Allow to create symlinks
This commit is contained in:
Robert Swiecki
parent
963a7b6913
commit
e4aba73385
@ -624,6 +624,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = "";
|
||||
p->fs_type = "";
|
||||
p->isDir = mountIsDir(optarg);
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_TAIL(&nsjconf->mountpts, p, pointers);
|
||||
} break;
|
||||
@ -638,6 +639,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = "";
|
||||
p->fs_type = "";
|
||||
p->isDir = mountIsDir(optarg);
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_TAIL(&nsjconf->mountpts, p, pointers);
|
||||
} break;
|
||||
@ -651,6 +653,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = cmdlineTmpfsSz;
|
||||
p->fs_type = "tmpfs";
|
||||
p->isDir = true;
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_TAIL(&nsjconf->mountpts, p, pointers);
|
||||
} break;
|
||||
@ -739,6 +742,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = "";
|
||||
p->fs_type = "proc";
|
||||
p->isDir = true;
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->mountpts, p, pointers);
|
||||
}
|
||||
@ -755,6 +759,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = "";
|
||||
p->fs_type = "";
|
||||
p->isDir = true;
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->mountpts, p, pointers);
|
||||
} else {
|
||||
@ -770,6 +775,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
p->options = "";
|
||||
p->fs_type = "tmpfs";
|
||||
p->isDir = true;
|
||||
p->isSymlink = false;
|
||||
p->mandatory = true;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->mountpts, p, pointers);
|
||||
}
|
||||
|
||||
1
common.h
1
common.h
@ -73,6 +73,7 @@ struct mounts_t {
|
||||
const char *options;
|
||||
uintptr_t flags;
|
||||
bool isDir;
|
||||
bool isSymlink;
|
||||
bool mandatory;
|
||||
TAILQ_ENTRY(mounts_t) pointers;
|
||||
};
|
||||
|
||||
2
config.c
2
config.c
@ -202,7 +202,7 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
|
||||
|
||||
if (mountAddMountPt
|
||||
(nsjconf, src, dst, fstype, options, flags, isDir, mandatory, src_env,
|
||||
dst_env, src_content, src_content_len) == false) {
|
||||
dst_env, src_content, src_content_len, njc->mount[i]->is_symlink) == false) {
|
||||
LOG_E("Couldn't add mountpoint for src:'%s' dst:'%s'", src, dst);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -51,6 +51,8 @@ message MountPt
|
||||
optional bool is_dir = 10;
|
||||
/* Should the sandboxing fail if we cannot mount this resource? */
|
||||
required bool mandatory = 11 [ default = true ];
|
||||
/* Is it a symlink (instead of real mount point)? */
|
||||
required bool is_symlink = 12 [ default = false ];
|
||||
}
|
||||
message Exe
|
||||
{
|
||||
|
||||
@ -129,6 +129,12 @@ mount {
|
||||
is_bind: false
|
||||
}
|
||||
|
||||
mount {
|
||||
src: "/proc/self/fd"
|
||||
dst: "/dev/fd"
|
||||
is_symlink: true
|
||||
}
|
||||
|
||||
mount {
|
||||
src: "/dev/null"
|
||||
dst: "/dev/null"
|
||||
@ -156,7 +162,6 @@ mount {
|
||||
|
||||
seccomp_string: "
|
||||
POLICY example {
|
||||
ERRNO(1337) { geteuid },
|
||||
KILL { syslog },
|
||||
ERRNO(0) { ptrace }
|
||||
}
|
||||
|
||||
27
mount.c
27
mount.c
@ -122,7 +122,7 @@ static bool mountMount(struct mounts_t *mpt, const char *newroot, const char *tm
|
||||
char dst[PATH_MAX];
|
||||
snprintf(dst, sizeof(dst), "%s/%s", newroot, mpt->dst);
|
||||
|
||||
LOG_D("Mounting '%s'", mountDescribeMountPt(mpt));
|
||||
LOG_D("mounting '%s'", mountDescribeMountPt(mpt));
|
||||
|
||||
char srcpath[PATH_MAX];
|
||||
if (mpt->src != NULL && strlen(mpt->src) > 0) {
|
||||
@ -131,7 +131,12 @@ static bool mountMount(struct mounts_t *mpt, const char *newroot, const char *tm
|
||||
snprintf(srcpath, sizeof(srcpath), "none");
|
||||
}
|
||||
|
||||
if (mpt->isDir == true) {
|
||||
if (mpt->isSymlink == true) {
|
||||
if (utilCreateDirRecursively(dst) == false) {
|
||||
LOG_W("Couldn't create upper directories for '%s'", dst);
|
||||
return false;
|
||||
}
|
||||
} else if (mpt->isDir == true) {
|
||||
if (utilCreateDirRecursively(dst) == false) {
|
||||
LOG_W("Couldn't create upper directories for '%s'", dst);
|
||||
return false;
|
||||
@ -152,6 +157,15 @@ static bool mountMount(struct mounts_t *mpt, const char *newroot, const char *tm
|
||||
}
|
||||
}
|
||||
|
||||
if (mpt->isSymlink == true) {
|
||||
LOG_D("symlink('%s', '%s')", srcpath, dst);
|
||||
if (symlink(srcpath, dst) == -1) {
|
||||
PLOG_W("symlink('%s', '%s')", srcpath, dst);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mpt->src_content) {
|
||||
snprintf(srcpath, sizeof(srcpath), "%s/file.XXXXXX", tmpdir);
|
||||
int fd = mkostemp(srcpath, O_CLOEXEC);
|
||||
@ -198,6 +212,9 @@ static bool mountMount(struct mounts_t *mpt, const char *newroot, const char *tm
|
||||
|
||||
static bool mountRemountRO(struct mounts_t *mpt)
|
||||
{
|
||||
if (mpt->isSymlink == true) {
|
||||
return true;
|
||||
}
|
||||
if (!(mpt->flags & MS_RDONLY)) {
|
||||
return true;
|
||||
}
|
||||
@ -379,7 +396,7 @@ bool mountInitNs(struct nsjconf_t * nsjconf)
|
||||
bool mountAddMountPt(struct nsjconf_t * nsjconf, const char *src, const char *dst,
|
||||
const char *fstype, const char *options, uintptr_t flags, const bool * isDir,
|
||||
bool mandatory, const char *src_env, const char *dst_env,
|
||||
const uint8_t * src_content, size_t src_content_len)
|
||||
const uint8_t * src_content, size_t src_content_len, bool is_symlink)
|
||||
{
|
||||
struct mounts_t *p = utilCalloc(sizeof(struct mounts_t));
|
||||
|
||||
@ -430,6 +447,7 @@ bool mountAddMountPt(struct nsjconf_t * nsjconf, const char *src, const char *ds
|
||||
p->options = utilStrDup(options);
|
||||
p->flags = flags;
|
||||
p->isDir = true;
|
||||
p->isSymlink = is_symlink;
|
||||
p->mandatory = mandatory;
|
||||
|
||||
if (isDir) {
|
||||
@ -471,6 +489,9 @@ const char *mountDescribeMountPt(struct mounts_t *mpt)
|
||||
utilSSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " src_content_len:%zu",
|
||||
mpt->src_content_len);
|
||||
}
|
||||
if (mpt->isSymlink) {
|
||||
utilSSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " symlink:true");
|
||||
}
|
||||
|
||||
return mount_pt_descr;
|
||||
}
|
||||
|
||||
2
mount.h
2
mount.h
@ -32,7 +32,7 @@ bool mountInitNs(struct nsjconf_t *nsjconf);
|
||||
bool mountAddMountPt(struct nsjconf_t *nsjconf, const char *src, const char *dst,
|
||||
const char *fstype, const char *options, uintptr_t flags, const bool * isDir,
|
||||
bool mandatory, const char *src_env, const char *dst_env,
|
||||
const uint8_t * src_content, size_t src_content_len);
|
||||
const uint8_t * src_content, size_t src_content_len, bool is_symlink);
|
||||
const char *mountDescribeMountPt(struct mounts_t *mpt);
|
||||
|
||||
#endif /* NS_MOUNT_H */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user