Elly Jones | e58176c | 2012-01-23 11:46:17 -0500 | [diff] [blame] | 1 | /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 2 | * Use of this source code is governed by a BSD-style license that can be |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 3 | * found in the LICENSE file. |
| 4 | */ |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 5 | |
Jorge Lucangeli Obes | 4b2d5ee | 2014-01-09 15:47:47 -0800 | [diff] [blame] | 6 | #include <dlfcn.h> |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 7 | #include <getopt.h> |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 8 | #include <stdio.h> |
| 9 | #include <stdlib.h> |
| 10 | #include <string.h> |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 11 | #include <sys/capability.h> |
| 12 | #include <sys/types.h> |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 13 | #include <unistd.h> |
| 14 | |
| 15 | #include "libminijail.h" |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 16 | #include "libsyscalls.h" |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 17 | |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 18 | #include "elfparse.h" |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 19 | #include "system.h" |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 20 | #include "util.h" |
| 21 | |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 22 | #define IDMAP_LEN 32U |
| 23 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 24 | static void set_user(struct minijail *j, const char *arg, uid_t *out_uid, |
| 25 | gid_t *out_gid) |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 26 | { |
| 27 | char *end = NULL; |
| 28 | int uid = strtod(arg, &end); |
| 29 | if (!*end && *arg) { |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 30 | *out_uid = uid; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 31 | minijail_change_uid(j, uid); |
| 32 | return; |
| 33 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 34 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 35 | if (lookup_user(arg, out_uid, out_gid)) { |
| 36 | fprintf(stderr, "Bad user: '%s'\n", arg); |
| 37 | exit(1); |
| 38 | } |
| 39 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 40 | if (minijail_change_user(j, arg)) { |
| 41 | fprintf(stderr, "Bad user: '%s'\n", arg); |
| 42 | exit(1); |
| 43 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 44 | } |
| 45 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 46 | static void set_group(struct minijail *j, const char *arg, gid_t *out_gid) |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 47 | { |
| 48 | char *end = NULL; |
| 49 | int gid = strtod(arg, &end); |
| 50 | if (!*end && *arg) { |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 51 | *out_gid = gid; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 52 | minijail_change_gid(j, gid); |
| 53 | return; |
| 54 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 55 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 56 | if (lookup_group(arg, out_gid)) { |
| 57 | fprintf(stderr, "Bad group: '%s'\n", arg); |
| 58 | exit(1); |
| 59 | } |
| 60 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 61 | if (minijail_change_group(j, arg)) { |
| 62 | fprintf(stderr, "Bad group: '%s'\n", arg); |
| 63 | exit(1); |
| 64 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 65 | } |
| 66 | |
Luis Hector Chavez | ec0a2c1 | 2017-06-29 20:29:57 -0700 | [diff] [blame] | 67 | static void skip_securebits(struct minijail *j, const char *arg) |
| 68 | { |
| 69 | uint64_t securebits_skip_mask; |
| 70 | char *end = NULL; |
| 71 | securebits_skip_mask = strtoull(arg, &end, 16); |
| 72 | if (*end) { |
| 73 | fprintf(stderr, "Invalid securebit mask: '%s'\n", arg); |
| 74 | exit(1); |
| 75 | } |
| 76 | minijail_skip_setting_securebits(j, securebits_skip_mask); |
| 77 | } |
| 78 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 79 | static void use_caps(struct minijail *j, const char *arg) |
| 80 | { |
| 81 | uint64_t caps; |
| 82 | char *end = NULL; |
| 83 | caps = strtoull(arg, &end, 16); |
| 84 | if (*end) { |
| 85 | fprintf(stderr, "Invalid cap set: '%s'\n", arg); |
| 86 | exit(1); |
| 87 | } |
| 88 | minijail_use_caps(j, caps); |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 89 | } |
| 90 | |
Jorge Lucangeli Obes | c8b21e1 | 2014-06-13 14:26:16 -0700 | [diff] [blame] | 91 | static void add_binding(struct minijail *j, char *arg) |
| 92 | { |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 93 | char *src = strtok(arg, ","); |
Elly Jones | 5ba42b5 | 2011-12-07 13:31:43 -0500 | [diff] [blame] | 94 | char *dest = strtok(NULL, ","); |
| 95 | char *flags = strtok(NULL, ","); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 96 | if (!src || !dest) { |
| 97 | fprintf(stderr, "Bad binding: %s %s\n", src, dest); |
| 98 | exit(1); |
| 99 | } |
| 100 | if (minijail_bind(j, src, dest, flags ? atoi(flags) : 0)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 101 | fprintf(stderr, "minijail_bind failed.\n"); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 102 | exit(1); |
| 103 | } |
| 104 | } |
| 105 | |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 106 | static void add_rlimit(struct minijail *j, char *arg) |
| 107 | { |
| 108 | char *type = strtok(arg, ","); |
| 109 | char *cur = strtok(NULL, ","); |
| 110 | char *max = strtok(NULL, ","); |
| 111 | if (!type || !cur || !max) { |
| 112 | fprintf(stderr, "Bad rlimit '%s'.\n", arg); |
| 113 | exit(1); |
| 114 | } |
| 115 | if (minijail_rlimit(j, atoi(type), atoi(cur), atoi(max))) { |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 116 | fprintf(stderr, "minijail_rlimit '%s,%s,%s' failed.\n", type, |
| 117 | cur, max); |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 118 | exit(1); |
| 119 | } |
| 120 | } |
| 121 | |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 122 | static void add_mount(struct minijail *j, char *arg) |
| 123 | { |
| 124 | char *src = strtok(arg, ","); |
| 125 | char *dest = strtok(NULL, ","); |
| 126 | char *type = strtok(NULL, ","); |
| 127 | char *flags = strtok(NULL, ","); |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 128 | char *data = strtok(NULL, ","); |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 129 | if (!src || !dest || !type) { |
| 130 | fprintf(stderr, "Bad mount: %s %s %s\n", src, dest, type); |
| 131 | exit(1); |
| 132 | } |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 133 | if (minijail_mount_with_data(j, src, dest, type, |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 134 | flags ? strtoul(flags, NULL, 16) : 0, |
| 135 | data)) { |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 136 | fprintf(stderr, "minijail_mount failed.\n"); |
| 137 | exit(1); |
| 138 | } |
| 139 | } |
| 140 | |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 141 | static char *build_idmap(id_t id, id_t lowerid) |
| 142 | { |
| 143 | int ret; |
| 144 | char *idmap = malloc(IDMAP_LEN); |
| 145 | ret = snprintf(idmap, IDMAP_LEN, "%d %d 1", id, lowerid); |
| 146 | if (ret < 0 || (size_t)ret >= IDMAP_LEN) { |
| 147 | free(idmap); |
| 148 | fprintf(stderr, "Could not build id map.\n"); |
| 149 | exit(1); |
| 150 | } |
| 151 | return idmap; |
| 152 | } |
| 153 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 154 | static int has_cap_setgid() |
| 155 | { |
| 156 | cap_t caps; |
| 157 | cap_flag_value_t cap_value; |
| 158 | |
| 159 | if (!CAP_IS_SUPPORTED(CAP_SETGID)) |
| 160 | return 0; |
| 161 | |
| 162 | caps = cap_get_proc(); |
| 163 | if (!caps) { |
| 164 | fprintf(stderr, "Could not get process' capabilities: %m\n"); |
| 165 | exit(1); |
| 166 | } |
| 167 | |
| 168 | if (cap_get_flag(caps, CAP_SETGID, CAP_EFFECTIVE, &cap_value)) { |
| 169 | fprintf(stderr, "Could not get the value of CAP_SETGID: %m\n"); |
| 170 | exit(1); |
| 171 | } |
| 172 | |
| 173 | if (cap_free(caps)) { |
| 174 | fprintf(stderr, "Could not free capabilities: %m\n"); |
| 175 | exit(1); |
| 176 | } |
| 177 | |
| 178 | return cap_value == CAP_SET; |
| 179 | } |
| 180 | |
| 181 | static void set_ugid_mapping(struct minijail *j, int set_uidmap, uid_t uid, |
| 182 | char *uidmap, int set_gidmap, gid_t gid, |
| 183 | char *gidmap) |
| 184 | { |
| 185 | if (set_uidmap) { |
| 186 | minijail_namespace_user(j); |
| 187 | minijail_namespace_pids(j); |
| 188 | |
| 189 | if (!uidmap) { |
| 190 | /* |
| 191 | * If no map is passed, map the current uid to the |
| 192 | * chosen uid in the target namespace (or root, if none |
| 193 | * was chosen). |
| 194 | */ |
| 195 | uidmap = build_idmap(uid, getuid()); |
| 196 | } |
| 197 | if (0 != minijail_uidmap(j, uidmap)) { |
| 198 | fprintf(stderr, "Could not set uid map.\n"); |
| 199 | exit(1); |
| 200 | } |
| 201 | free(uidmap); |
| 202 | } |
| 203 | if (set_gidmap) { |
| 204 | minijail_namespace_user(j); |
| 205 | minijail_namespace_pids(j); |
| 206 | |
| 207 | if (!gidmap) { |
| 208 | /* |
| 209 | * If no map is passed, map the current gid to the |
| 210 | * chosen gid in the target namespace. |
| 211 | */ |
| 212 | gidmap = build_idmap(gid, getgid()); |
| 213 | } |
| 214 | if (!has_cap_setgid()) { |
| 215 | /* |
| 216 | * This means that we are not running as root, |
| 217 | * so we also have to disable setgroups(2) to |
| 218 | * be able to set the gid map. |
| 219 | * See |
| 220 | * http://man7.org/linux/man-pages/man7/user_namespaces.7.html |
| 221 | */ |
| 222 | minijail_namespace_user_disable_setgroups(j); |
| 223 | } |
| 224 | if (0 != minijail_gidmap(j, gidmap)) { |
| 225 | fprintf(stderr, "Could not set gid map.\n"); |
| 226 | exit(1); |
| 227 | } |
| 228 | free(gidmap); |
| 229 | } |
| 230 | } |
| 231 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 232 | static void usage(const char *progn) |
| 233 | { |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 234 | size_t i; |
Luis Hector Chavez | fb449ab | 2016-10-14 09:49:22 -0700 | [diff] [blame] | 235 | /* clang-format off */ |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 236 | printf("Usage: %s [-GhHiIKlLnNprRstUvyYz]\n" |
Jorge Lucangeli Obes | a32e839 | 2016-09-01 16:52:40 -0400 | [diff] [blame] | 237 | " [-a <table>]\n" |
| 238 | " [-b <src>,<dest>[,<writeable>]] [-k <src>,<dest>,<type>[,<flags>][,<data>]]\n" |
| 239 | " [-c <caps>] [-C <dir>] [-P <dir>] [-e[file]] [-f <file>] [-g <group>]\n" |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 240 | " [-m[<uid> <loweruid> <count>]*] [-M[<gid> <lowergid> <count>]*]\n" |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 241 | " [-R <type,cur,max>] [-S <file>] [-t[size]] [-T <type>] [-u <user>] [-V <file>]\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 242 | " <program> [args...]\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 243 | " -a <table>: Use alternate syscall table <table>.\n" |
Mike Frysinger | eaab420 | 2017-08-14 14:57:21 -0400 | [diff] [blame] | 244 | " -b <...>: Bind <src> to <dest> in chroot.\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 245 | " Multiple instances allowed.\n" |
Mike Frysinger | eaab420 | 2017-08-14 14:57:21 -0400 | [diff] [blame] | 246 | " -B <mask>: Skip setting securebits in <mask> when restricting capabilities (-c).\n" |
Luis Hector Chavez | ec0a2c1 | 2017-06-29 20:29:57 -0700 | [diff] [blame] | 247 | " By default, SECURE_NOROOT, SECURE_NO_SETUID_FIXUP, and \n" |
| 248 | " SECURE_KEEP_CAPS (together with their respective locks) are set.\n" |
Mike Frysinger | eaab420 | 2017-08-14 14:57:21 -0400 | [diff] [blame] | 249 | " -k <...>: Mount <src> at <dest> in chroot.\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 250 | " <flags> and <data> can be specified as in mount(2).\n" |
| 251 | " Multiple instances allowed.\n" |
| 252 | " -c <caps>: Restrict caps to <caps>.\n" |
| 253 | " -C <dir>: chroot(2) to <dir>.\n" |
| 254 | " Not compatible with -P.\n" |
| 255 | " -P <dir>: pivot_root(2) to <dir> (implies -v).\n" |
| 256 | " Not compatible with -C.\n" |
| 257 | " -e[file]: Enter new network namespace, or existing one if |file| is provided.\n" |
| 258 | " -f <file>: Write the pid of the jailed process to <file>.\n" |
| 259 | " -g <group>: Change gid to <group>.\n" |
| 260 | " -G: Inherit supplementary groups from uid.\n" |
| 261 | " Not compatible with -y.\n" |
| 262 | " -y: Keep uid's supplementary groups.\n" |
| 263 | " Not compatible with -G.\n" |
| 264 | " -h: Help (this message).\n" |
| 265 | " -H: Seccomp filter help message.\n" |
| 266 | " -i: Exit immediately after fork (do not act as init).\n" |
| 267 | " -I: Run <program> as init (pid 1) inside a new pid namespace (implies -p).\n" |
| 268 | " -K: Don't mark all existing mounts as MS_PRIVATE.\n" |
| 269 | " -l: Enter new IPC namespace.\n" |
| 270 | " -L: Report blocked syscalls to syslog when using seccomp filter.\n" |
| 271 | " Forces the following syscalls to be allowed:\n" |
Kees Cook | 03b2af2 | 2014-12-18 17:11:13 -0800 | [diff] [blame] | 272 | " ", progn); |
Luis Hector Chavez | fb449ab | 2016-10-14 09:49:22 -0700 | [diff] [blame] | 273 | /* clang-format on */ |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 274 | for (i = 0; i < log_syscalls_len; i++) |
| 275 | printf("%s ", log_syscalls[i]); |
| 276 | |
Luis Hector Chavez | fb449ab | 2016-10-14 09:49:22 -0700 | [diff] [blame] | 277 | /* clang-format off */ |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 278 | printf("\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 279 | " -m[map]: Set the uid map of a user namespace (implies -pU).\n" |
| 280 | " Same arguments as newuidmap(1), multiple mappings should be separated by ',' (comma).\n" |
| 281 | " With no mapping, map the current uid to root inside the user namespace.\n" |
| 282 | " Not compatible with -b without the 'writable' option.\n" |
| 283 | " -M[map]: Set the gid map of a user namespace (implies -pU).\n" |
| 284 | " Same arguments as newgidmap(1), multiple mappings should be separated by ',' (comma).\n" |
| 285 | " With no mapping, map the current gid to root inside the user namespace.\n" |
| 286 | " Not compatible with -b without the 'writable' option.\n" |
| 287 | " -n: Set no_new_privs.\n" |
| 288 | " -N: Enter a new cgroup namespace.\n" |
| 289 | " -p: Enter new pid namespace (implies -vr).\n" |
| 290 | " -r: Remount /proc read-only (implies -v).\n" |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 291 | " -R: Set rlimits, can be specified multiple times.\n" |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 292 | " -s: Use seccomp mode 1 (not the same as -S).\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 293 | " -S <file>: Set seccomp filter using <file>.\n" |
| 294 | " E.g., '-S /usr/share/filters/<prog>.$(uname -m)'.\n" |
| 295 | " Requires -n when not running as root.\n" |
| 296 | " -t[size]: Mount tmpfs at /tmp (implies -v).\n" |
| 297 | " Optional argument specifies size (default \"64M\").\n" |
Graziano Misuraca | 58602a8 | 2017-08-28 17:33:15 -0700 | [diff] [blame] | 298 | " -T <type>: Assume <program> is a <type> ELF binary; <type> can be 'static' or 'dynamic'.\n" |
| 299 | " This will avoid accessing <program> binary before execve(2).\n" |
| 300 | " Type 'static' will avoid preload hooking.\n" |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 301 | " -u <user>: Change uid to <user>.\n" |
| 302 | " -U: Enter new user namespace (implies -p).\n" |
| 303 | " -v: Enter new mount namespace.\n" |
| 304 | " -V <file>: Enter specified mount namespace.\n" |
| 305 | " -w: Create and join a new anonymous session keyring.\n" |
| 306 | " -Y: Synchronize seccomp filters across thread group.\n" |
| 307 | " -z: Don't forward signals to jailed process.\n" |
| 308 | " --ambient: Raise ambient capabilities. Requires -c.\n" |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 309 | " --uts[=name]: Enter a new UTS namespace (and set hostname).\n" |
| 310 | " --logging=<s>:Use <s> as the logging system.\n" |
| 311 | " <s> must be 'syslog' (default) or 'stderr'.\n"); |
Luis Hector Chavez | fb449ab | 2016-10-14 09:49:22 -0700 | [diff] [blame] | 312 | /* clang-format on */ |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 313 | } |
| 314 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 315 | static void seccomp_filter_usage(const char *progn) |
| 316 | { |
| 317 | const struct syscall_entry *entry = syscall_table; |
| 318 | printf("Usage: %s -S <policy.file> <program> [args...]\n\n" |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 319 | "System call names supported:\n", |
| 320 | progn); |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 321 | for (; entry->name && entry->nr >= 0; ++entry) |
| 322 | printf(" %s [%d]\n", entry->name, entry->nr); |
| 323 | printf("\nSee minijail0(5) for example policies.\n"); |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 324 | } |
| 325 | |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 326 | static int parse_args(struct minijail *j, int argc, char *argv[], |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 327 | int *exit_immediately, ElfType *elftype) |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 328 | { |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 329 | int opt; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 330 | int use_seccomp_filter = 0; |
Jorge Lucangeli Obes | dba6209 | 2017-05-18 17:10:23 -0400 | [diff] [blame] | 331 | int forward = 1; |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 332 | int binding = 0; |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 333 | int chroot = 0, pivot_root = 0; |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 334 | int mount_ns = 0, skip_remount = 0; |
Lutz Justen | 13807cb | 2017-01-03 17:11:55 +0100 | [diff] [blame] | 335 | int inherit_suppl_gids = 0, keep_suppl_gids = 0; |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 336 | int caps = 0, ambient_caps = 0; |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 337 | int seccomp = -1; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 338 | const size_t path_max = 4096; |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 339 | uid_t uid = 0; |
| 340 | gid_t gid = 0; |
| 341 | char *uidmap = NULL, *gidmap = NULL; |
| 342 | int set_uidmap = 0, set_gidmap = 0; |
Martin Pelikán | ab9eb44 | 2017-01-25 11:53:58 +1100 | [diff] [blame] | 343 | size_t size; |
Luis Hector Chavez | 95582e7 | 2017-09-05 09:13:25 -0700 | [diff] [blame] | 344 | const char *filter_path = NULL; |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 345 | int log_to_stderr = 0; |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 346 | |
| 347 | const char *optstring = |
Luis Hector Chavez | ec0a2c1 | 2017-06-29 20:29:57 -0700 | [diff] [blame] | 348 | "+u:g:sS:c:C:P:b:B:V:f:m::M::k:a:e::R:T:vrGhHinNplLt::IUKwyYz"; |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 349 | int longoption_index = 0; |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 350 | /* clang-format off */ |
| 351 | const struct option long_options[] = { |
| 352 | {"ambient", no_argument, 0, 128}, |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 353 | {"uts", optional_argument, 0, 129}, |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 354 | {"logging", required_argument, 0, 130}, |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 355 | {0, 0, 0, 0}, |
| 356 | }; |
| 357 | /* clang-format on */ |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 358 | |
| 359 | while ((opt = getopt_long(argc, argv, optstring, long_options, |
| 360 | &longoption_index)) != -1) { |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 361 | switch (opt) { |
| 362 | case 'u': |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 363 | set_user(j, optarg, &uid, &gid); |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 364 | break; |
| 365 | case 'g': |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 366 | set_group(j, optarg, &gid); |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 367 | break; |
Jorge Lucangeli Obes | c2c9bcc | 2012-05-01 09:30:24 -0700 | [diff] [blame] | 368 | case 'n': |
| 369 | minijail_no_new_privs(j); |
Jorge Lucangeli Obes | 0341d6c | 2012-07-16 15:27:31 -0700 | [diff] [blame] | 370 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 371 | case 's': |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 372 | if (seccomp != -1 && seccomp != 1) { |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 373 | fprintf(stderr, |
| 374 | "Do not use -s & -S together.\n"); |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 375 | exit(1); |
| 376 | } |
| 377 | seccomp = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 378 | minijail_use_seccomp(j); |
| 379 | break; |
| 380 | case 'S': |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 381 | if (seccomp != -1 && seccomp != 2) { |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 382 | fprintf(stderr, |
| 383 | "Do not use -s & -S together.\n"); |
Mike Frysinger | e61fd66 | 2017-06-20 14:07:41 -0400 | [diff] [blame] | 384 | exit(1); |
| 385 | } |
| 386 | seccomp = 2; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 387 | minijail_use_seccomp_filter(j); |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 388 | if (strlen(optarg) >= path_max) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 389 | fprintf(stderr, "Filter path is too long.\n"); |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 390 | exit(1); |
| 391 | } |
| 392 | filter_path = strndup(optarg, path_max); |
| 393 | if (!filter_path) { |
| 394 | fprintf(stderr, |
| 395 | "Could not strndup(3) filter path.\n"); |
| 396 | exit(1); |
| 397 | } |
| 398 | use_seccomp_filter = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 399 | break; |
Dylan Reid | f794247 | 2015-11-18 17:55:26 -0800 | [diff] [blame] | 400 | case 'l': |
| 401 | minijail_namespace_ipc(j); |
| 402 | break; |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 403 | case 'L': |
| 404 | minijail_log_seccomp_filter_failures(j); |
| 405 | break; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 406 | case 'b': |
| 407 | add_binding(j, optarg); |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 408 | binding = 1; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 409 | break; |
Luis Hector Chavez | ec0a2c1 | 2017-06-29 20:29:57 -0700 | [diff] [blame] | 410 | case 'B': |
| 411 | skip_securebits(j, optarg); |
| 412 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 413 | case 'c': |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 414 | caps = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 415 | use_caps(j, optarg); |
| 416 | break; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 417 | case 'C': |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 418 | if (pivot_root) { |
| 419 | fprintf(stderr, "Could not set chroot because " |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 420 | "'-P' was specified.\n"); |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 421 | exit(1); |
| 422 | } |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 423 | if (0 != minijail_enter_chroot(j, optarg)) { |
| 424 | fprintf(stderr, "Could not set chroot.\n"); |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 425 | exit(1); |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 426 | } |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 427 | chroot = 1; |
| 428 | break; |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 429 | case 'k': |
| 430 | add_mount(j, optarg); |
| 431 | break; |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 432 | case 'K': |
| 433 | minijail_skip_remount_private(j); |
| 434 | skip_remount = 1; |
| 435 | break; |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 436 | case 'P': |
| 437 | if (chroot) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 438 | fprintf(stderr, |
| 439 | "Could not set pivot_root because " |
| 440 | "'-C' was specified.\n"); |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 441 | exit(1); |
| 442 | } |
| 443 | if (0 != minijail_enter_pivot_root(j, optarg)) { |
| 444 | fprintf(stderr, "Could not set pivot_root.\n"); |
| 445 | exit(1); |
| 446 | } |
| 447 | minijail_namespace_vfs(j); |
| 448 | pivot_root = 1; |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 449 | break; |
Yu-Hsi Chiang | 3cc05ea | 2015-08-11 11:23:17 +0800 | [diff] [blame] | 450 | case 'f': |
| 451 | if (0 != minijail_write_pid_file(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 452 | fprintf(stderr, |
| 453 | "Could not prepare pid file path.\n"); |
Yu-Hsi Chiang | 3cc05ea | 2015-08-11 11:23:17 +0800 | [diff] [blame] | 454 | exit(1); |
| 455 | } |
| 456 | break; |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 457 | case 't': |
Mike Frysinger | ec7def2 | 2017-01-13 18:44:45 -0500 | [diff] [blame] | 458 | minijail_namespace_vfs(j); |
Martin Pelikán | ab9eb44 | 2017-01-25 11:53:58 +1100 | [diff] [blame] | 459 | size = 64 * 1024 * 1024; |
| 460 | if (optarg != NULL && 0 != parse_size(&size, optarg)) { |
| 461 | fprintf(stderr, "Invalid /tmp tmpfs size.\n"); |
| 462 | exit(1); |
| 463 | } |
| 464 | minijail_mount_tmp_size(j, size); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 465 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 466 | case 'v': |
| 467 | minijail_namespace_vfs(j); |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 468 | mount_ns = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 469 | break; |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 470 | case 'V': |
| 471 | minijail_namespace_enter_vfs(j, optarg); |
| 472 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 473 | case 'r': |
Dylan Reid | 791f577 | 2015-09-14 20:02:42 -0700 | [diff] [blame] | 474 | minijail_remount_proc_readonly(j); |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 475 | break; |
| 476 | case 'G': |
Lutz Justen | 13807cb | 2017-01-03 17:11:55 +0100 | [diff] [blame] | 477 | if (keep_suppl_gids) { |
| 478 | fprintf(stderr, |
| 479 | "-y and -G are not compatible.\n"); |
| 480 | exit(1); |
| 481 | } |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 482 | minijail_inherit_usergroups(j); |
Lutz Justen | 13807cb | 2017-01-03 17:11:55 +0100 | [diff] [blame] | 483 | inherit_suppl_gids = 1; |
| 484 | break; |
| 485 | case 'y': |
| 486 | if (inherit_suppl_gids) { |
| 487 | fprintf(stderr, |
| 488 | "-y and -G are not compatible.\n"); |
| 489 | exit(1); |
| 490 | } |
| 491 | minijail_keep_supplementary_gids(j); |
| 492 | keep_suppl_gids = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 493 | break; |
Dylan Reid | 4cbc2a5 | 2016-06-17 19:06:07 -0700 | [diff] [blame] | 494 | case 'N': |
| 495 | minijail_namespace_cgroups(j); |
| 496 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 497 | case 'p': |
| 498 | minijail_namespace_pids(j); |
| 499 | break; |
Elly Fong-Jones | 6c08630 | 2013-03-20 17:15:28 -0400 | [diff] [blame] | 500 | case 'e': |
Dylan Reid | 1102f5a | 2015-09-15 11:52:20 -0700 | [diff] [blame] | 501 | if (optarg) |
| 502 | minijail_namespace_enter_net(j, optarg); |
| 503 | else |
| 504 | minijail_namespace_net(j); |
Elly Fong-Jones | 6c08630 | 2013-03-20 17:15:28 -0400 | [diff] [blame] | 505 | break; |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 506 | case 'i': |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 507 | *exit_immediately = 1; |
| 508 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 509 | case 'H': |
| 510 | seccomp_filter_usage(argv[0]); |
| 511 | exit(1); |
Yu-Hsi Chiang | 3e954ec | 2015-07-28 16:48:14 +0800 | [diff] [blame] | 512 | case 'I': |
| 513 | minijail_namespace_pids(j); |
| 514 | minijail_run_as_init(j); |
| 515 | break; |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 516 | case 'U': |
| 517 | minijail_namespace_user(j); |
| 518 | minijail_namespace_pids(j); |
| 519 | break; |
| 520 | case 'm': |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 521 | set_uidmap = 1; |
| 522 | if (uidmap) { |
| 523 | free(uidmap); |
| 524 | uidmap = NULL; |
Jorge Lucangeli Obes | ab6fa6f | 2016-08-04 15:42:48 -0400 | [diff] [blame] | 525 | } |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 526 | if (optarg) |
| 527 | uidmap = strdup(optarg); |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 528 | break; |
| 529 | case 'M': |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 530 | set_gidmap = 1; |
| 531 | if (gidmap) { |
| 532 | free(gidmap); |
| 533 | gidmap = NULL; |
Jorge Lucangeli Obes | 200299c | 2016-09-23 15:21:57 -0400 | [diff] [blame] | 534 | } |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 535 | if (optarg) |
| 536 | gidmap = strdup(optarg); |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 537 | break; |
Andrew Bresticker | eac2894 | 2015-11-11 16:04:46 -0800 | [diff] [blame] | 538 | case 'a': |
| 539 | if (0 != minijail_use_alt_syscall(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 540 | fprintf(stderr, |
| 541 | "Could not set alt-syscall table.\n"); |
Andrew Bresticker | eac2894 | 2015-11-11 16:04:46 -0800 | [diff] [blame] | 542 | exit(1); |
| 543 | } |
| 544 | break; |
Dylan Reid | 0f72ef4 | 2017-06-06 15:42:49 -0700 | [diff] [blame] | 545 | case 'R': |
| 546 | add_rlimit(j, optarg); |
| 547 | break; |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 548 | case 'T': |
| 549 | if (!strcmp(optarg, "static")) |
| 550 | *elftype = ELFSTATIC; |
| 551 | else if (!strcmp(optarg, "dynamic")) |
| 552 | *elftype = ELFDYNAMIC; |
| 553 | else { |
Jorge Lucangeli Obes | 768d42b | 2016-02-17 10:28:25 -0800 | [diff] [blame] | 554 | fprintf(stderr, "ELF type must be 'static' or " |
| 555 | "'dynamic'.\n"); |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 556 | exit(1); |
| 557 | } |
| 558 | break; |
Chirantan Ekbote | 866bb3a | 2017-02-07 12:26:42 -0800 | [diff] [blame] | 559 | case 'w': |
| 560 | minijail_new_session_keyring(j); |
| 561 | break; |
Jorge Lucangeli Obes | 1365061 | 2016-09-02 11:27:29 -0400 | [diff] [blame] | 562 | case 'Y': |
| 563 | minijail_set_seccomp_filter_tsync(j); |
| 564 | break; |
Jorge Lucangeli Obes | dba6209 | 2017-05-18 17:10:23 -0400 | [diff] [blame] | 565 | case 'z': |
| 566 | forward = 0; |
| 567 | break; |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 568 | /* Long options. */ |
| 569 | case 128: /* Ambient caps. */ |
| 570 | ambient_caps = 1; |
| 571 | minijail_set_ambient_caps(j); |
| 572 | break; |
Mike Frysinger | b9a7b16 | 2017-05-30 15:25:49 -0400 | [diff] [blame] | 573 | case 129: /* UTS/hostname namespace. */ |
| 574 | minijail_namespace_uts(j); |
| 575 | if (optarg) |
| 576 | minijail_namespace_set_hostname(j, optarg); |
| 577 | break; |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 578 | case 130: /* Logging. */ |
| 579 | if (!strcmp(optarg, "syslog")) |
| 580 | log_to_stderr = 0; |
| 581 | else if (!strcmp(optarg, "stderr")) { |
| 582 | log_to_stderr = 1; |
| 583 | } else { |
| 584 | fprintf(stderr, "--logger must be 'syslog' or " |
| 585 | "'stderr'.\n"); |
| 586 | exit(1); |
| 587 | } |
| 588 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 589 | default: |
| 590 | usage(argv[0]); |
| 591 | exit(1); |
| 592 | } |
| 593 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 594 | |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 595 | if (log_to_stderr) { |
| 596 | init_logging(LOG_TO_FD, STDERR_FILENO, LOG_INFO); |
| 597 | /* |
| 598 | * When logging to stderr, ensure the FD survives the jailing. |
| 599 | */ |
| 600 | if (0 != |
| 601 | minijail_preserve_fd(j, STDERR_FILENO, STDERR_FILENO)) { |
| 602 | fprintf(stderr, "Could not preserve stderr.\n"); |
| 603 | exit(1); |
| 604 | } |
| 605 | } |
| 606 | |
Luis Hector Chavez | 7132355 | 2017-09-05 09:17:22 -0700 | [diff] [blame] | 607 | /* Set up uid/gid mapping. */ |
| 608 | if (set_uidmap || set_gidmap) { |
| 609 | set_ugid_mapping(j, set_uidmap, uid, uidmap, set_gidmap, gid, |
| 610 | gidmap); |
| 611 | } |
| 612 | |
Jorge Lucangeli Obes | a6eb21a | 2017-04-20 10:44:00 -0400 | [diff] [blame] | 613 | /* Can only set ambient caps when using regular caps. */ |
| 614 | if (ambient_caps && !caps) { |
| 615 | fprintf(stderr, "Can't set ambient capabilities (--ambient) " |
| 616 | "without actually using capabilities (-c).\n"); |
| 617 | exit(1); |
| 618 | } |
| 619 | |
Jorge Lucangeli Obes | dba6209 | 2017-05-18 17:10:23 -0400 | [diff] [blame] | 620 | /* Set up signal handlers in minijail unless asked not to. */ |
| 621 | if (forward) |
| 622 | minijail_forward_signals(j); |
| 623 | |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 624 | /* Only allow bind mounts when entering a chroot or using pivot_root. */ |
| 625 | if (binding && !(chroot || pivot_root)) { |
| 626 | fprintf(stderr, "Can't add bind mounts without chroot or" |
| 627 | " pivot_root.\n"); |
| 628 | exit(1); |
| 629 | } |
| 630 | |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 631 | /* |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 632 | * Remounting / as MS_PRIVATE only happens when entering a new mount |
| 633 | * namespace, so skipping it only applies in that case. |
| 634 | */ |
| 635 | if (skip_remount && !mount_ns) { |
| 636 | fprintf(stderr, "Can't skip marking mounts as MS_PRIVATE" |
| 637 | " without mount namespaces.\n"); |
| 638 | exit(1); |
| 639 | } |
| 640 | |
| 641 | /* |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 642 | * We parse seccomp filters here to make sure we've collected all |
| 643 | * cmdline options. |
| 644 | */ |
| 645 | if (use_seccomp_filter) { |
| 646 | minijail_parse_seccomp_filters(j, filter_path); |
Jorge Lucangeli Obes | 0b20877 | 2017-04-19 14:15:46 -0400 | [diff] [blame] | 647 | free((void *)filter_path); |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 648 | } |
| 649 | |
Luis Hector Chavez | fe5fb8e | 2017-06-29 10:41:27 -0700 | [diff] [blame] | 650 | /* |
| 651 | * There should be at least one additional unparsed argument: the |
| 652 | * executable name. |
| 653 | */ |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 654 | if (argc == optind) { |
| 655 | usage(argv[0]); |
| 656 | exit(1); |
| 657 | } |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 658 | |
Luis Hector Chavez | fe5fb8e | 2017-06-29 10:41:27 -0700 | [diff] [blame] | 659 | if (*elftype == ELFERROR) { |
| 660 | /* |
| 661 | * -T was not specified. |
| 662 | * Get the path to the program adjusted for changing root. |
| 663 | */ |
| 664 | char *program_path = |
| 665 | minijail_get_original_path(j, argv[optind]); |
| 666 | |
| 667 | /* Check that we can access the target program. */ |
| 668 | if (access(program_path, X_OK)) { |
| 669 | fprintf(stderr, |
| 670 | "Target program '%s' is not accessible.\n", |
| 671 | argv[optind]); |
| 672 | exit(1); |
| 673 | } |
| 674 | |
| 675 | /* Check if target is statically or dynamically linked. */ |
| 676 | *elftype = get_elf_linkage(program_path); |
| 677 | free(program_path); |
| 678 | } |
| 679 | |
| 680 | /* |
| 681 | * Setting capabilities need either a dynamically-linked binary, or the |
| 682 | * use of ambient capabilities for them to be able to survive an |
| 683 | * execve(2). |
| 684 | */ |
| 685 | if (caps && *elftype == ELFSTATIC && !ambient_caps) { |
| 686 | fprintf(stderr, "Can't run statically-linked binaries with " |
| 687 | "capabilities (-c) without also setting " |
| 688 | "ambient capabilities. Try passing " |
| 689 | "--ambient.\n"); |
| 690 | exit(1); |
| 691 | } |
| 692 | |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 693 | return optind; |
| 694 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 695 | |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 696 | int main(int argc, char *argv[]) |
| 697 | { |
| 698 | struct minijail *j = minijail_new(); |
Jorge Lucangeli Obes | d99a40d | 2016-01-26 13:50:44 -0800 | [diff] [blame] | 699 | const char *dl_mesg = NULL; |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 700 | int exit_immediately = 0; |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 701 | ElfType elftype = ELFERROR; |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 702 | int consumed = parse_args(j, argc, argv, &exit_immediately, &elftype); |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 703 | argc -= consumed; |
| 704 | argv += consumed; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 705 | |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 706 | if (elftype == ELFSTATIC) { |
Jorge Lucangeli Obes | 5471450 | 2015-09-30 10:08:45 -0700 | [diff] [blame] | 707 | /* |
| 708 | * Target binary is statically linked so we cannot use |
| 709 | * libminijailpreload.so. |
| 710 | */ |
| 711 | minijail_run_no_preload(j, argv[0], argv); |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 712 | } else if (elftype == ELFDYNAMIC) { |
| 713 | /* |
| 714 | * Target binary is dynamically linked so we can |
| 715 | * inject libminijailpreload.so into it. |
| 716 | */ |
| 717 | |
| 718 | /* Check that we can dlopen() libminijailpreload.so. */ |
| 719 | if (!dlopen(PRELOADPATH, RTLD_LAZY | RTLD_LOCAL)) { |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 720 | dl_mesg = dlerror(); |
| 721 | fprintf(stderr, "dlopen(): %s\n", dl_mesg); |
| 722 | return 1; |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 723 | } |
| 724 | minijail_run(j, argv[0], argv); |
| 725 | } else { |
Jorge Lucangeli Obes | 2f61ee4 | 2014-06-16 11:08:18 -0700 | [diff] [blame] | 726 | fprintf(stderr, |
| 727 | "Target program '%s' is not a valid ELF file.\n", |
| 728 | argv[0]); |
Jorge Lucangeli Obes | 4b2d5ee | 2014-01-09 15:47:47 -0800 | [diff] [blame] | 729 | return 1; |
| 730 | } |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 731 | |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 732 | if (exit_immediately) { |
Luis Hector Chavez | 114a930 | 2017-09-05 20:36:58 -0700 | [diff] [blame] | 733 | info("not running init loop, exiting immediately\n"); |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 734 | return 0; |
| 735 | } |
lhchavez | 6c8d820 | 2017-09-01 03:55:11 +0000 | [diff] [blame] | 736 | int ret = minijail_wait(j); |
| 737 | #if defined(__SANITIZE_ADDRESS__) |
| 738 | minijail_destroy(j); |
| 739 | #endif /* __SANITIZE_ADDRESS__ */ |
| 740 | return ret; |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 741 | } |