diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2021-10-28 23:50:00 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2021-10-28 23:50:00 -0400 |
| commit | 9a026d957ffc18ab4f4f7d069f4373ddf190eca9 (patch) | |
| tree | f8e0ef9c56121397b750f4f82c53212de79ea946 /src | |
| parent | sandbox: avoid repetitive strlen calculations when building cmdline (diff) | |
| download | sandbox-9a026d957ffc18ab4f4f7d069f4373ddf190eca9.tar.gz sandbox-9a026d957ffc18ab4f4f7d069f4373ddf190eca9.tar.bz2 sandbox-9a026d957ffc18ab4f4f7d069f4373ddf190eca9.zip | |
sandbox: change interface to make it easier to pass thru
The sandbox command line is passed to a shell for execution. This can
be a bit awkward to quote right if you weren't expecting it, and even
if you were. Change the default behavior to be more like `env` where
the arguments, as they are, get passed through and run. If people want
the old shell behavior, they can use the -c option akin to `bash -c`.
Bug: https://bugs.gentoo.org/265907
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/options.c | 8 | ||||
| -rw-r--r-- | src/sandbox.c | 46 | ||||
| -rw-r--r-- | src/sandbox.h | 1 |
3 files changed, 35 insertions, 20 deletions
diff --git a/src/options.c b/src/options.c index 03cffda..64cd750 100644 --- a/src/options.c +++ b/src/options.c @@ -20,6 +20,7 @@ int opt_use_ns_sysv = -1; int opt_use_ns_time = -1; int opt_use_ns_user = -1; int opt_use_ns_uts = -1; +bool opt_use_bash = false; static const struct { const char *name; @@ -76,7 +77,7 @@ static void show_version(void) exit(0); } -#define PARSE_FLAGS "+hV" +#define PARSE_FLAGS "+chV" #define a_argument required_argument static struct option const long_opts[] = { {"ns-on", no_argument, &opt_use_namespaces, true}, @@ -99,6 +100,7 @@ static struct option const long_opts[] = { {"ns-user-off", no_argument, &opt_use_ns_user, false}, {"ns-uts-on", no_argument, &opt_use_ns_uts, true}, {"ns-uts-off", no_argument, &opt_use_ns_uts, false}, + {"bash", no_argument, NULL, 'c'}, {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'V'}, {"run-configure", no_argument, NULL, 0x800}, @@ -125,6 +127,7 @@ static const char * const opts_help[] = { "Disable the use of user namespaces", "Enable the use of UTS (hostname/uname) namespaces", "Disable the use of UTS (hostname/uname) namespaces", + "Run command through bash shell", "Print this help and exit", "Print version and exit", "Run local sandbox configure in same way and exit (developer only)", @@ -201,6 +204,9 @@ void parseargs(int argc, char *argv[]) while ((i = getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) { switch (i) { + case 'c': + opt_use_bash = true; + break; case 'V': show_version(); case 'h': diff --git a/src/sandbox.c b/src/sandbox.c index 7e8a769..7d6b03f 100644 --- a/src/sandbox.c +++ b/src/sandbox.c @@ -175,7 +175,9 @@ static int spawn_shell(char *argv_bash[], char **env, int debug) /* Child's process */ if (0 == child_pid) { - int ret = execve(argv_bash[0], argv_bash, env); + /* Would be nice if execvpe were in POSIX. */ + environ = env; + int ret = execvp(argv_bash[0], argv_bash); sb_pwarn("failed to exec child"); _exit(ret); } else if (child_pid < 0) { @@ -258,25 +260,31 @@ int main(int argc, char **argv) goto oom_error; /* Setup bash argv */ - str_list_add_item_copy(argv_bash, "/bin/bash", oom_error); - str_list_add_item_copy(argv_bash, "-rcfile", oom_error); - str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error); - if (argc >= 2) { - int i; - size_t cmdlen; - char *cmd = NULL; - - str_list_add_item_copy(argv_bash, run_str, oom_error); - str_list_add_item_copy(argv_bash, argv[1], oom_error); - cmdlen = strlen(argv_bash[4]); - for (i = 2; i < argc; i++) { - size_t arglen = strlen(argv[i]); - argv_bash[4] = xrealloc(argv_bash[4], cmdlen + arglen + 2); - argv_bash[4][cmdlen] = ' '; - memcpy(argv_bash[4] + cmdlen + 1, argv[i], arglen); - cmdlen += arglen + 1; - argv_bash[4][cmdlen] = '\0'; + if (opt_use_bash || argc == 1) { + str_list_add_item_copy(argv_bash, "/bin/bash", oom_error); + str_list_add_item_copy(argv_bash, "-rcfile", oom_error); + str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error); + if (argc >= 2) { + int i; + size_t cmdlen; + char *cmd = NULL; + + str_list_add_item_copy(argv_bash, run_str, oom_error); + str_list_add_item_copy(argv_bash, argv[1], oom_error); + cmdlen = strlen(argv_bash[4]); + for (i = 2; i < argc; i++) { + size_t arglen = strlen(argv[i]); + argv_bash[4] = xrealloc(argv_bash[4], cmdlen + arglen + 2); + argv_bash[4][cmdlen] = ' '; + memcpy(argv_bash[4] + cmdlen + 1, argv[i], arglen); + cmdlen += arglen + 1; + argv_bash[4][cmdlen] = '\0'; + } } + } else { + int i; + for (i = 1; i < argc; ++i) + str_list_add_item_copy(argv_bash, argv[i], oom_error); } #ifdef HAVE_PRCTL diff --git a/src/sandbox.h b/src/sandbox.h index 7e5b575..cdc1b9e 100644 --- a/src/sandbox.h +++ b/src/sandbox.h @@ -52,5 +52,6 @@ extern int opt_use_ns_sysv; extern int opt_use_ns_time; extern int opt_use_ns_user; extern int opt_use_ns_uts; +extern bool opt_use_bash; #endif |