| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This will lock down the ability to use set*id programs (like sudo),
and will allow us to utilize seccomp bpf to speed up ptrace.
Closes: https://bugs.gentoo.org/442172
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
| |
These modify the filesystem, so don't let them do their business.
Fixes: https://bugs.gentoo.org/672566
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
| |
This initial version doesn't enable their use by default.
URL: https://bugs.gentoo.org/512794
Reported-by: Matthew Thode <prometheanfire@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
| |
This lays the groundwork for adding more runtime options.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lays the groundwork for fixing handling of broken symlinks. The
gnulib code is hand imported because using the gnulib tool imports a
ton of code we do not want. Only the bare minimum is imported so we
can use the canonicalize_filename_mode function.
This function is needed to canonicalize symlinks that are ultimately
broken. The current sandbox/C library code only supports two modes:
(1) dereference a single symlink
(2) dereference *all* symlinks, but only if all links are valid
For sandbox, we need to know the final path a symlink points to even
if that path doesn't (yet) exist.
Note: This commit doesn't actually fix the bug, just brings in the
functions we need to do so.
URL: https://bugs.gentoo.org/540828
Reported-by: Rick Farina <zerochaos@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
| |
Should speed up loading of strings from remote processes as we only have
to do (usually) one syscall to extract the whole string in one shot.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
| |
These contain useful defines which we sometimes want to leverage.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
| |
Add test cases for symlink behavior and unify some of the test code to
make adding more test cases even easier.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
Since the main sandbox code maintains state with global variables (like
sbcontext), make sure we use a pthread mutex to prevent multiple threads
from corrupting each other. In the non-threaded case this shouldn't be
a problem as the C library provides redirection stubs in its own code.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
| |
Some systems define psignal() in siginfo.h, so use it when available.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
Mike Frysinger
GitWeb