* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2015-09-11 7:53 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2015-09-11 7:53 UTC (permalink / raw
To: gentoo-commits
commit: c119fe8e393540224c803ab5036ddb80b800716c
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 23 04:52:47 2013 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 23 04:52:47 2013 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c119fe8e
sandbox: pass child signals back up to the parent
We were incorrectly passing signal information back up to the parent.
See the URL for more information.
URL: http://www.cons.org/cracauer/sigint.html
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 72 +++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 48 insertions(+), 24 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 3783bca..c2a1d25 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -131,7 +131,7 @@ static void print_sandbox_log(char *sandbox_log)
static void stop(int signum)
{
if (0 == stop_called) {
- stop_called = 1;
+ stop_called = signum;
sb_warn("caught signal %d in pid %d", signum, getpid());
} else
sb_warn("signal already caught and busy still cleaning up!");
@@ -140,7 +140,7 @@ static void stop(int signum)
static void usr1_handler(int signum, siginfo_t *siginfo, void *ucontext)
{
if (0 == stop_called) {
- stop_called = 1;
+ stop_called = signum;
sb_warn("caught signal %d in pid %d", signum, getpid());
/* FIXME: This is really bad form, as we should kill the whole process
@@ -183,12 +183,11 @@ static int spawn_shell(char *argv_bash[], char **env, int debug)
sb_pwarn("failed to waitpid for child");
return 1;
} else if (status != 0) {
- if (WIFSIGNALED(status)) {
+ if (WIFSIGNALED(status))
psignal(WTERMSIG(status), "Sandboxed process killed by signal");
- return 128 + WTERMSIG(status);
- } else if (debug)
+ else if (debug)
sb_warn("process returned with failed exit status %d!", WEXITSTATUS(status));
- return WEXITSTATUS(status) ? : 1;
+ return status;
}
return 0;
@@ -196,8 +195,6 @@ static int spawn_shell(char *argv_bash[], char **env, int debug)
int main(int argc, char **argv)
{
- struct sigaction act_new;
-
int sandbox_log_presence = 0;
struct sandbox_info_t sandbox_info;
@@ -308,26 +305,39 @@ int main(int argc, char **argv)
}
}
- /* set up the required signal handlers ... but allow SIGHUP to be
- * ignored in case people are running `nohup ...` #217898
- */
- if (signal(SIGHUP, &stop) == SIG_IGN)
- signal(SIGHUP, SIG_IGN);
-#define wsignal(sig, act) \
+ /* Set up the required signal handlers */
+ int sigs[] = { SIGHUP, SIGINT, SIGQUIT, SIGTERM, SIGUSR1, };
+ struct sigaction act_new, act_old[ARRAY_SIZE(sigs)];
+ size_t si = 0;
+
+#define wsigaction() \
do { \
- sighandler_t _old = signal(sig, act); \
- if (_old == SIG_ERR) \
- sb_pwarn("unable to bind signal %s", #sig); \
- else if (_old != SIG_DFL && _old != SIG_IGN) \
- sb_warn("signal %s already had a handler ...", #sig); \
+ if (sigaction(sigs[si], &act_new, &act_old[si])) \
+ sb_pwarn("unable to bind signal %i", sigs[si]); \
+ else if (act_old[si].sa_handler != SIG_DFL && \
+ act_old[si].sa_handler != SIG_IGN) \
+ sb_warn("signal %i already had a handler ...", sigs[si]); \
+ ++si; \
} while (0)
- wsignal(SIGINT, &stop);
- wsignal(SIGQUIT, &stop);
- wsignal(SIGTERM, &stop);
+
+ sigemptyset(&act_new.sa_mask);
+ act_new.sa_sigaction = NULL;
+ act_new.sa_handler = stop;
+ act_new.sa_flags = SA_RESTART;
+ wsigaction();
+ wsigaction();
+ wsigaction();
+ wsigaction();
+
+ sigemptyset(&act_new.sa_mask);
+ act_new.sa_handler = NULL;
act_new.sa_sigaction = usr1_handler;
- sigemptyset (&act_new.sa_mask);
act_new.sa_flags = SA_SIGINFO | SA_RESTART;
- sigaction (SIGUSR1, &act_new, NULL);
+ wsigaction();
+
+ /* Allow SIGHUP to be ignored in case people are running `nohup ...` #217898 */
+ if (act_old[0].sa_handler == SIG_IGN)
+ sigaction(SIGHUP, &act_old[0], NULL);
/* STARTING PROTECTED ENVIRONMENT */
dputs("The protected environment has been started.");
@@ -353,6 +363,20 @@ int main(int argc, char **argv)
} else
dputs(sandbox_footer);
+ /* Do the right thing and pass the signal back up. See:
+ * http://www.cons.org/cracauer/sigint.html
+ */
+ if (stop_called != SIGUSR1 && WIFSIGNALED(shell_exit)) {
+ int signum = WTERMSIG(shell_exit);
+ for (si = 0; si < ARRAY_SIZE(sigs); ++si)
+ sigaction(sigs[si], &act_old[si], NULL);
+ kill(getpid(), signum);
+ return 128 + signum;
+ } else if (WIFEXITED(shell_exit))
+ shell_exit = WEXITSTATUS(shell_exit);
+ else
+ shell_exit = 1; /* ??? */
+
if (!is_env_on(ENV_SANDBOX_TESTING))
if (sandbox_log_presence && shell_exit == 0)
shell_exit = 1;
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2015-09-11 7:53 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2015-09-11 7:53 UTC (permalink / raw
To: gentoo-commits
commit: d6af3ad271c3893419962059092eea29ffb4f507
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 25 04:57:17 2013 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Feb 25 04:57:17 2013 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=d6af3ad2
sandbox: do not resolve target of stderr
The recent e12fee192ac8b0343a468e5a8f7811a7b029ff9a commit does not
handle things when stderr is connected to a real file (e.g. a pipe
or a socket or fifo or ...). It also does not play well to have
multiple things writing to the same file through different fds.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 51f2d95..3783bca 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -82,15 +82,18 @@ static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)
}
/* Generate sandbox message path -- this process's stderr */
- char path[SB_PATH_MAX];
- sprintf(path, "%s/2", sb_get_fd_dir());
- if (realpath(path, sandbox_info->sandbox_message_path) == NULL) {
- sb_pwarn("could not read stderr path: %s", path);
+ const char *fdpath = sb_get_fd_dir();
+ if (realpath(fdpath, sandbox_info->sandbox_message_path) == NULL) {
+ sb_pwarn("could not read fd path: %s", fdpath);
if (realpath(sbio_fallback_path, sandbox_info->sandbox_message_path)) {
sb_pwarn("could not read stderr path: %s", sbio_fallback_path);
/* fuck it */
strcpy(sandbox_info->sandbox_message_path, sbio_fallback_path);
}
+ } else {
+ /* Do not resolve the target of stderr because it could be something
+ * that doesn't exist on the fs. Like a pipe (`tee` and such). */
+ strcat(sandbox_info->sandbox_message_path, "/2");
}
return 0;
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2016-03-29 12:24 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2016-03-29 12:24 UTC (permalink / raw
To: gentoo-commits
commit: 9b2b36945ec4e0335e0375cc45e14c41c66d28ae
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 29 09:16:15 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Mar 29 09:16:15 2016 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9b2b3694
sandbox: allow user to force SIGKILL
Sometimes the child process can get wedged and not respond to CTRL+C,
so add an escape hatch so the user can easily force SIGKILL.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index c668ab6..503ad0b 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -128,13 +128,21 @@ static void print_sandbox_log(char *sandbox_log)
sb_eerror("--------------------------------------------------------------------------------\n");
}
+static int stop_count = 5;
+
static void stop(int signum)
{
if (0 == stop_called) {
stop_called = signum;
sb_warn("caught signal %d in pid %d", signum, getpid());
- } else
- sb_warn("signal already caught and busy still cleaning up!");
+ } else if (--stop_count) {
+ sb_warn("Send signal %i more time%s to force SIGKILL",
+ stop_count, stop_count == 1 ? "" : "s");
+ } else {
+ /* This really should kill all children; see usr1_handler. */
+ kill(child_pid, SIGKILL);
+ stop_count = 1;
+ }
}
static void usr1_handler(int signum, siginfo_t *siginfo, void *ucontext)
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-10-28 9:56 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-10-28 9:56 UTC (permalink / raw
To: gentoo-commits
commit: e9a45d1832ba36acd11bf4c8fa57b576f87d17c5
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 28 09:51:23 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Oct 28 09:51:23 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e9a45d18
sandbox: undefine dprintf
The C library has a dprintf function too, and it might be a define
that clashes with ours, so undefine it to avoid warnings.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/sandbox.c b/src/sandbox.c
index d74abd9..6cd5f38 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -15,6 +15,9 @@
#include "sbutil.h"
#include "sandbox.h"
+/* The C library might have a macro for this. */
+#undef dprintf
+
static int print_debug = 0;
#define dprintf(fmt, args...) do { if (print_debug) printf(fmt, ## args); } while (0)
#define dputs(str) do { if (print_debug) puts(str); } while (0)
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-10-29 5:37 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-10-29 5:37 UTC (permalink / raw
To: gentoo-commits
commit: c029863b70ca77f59cd181974cfab0fa18c0a265
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 29 03:38:58 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Oct 29 03:38:58 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c029863b
sandbox: avoid repetitive strlen calculations when building cmdline
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 6cd5f38..7e8a769 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -263,21 +263,19 @@ int main(int argc, char **argv)
str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error);
if (argc >= 2) {
int i;
+ size_t cmdlen;
+ char *cmd = NULL;
str_list_add_item_copy(argv_bash, run_str, oom_error);
str_list_add_item_copy(argv_bash, argv[1], oom_error);
+ cmdlen = strlen(argv_bash[4]);
for (i = 2; i < argc; i++) {
- char *tmp_ptr;
-
- tmp_ptr = xrealloc(argv_bash[4],
- (strlen(argv_bash[4]) +
- strlen(argv[i]) + 2) *
- sizeof(char));
- argv_bash[4] = tmp_ptr;
-
- snprintf(argv_bash[4] + strlen(argv_bash[4]),
- strlen(argv[i]) + 2, " %s",
- argv[i]);
+ size_t arglen = strlen(argv[i]);
+ argv_bash[4] = xrealloc(argv_bash[4], cmdlen + arglen + 2);
+ argv_bash[4][cmdlen] = ' ';
+ memcpy(argv_bash[4] + cmdlen + 1, argv[i], arglen);
+ cmdlen += arglen + 1;
+ argv_bash[4][cmdlen] = '\0';
}
}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-01 18:31 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-01 18:31 UTC (permalink / raw
To: gentoo-commits
commit: 52357565c61a5d2c4f4da693caae852a4d90b111
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 1 18:31:23 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Nov 1 18:31:23 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=52357565
sandbox: include "sandbox" in the error log summary
This should make it a little more clear that this summary is coming
from the sandbox and not somewhere else.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 7d6b03f..3d43446 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -114,7 +114,7 @@ static void print_sandbox_log(char *sandbox_log)
return;
}
- sb_eerror("--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\n");
+ sb_eerror("----------------------- SANDBOX ACCESS VIOLATION SUMMARY -----------------------\n");
sb_eerror("LOG FILE: \"%s\"\n", sandbox_log);
while (1) {
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-02 4:28 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-02 4:28 UTC (permalink / raw
To: gentoo-commits
commit: 116ca8fd5af908edad85095916585576aa19ec5f
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 2 04:13:53 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Nov 2 04:13:53 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=116ca8fd
sandbox: add backwards compat interface hack
Portage runs commands through sandbox like:
$ sandbox "/usr/lib/portage/python3.9/ebuild.sh unpack"
That means we can't break the CLI without breaking portage and forcing
everyone to upgrade together. That'll be pretty disruptive for people,
so add a hack to detect this situation: if a single argument is passed
on the CLI, and it doesn't appear to be a file, then fallback to running
it through the shell. This keeps portage working while allowing the new
interface style to launch. If/when we can update portage to always use
the -c option, maybe we can drop this in the future. Or not ... it's
not exactly the worst hack for users.
Bug: https://bugs.gentoo.org/265907
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/sandbox.c b/src/sandbox.c
index 2d03dd4..ed0c7f6 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -260,6 +260,15 @@ int main(int argc, char **argv)
goto oom_error;
/* Setup bash argv */
+ if (!opt_use_bash && argc == 2) {
+ /* Backwards compatibility hack: if there's only one argument, and it
+ * appears to be a shell command (not an absolute path to a program),
+ * then fallback to running through the shell.
+ */
+ if (access(argv[1], X_OK))
+ opt_use_bash = true;
+ }
+
if (opt_use_bash || argc == 1) {
str_list_add_item_copy(argv_bash, "/bin/bash", oom_error);
str_list_add_item_copy(argv_bash, "-rcfile", oom_error);
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-02 4:28 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-02 4:28 UTC (permalink / raw
To: gentoo-commits
commit: 71c438d90052579e2245c674ad430f9b01fed5a5
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 2 03:43:30 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Nov 2 03:43:30 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=71c438d9
sandbox: delete now unused variable
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 3d43446..2d03dd4 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -267,7 +267,6 @@ int main(int argc, char **argv)
if (argc >= 2) {
int i;
size_t cmdlen;
- char *cmd = NULL;
str_list_add_item_copy(argv_bash, run_str, oom_error);
str_list_add_item_copy(argv_bash, argv[1], oom_error);
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-03 4:55 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-03 4:55 UTC (permalink / raw
To: gentoo-commits
commit: 373c81e05db464d82d9f667871d682b36804de15
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 3 04:50:10 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Nov 3 04:50:10 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=373c81e0
sandbox: fix passing of config env vars down
This code has been buggy since it was first added years ago -- it
would read the right value out of the config file, but then always
just set $SANDBOX_VERBOSE to it instead of the right env var. This
prevented the basic loading of sandbox settings from sandbox.conf.
Bug: https://bugs.gentoo.org/821403
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/environ.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/environ.c b/src/environ.c
index 542dd64..ecff0dc 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -96,7 +96,7 @@ static void setup_cfg_var(const char *env_var)
* environment if not already present. */
config = rc_get_cnf_entry(sb_conf_file(), env_var, NULL);
if (NULL != config) {
- setenv(ENV_SANDBOX_VERBOSE, config, 0);
+ setenv(env_var, config, 0);
free(config);
}
}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-05 10:25 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-05 10:25 UTC (permalink / raw
To: gentoo-commits
commit: 018f85d5c9f3e268b9dee96c022a66ff697042dc
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 5 09:32:06 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Nov 5 09:32:06 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=018f85d5
sandbox: move verbose startup info behind debug knob
These messages aren't super useful to most people, nor are needed on
every invocation, so put them behind a debug knob to reduce log spam.x
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 063974d..02f4cbe 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -234,19 +234,22 @@ int main(int argc, char **argv)
sb_err("not launching a new sandbox as one is already running in this process hierarchy");
/* determine the location of all the sandbox support files */
- dputs("Detection of the support files.");
+ if (opt_debug)
+ dputs("Detection of the support files.");
if (-1 == setup_sandbox(&sandbox_info, print_debug))
sb_err("failed to setup sandbox");
/* verify the existance of required files */
- dputs("Verification of the required files.");
+ if (opt_debug)
+ dputs("Verification of the required files.");
if (!rc_file_exists(sandbox_info.sandbox_rc))
sb_perr("could not open the sandbox rc file: %s", sandbox_info.sandbox_rc);
/* set up the required environment variables */
- dputs("Setting up the required environment variables.");
+ if (opt_debug)
+ dputs("Setting up the required environment variables.");
/* If not in portage, cd into it work directory */
if ('\0' != sandbox_info.work_dir[0])
@@ -346,9 +349,8 @@ int main(int argc, char **argv)
sigaction(SIGHUP, &act_old[0], NULL);
/* STARTING PROTECTED ENVIRONMENT */
- dputs("The protected environment has been started.");
- dputs(sandbox_footer);
- dputs("Process being started in forked instance.");
+ if (opt_debug)
+ dputs("The protected environment has been started.");
/* Start Bash */
int shell_exit = spawn_shell(argv_bash, sandbox_environ, print_debug);
@@ -359,8 +361,6 @@ int main(int argc, char **argv)
argv_bash = NULL;
sandbox_environ = NULL;
- dputs("Cleaning up sandbox process");
- dputs(sandbox_banner);
dputs("The protected environment has been shut down.");
if (rc_file_exists(sandbox_info.sandbox_log)) {
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2021-11-05 10:25 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2021-11-05 10:25 UTC (permalink / raw
To: gentoo-commits
commit: f0fd6d2e4884177af599416d1cca0423d1b7df08
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 5 09:28:55 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Nov 5 09:28:55 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f0fd6d2e
sandbox: add --debug option to control SANDBOX_DEBUG
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/environ.c | 2 +-
src/options.c | 14 +++++++++++++-
src/sandbox.h | 1 +
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/environ.c b/src/environ.c
index 1535f06..81a3e5f 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -303,7 +303,7 @@ char **setup_environ(struct sandbox_info_t *sandbox_info, bool interactive)
if (!getenv(ENV_SANDBOX_VERBOSE))
sb_setenv(&new_environ, ENV_SANDBOX_VERBOSE, "1");
if (!getenv(ENV_SANDBOX_DEBUG))
- sb_setenv(&new_environ, ENV_SANDBOX_DEBUG, "0");
+ sb_setenv(&new_environ, ENV_SANDBOX_DEBUG, opt_debug ? "1" : "0");
if (!getenv(ENV_NOCOLOR))
sb_setenv(&new_environ, ENV_NOCOLOR, "no");
if (!getenv(ENV_SANDBOX_METHOD))
diff --git a/src/options.c b/src/options.c
index 64cd750..5332318 100644
--- a/src/options.c
+++ b/src/options.c
@@ -21,6 +21,7 @@ int opt_use_ns_time = -1;
int opt_use_ns_user = -1;
int opt_use_ns_uts = -1;
bool opt_use_bash = false;
+int opt_debug = -1;
static const struct {
const char *name;
@@ -38,6 +39,7 @@ static const struct {
{ "NAMESPACE_TIME_ENABLE", &opt_use_ns_time, false, },
{ "NAMESPACE_USER_ENABLE", &opt_use_ns_user, false, },
{ "NAMESPACE_UTS_ENABLE", &opt_use_ns_uts, false, },
+ { "SANDBOX_DEBUG", &opt_debug, false, },
};
static void read_config(void)
@@ -77,7 +79,7 @@ static void show_version(void)
exit(0);
}
-#define PARSE_FLAGS "+chV"
+#define PARSE_FLAGS "+cdhV"
#define a_argument required_argument
static struct option const long_opts[] = {
{"ns-on", no_argument, &opt_use_namespaces, true},
@@ -101,6 +103,7 @@ static struct option const long_opts[] = {
{"ns-uts-on", no_argument, &opt_use_ns_uts, true},
{"ns-uts-off", no_argument, &opt_use_ns_uts, false},
{"bash", no_argument, NULL, 'c'},
+ {"debug", no_argument, NULL, 'd'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{"run-configure", no_argument, NULL, 0x800},
@@ -128,6 +131,7 @@ static const char * const opts_help[] = {
"Enable the use of UTS (hostname/uname) namespaces",
"Disable the use of UTS (hostname/uname) namespaces",
"Run command through bash shell",
+ "Enable debug output",
"Print this help and exit",
"Print version and exit",
"Run local sandbox configure in same way and exit (developer only)",
@@ -207,6 +211,12 @@ void parseargs(int argc, char *argv[])
case 'c':
opt_use_bash = true;
break;
+ case 'd':
+ if (opt_debug <= 0)
+ opt_debug = 1;
+ else
+ ++opt_debug;
+ break;
case 'V':
show_version();
case 'h':
@@ -215,6 +225,8 @@ void parseargs(int argc, char *argv[])
run_configure(argc, argv);
case '?':
show_usage(1);
+ default:
+ sb_ebort("ISE: unhandled CLI option %c\n", i);
}
}
diff --git a/src/sandbox.h b/src/sandbox.h
index 0c0430f..28961f5 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -53,5 +53,6 @@ extern int opt_use_ns_time;
extern int opt_use_ns_user;
extern int opt_use_ns_uts;
extern bool opt_use_bash;
+extern int opt_debug;
#endif
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2023-08-05 23:38 Mike Gilbert
0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2023-08-05 23:38 UTC (permalink / raw
To: gentoo-commits
commit: 7f230519475c2aaea91df75b0165d8b6c03b9fa9
Author: gto2023 <gto7052 <AT> mailbox <DOT> org>
AuthorDate: Thu Jul 13 11:59:24 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Aug 5 20:07:55 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=7f230519
sandbox: do not compare array to NULL
Fixes a compiler warning:
```
src/environ.c:211:19: warning: the comparison will always evaluate as ‘true’ for the address of ‘work_dir’ will never be NULL [-Waddress]
```
Bug: https://bugs.gentoo.org/906234
Signed-off-by: gto2023 <gto7052 <AT> mailbox.org>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
src/environ.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/environ.c b/src/environ.c
index 81a3e5f..df8595b 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -208,7 +208,7 @@ static int setup_cfg_vars(struct sandbox_info_t *sandbox_info)
if (-1 == setup_access_var(ENV_SANDBOX_WRITE))
return -1;
if ((NULL == getenv(ENV_SANDBOX_WRITE)) &&
- (NULL != sandbox_info->work_dir))
+ strlen(sandbox_info->work_dir))
setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1);
if (-1 == setup_access_var(ENV_SANDBOX_PREDICT))
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2023-08-05 23:38 Mike Gilbert
0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2023-08-05 23:38 UTC (permalink / raw
To: gentoo-commits
commit: 5d13985d6ec4ceeced9b9b45f00bc19c69efbb8f
Author: gto2023 <gto7052 <AT> mailbox <DOT> org>
AuthorDate: Thu Jul 13 11:55:09 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Aug 5 18:04:53 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=5d13985d
sandbox: prevent possible use of uninitialized members of sandbox_info struct
Signed-off-by: gto2023 <gto7052 <AT> mailbox.org>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
src/sandbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 802850c..e4e05c8 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -211,7 +211,7 @@ int main(int argc, char **argv)
{
int sandbox_log_presence = 0;
- struct sandbox_info_t sandbox_info;
+ struct sandbox_info_t sandbox_info = {};
char **sandbox_environ;
char **argv_bash = NULL;
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] proj/sandbox:master commit in: src/
@ 2023-08-08 15:30 Mike Gilbert
0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2023-08-08 15:30 UTC (permalink / raw
To: gentoo-commits
commit: 4d85608b67803f8f861910590830fcb8c2220b06
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 6 00:20:14 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Aug 8 15:29:39 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4d85608b
src: fix -Wold-style-declaration
Signed-off-by: Sam James <sam <AT> gentoo.org>
Closes: https://github.com/gentoo/sandbox/pull/23
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
src/sandbox.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index e4e05c8..071cad0 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -25,8 +25,8 @@ int (*sbio_faccessat)(int, const char *, int, int) = faccessat;
int (*sbio_open)(const char *, int, mode_t) = (void *)open;
FILE *(*sbio_popen)(const char *, const char *) = popen;
-volatile static int stop_called = 0;
-volatile static pid_t child_pid = 0;
+static volatile int stop_called = 0;
+static volatile pid_t child_pid = 0;
static const char sandbox_banner[] = "============================= Gentoo path sandbox ==============================";
static const char sandbox_footer[] = "--------------------------------------------------------------------------------";
^ permalink raw reply related [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-08-08 15:30 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-05 23:38 [gentoo-commits] proj/sandbox:master commit in: src/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2023-08-08 15:30 Mike Gilbert
2023-08-05 23:38 Mike Gilbert
2021-11-05 10:25 Mike Frysinger
2021-11-05 10:25 Mike Frysinger
2021-11-03 4:55 Mike Frysinger
2021-11-02 4:28 Mike Frysinger
2021-11-02 4:28 Mike Frysinger
2021-11-01 18:31 Mike Frysinger
2021-10-29 5:37 Mike Frysinger
2021-10-28 9:56 Mike Frysinger
2016-03-29 12:24 Mike Frysinger
2015-09-11 7:53 Mike Frysinger
2015-09-11 7:53 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox