[minijail] stop parsing at first non-opt arg
BUG=chromium-os:35122
TEST=security_Minijail0,adhoc
Running minijail with different stop arguments should work:
$ /sbin/minijail0 /bin/ls -u INVALID_USER
/bin/ls: cannot access INVALID_USER: No such file or directory
$ /sbin/minijail0 -u bin /bin/ls -g INVALID_GROUP
/bin/ls: cannot access INVALID_GROUP: No such file or directory
$ /sbin/minijail0 -u bin -g bin /bin/echo -x
-x
Change-Id: I2d7ced270ddecd7a5ee3b99c5416e3982f5dc112
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41767
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/minijail0.c b/minijail0.c
index 9ab5195..9b3446c 100644
--- a/minijail0.c
+++ b/minijail0.c
@@ -111,11 +111,11 @@
printf("\nSee minijail0(5) for example policies.\n");
}
-int main(int argc, char *argv[])
+static int parse_args(struct minijail *j, int argc, char *argv[])
{
- struct minijail *j = minijail_new();
-
int opt;
+ if (argc > 1 && argv[1][0] != '-')
+ return 1;
while ((opt = getopt(argc, argv, "u:g:sS:c:C:b:vrGhHnpL")) != -1) {
switch (opt) {
case 'u':
@@ -165,16 +165,23 @@
usage(argv[0]);
exit(1);
}
+ if (optind < argc && argv[optind][0] != '-')
+ return optind;
}
if (argc == optind) {
usage(argv[0]);
exit(1);
}
+ return optind;
+}
- argc -= optind;
- argv += optind;
-
+int main(int argc, char *argv[])
+{
+ struct minijail *j = minijail_new();
+ int consumed = parse_args(j, argc, argv);
+ argc -= consumed;
+ argv += consumed;
minijail_run(j, argv[0], argv);
return minijail_wait(j);
}