinger <vapier@gentoo.org>2013-02-24 23:15:44 -0500
commite12fee192ac8b0343a468e5a8f7811a7b029ff9a (patch)
tree252b2e528a3fb99f5cc32127a32ad4d785008a6f /libsandbox
parentlibsandbox: handle ENOSYS w/process_vm_readv (diff)
downloadsandbox-e12fee192ac8b0343a468e5a8f7811a7b029ff9a.tar.gz
sandbox-e12fee192ac8b0343a468e5a8f7811a7b029ff9a.tar.bz2
sandbox-e12fee192ac8b0343a468e5a8f7811a7b029ff9a.zip
add a new message env var
This is used whenever sandbox wants to display an informational message. For example, early notification of a path violation, or debugging output. We can't just pop open an fd and pass that around as apps consider that leakage and will often break assumptions in terms of free fds. Or apps that start up and cleanse all of their open fds. So instead, we just pass around an env var that holds the full path to the file we want will write to. Since these messages are infrequent (compared to overall runtime), opening/writing/closing the path every time is fine. This also avoids all the problems associated with using external portage helpers for writing messages. A follow up commit will take care of the situation where apps (such as scons) attempt to also cleanse the env before forking. URL: http://bugs.gentoo.org/278761 URL: http://bugs.gentoo.org/431638 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox')
-rw-r--r--libsandbox/libsandbox.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index eaa5c7d..0ec5fe1 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -47,6 +47,7 @@ typedef struct {
static char *cached_env_vars[MAX_DYN_PREFIXES];
static char log_path[SB_PATH_MAX];
static char debug_log_path[SB_PATH_MAX];
+static char message_path[SB_PATH_MAX];
bool sandbox_on = true;
static bool sb_init = false;
int (*sbio_open)(const char *, int, mode_t) = sb_unwrapped_open;
@@ -58,6 +59,7 @@ static void clean_env_entries(char ***, int *);
static void init_context(sbcontext_t *);
static void init_env_entries(char ***, int *, const char *, const char *, int);
+const char *sbio_message_path;
const char sbio_fallback_path[] = "/dev/tty";
/* resolve_dirfd_path - get the path relative to a dirfd
@@ -940,6 +942,8 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
get_sandbox_log(log_path, NULL);
get_sandbox_debug_log(debug_log_path, NULL);
+ get_sandbox_message_path(message_path);
+ sbio_message_path = message_path;
init_context(&sbcontext);
sb_init = true;