| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Almost no one has beep support turned on anymore, and ebeep in the main
tree has been deprecated (meaning it wasn't found useful while building
packages). So punt support for it from sandbox too.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since every consumer of sb_open gets a copy of the sbio_open data, push
the init of this into the .data section of the respective consumers to
avoid the runtime overhead.
This just leaves sandbox_lib setup in the constructor function, but that
is only needed by the execve wrapper, so push down init of that to the
existing sb_init logic which happens before our execve wrapper gets used.
URL: http://bugs.gentoo.org/404013
Reported-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Inheriting signals are normal/fine, so don't warn about those since they
aren't a problem.
URL: http://bugs.gentoo.org/285341
Reported-by: Paul Varner <fuzzyray@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The autotool build system already adds PIC where needed, so don't force
our own -D/-f options.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Always use local sandbox.d copy to avoid random /etc/sandbox.d issues like
it doesn't exist, or has permission problems, or anything else.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Initial support for tracing non-default personalities. For example,
tracing a 32bit binary from a 64bit environment.
URL: http://bugs.gentoo.org/264399
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Patrick Lauer <patrick@gentoo.org>
|
|
|
|
|
|
|
|
| |
The very old method of loading sandbox was via ld.so.preload, so it was
added to default deny list. However, that's long dead, and since it does
not conflict with LD_PRELOAD, no point in preventing access.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
If launching another sandbox instance, don't blindly append LD_PRELOAD
with the sandbox lib.
URL: http://bugs.gentoo.org/216942
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Brian Harring <ferringb@gmail.com>
|
|
|
|
|
|
|
| |
If the command sandbox was instructed to execute failed, make sure we pass
that exact exit status back up instead of normalizing everything to 0/1.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
We don't want people to bypass normal mechanisms with the testing var, so
zero out the name when installing the sandbox binary.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The sandbox.sh file is generated now, so do not mark it as a dist target.
To make this kind of error easier to figure out in the future, have all
sandbox errors related to files include the full filename that is causing
an error.
URL: http://bugs.gentoo.org/258690
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Alexis Ballier <aballier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
If the SIGHUP signal is already set to SIG_IGN, then do not replace it
with our own handler as most likely this means the user is using `nohup`.
As for the other signals, check the return value and warn if something
weird happens (like they aren't all set to SIG_DFL).
URL: http://bugs.gentoo.org/217898
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ken Bloom <kbloom@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Make sure we source the local sandbox.{bashrc,conf} and we always make the
helper functions available when testing even if we aren't interactive. Now
we can run `make check` and test the local version of sandbox even when we
are running under another sandbox env.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
A "typedef" was missing when declaring the sandbox_info_t struct resulting
in a large unused "sandbox_info_t" object showing up everywhere. Normally
this isn't a problem (other than resource waste), but some systems don't
like multiply defined objects even if they're in the .bss section.
URL: http://bugs.gentoo.org/258031
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Timo Kamph <timo@kamph.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Avoid memory management issues and read/write the log file directly to
stderr.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/256741
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Javier Villavicencio <the_paya@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
If installing sandbox into a non-standard location (and the library ends up
in a non-standard path where the ELF loader does not search), then set the
LD_PRELOAD variable to the full path.
URL: http://bugs.gentoo.org/254358
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Jeremy Olexa <darkside@gentoo.org>
|
|
|
|
|
|
|
|
| |
Pull the x* memory functions out of rcscripts and into libsbutil and change
their style to match the rest of sbutil. Also add xzalloc() and xstrdup(),
and convert pointless strndup() usage to strdup().
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Include the full libc path (LIBC_PATH) in the sandbox --version output as
this is very useful debug information.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Rather than mucking with paths dynamically, just get the absolute top
builddir from configure.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/194943
Signed-off-by: Ed Catmur <ed@catmur.co.uk>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
sb_printf function
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/238231
Signed-off-by: David Leverton <levertond@googlemail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
|
|
| |
is was not and is pointed out, I will rectify it.
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|