Blame - minijail0.c - platform/external/minijail

blob: a43495347cc50e9844bdcf36804d921ebdc0e7a9 [file] [log] [blame]

Elly Jones	e58176c	2012-01-23 11:46:17 -0500	[diff] [blame]	1	/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	2	* Use of this source code is governed by a BSD-style license that can be
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	3	* found in the LICENSE file.
				4	*/
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	5
Jorge Lucangeli Obes	4b2d5ee	2014-01-09 15:47:47 -0800	[diff] [blame]	6	#include <dlfcn.h>
Stephen Barber	5dd5b1b	2017-10-16 23:02:39 -0700	[diff] [blame]	7	#include <errno.h>
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	8	#include <getopt.h>
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	9	#include <stdio.h>
				10	#include <stdlib.h>
				11	#include <string.h>
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	12	#include <sys/capability.h>
				13	#include <sys/types.h>
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	14	#include <unistd.h>
				15
				16	#include "libminijail.h"
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	17	#include "libsyscalls.h"
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	18
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	19	#include "elfparse.h"
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	20	#include "system.h"
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	21	#include "util.h"
				22
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	23	#define IDMAP_LEN 32U
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	24	#define DEFAULT_TMP_SIZE (64 * 1024 * 1024)
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	25
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	26	static void set_user(struct minijail j, const char arg, uid_t *out_uid,
				27	gid_t *out_gid)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	28	{
				29	char *end = NULL;
				30	int uid = strtod(arg, &end);
				31	if (!end && arg) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	32	*out_uid = uid;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	33	minijail_change_uid(j, uid);
				34	return;
				35	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	36
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	37	if (lookup_user(arg, out_uid, out_gid)) {
				38	fprintf(stderr, "Bad user: '%s'\n", arg);
				39	exit(1);
				40	}
				41
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	42	if (minijail_change_user(j, arg)) {
				43	fprintf(stderr, "Bad user: '%s'\n", arg);
				44	exit(1);
				45	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	46	}
				47
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	48	static void set_group(struct minijail j, const char arg, gid_t *out_gid)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	49	{
				50	char *end = NULL;
				51	int gid = strtod(arg, &end);
				52	if (!end && arg) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	53	*out_gid = gid;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	54	minijail_change_gid(j, gid);
				55	return;
				56	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	57
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	58	if (lookup_group(arg, out_gid)) {
				59	fprintf(stderr, "Bad group: '%s'\n", arg);
				60	exit(1);
				61	}
				62
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	63	if (minijail_change_group(j, arg)) {
				64	fprintf(stderr, "Bad group: '%s'\n", arg);
				65	exit(1);
				66	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	67	}
				68
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	69	static void skip_securebits(struct minijail j, const char arg)
				70	{
				71	uint64_t securebits_skip_mask;
				72	char *end = NULL;
				73	securebits_skip_mask = strtoull(arg, &end, 16);
				74	if (*end) {
				75	fprintf(stderr, "Invalid securebit mask: '%s'\n", arg);
				76	exit(1);
				77	}
				78	minijail_skip_setting_securebits(j, securebits_skip_mask);
				79	}
				80
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	81	static void use_caps(struct minijail j, const char arg)
				82	{
				83	uint64_t caps;
				84	char *end = NULL;
				85	caps = strtoull(arg, &end, 16);
				86	if (*end) {
				87	fprintf(stderr, "Invalid cap set: '%s'\n", arg);
				88	exit(1);
				89	}
				90	minijail_use_caps(j, caps);
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	91	}
				92
Jorge Lucangeli Obes	c8b21e1	2014-06-13 14:26:16 -0700	[diff] [blame]	93	static void add_binding(struct minijail j, char arg)
				94	{
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	95	char *src = tokenize(&arg, ",");
				96	char *dest = tokenize(&arg, ",");
				97	char *flags = tokenize(&arg, ",");
				98	if (!src \|\| src[0] == '\0' \|\| arg != NULL) {
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	99	fprintf(stderr, "Bad binding: %s %s\n", src, dest);
				100	exit(1);
				101	}
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	102	if (dest == NULL \|\| dest[0] == '\0')
Mike Frysinger	8f0665b	2018-01-17 14:26:09 -0500	[diff] [blame]	103	dest = src;
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	104	if (flags == NULL \|\| flags[0] == '\0')
				105	flags = "0";
				106	if (minijail_bind(j, src, dest, atoi(flags))) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	107	fprintf(stderr, "minijail_bind failed.\n");
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	108	exit(1);
				109	}
				110	}
				111
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	112	static void add_rlimit(struct minijail j, char arg)
				113	{
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	114	char *type = tokenize(&arg, ",");
				115	char *cur = tokenize(&arg, ",");
				116	char *max = tokenize(&arg, ",");
				117	if (!type \|\| type[0] == '\0' \|\| !cur \|\| cur[0] == '\0' \|\|
				118	!max \|\| max[0] == '\0' \|\| arg != NULL) {
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	119	fprintf(stderr, "Bad rlimit '%s'.\n", arg);
				120	exit(1);
				121	}
				122	if (minijail_rlimit(j, atoi(type), atoi(cur), atoi(max))) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	123	fprintf(stderr, "minijail_rlimit '%s,%s,%s' failed.\n", type,
				124	cur, max);
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	125	exit(1);
				126	}
				127	}
				128
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	129	static void add_mount(struct minijail j, char arg)
				130	{
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	131	char *src = tokenize(&arg, ",");
				132	char *dest = tokenize(&arg, ",");
				133	char *type = tokenize(&arg, ",");
				134	char *flags = tokenize(&arg, ",");
				135	char *data = tokenize(&arg, ",");
				136	if (!src \|\| src[0] == '\0' \|\| !dest \|\| dest[0] == '\0' \|\|
				137	!type \|\| type[0] == '\0' \|\| arg != NULL) {
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	138	fprintf(stderr, "Bad mount: %s %s %s\n", src, dest, type);
				139	exit(1);
				140	}
Dylan Reid	81e2397	2016-05-18 14:06:35 -0700	[diff] [blame]	141	if (minijail_mount_with_data(j, src, dest, type,
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	142	flags ? strtoul(flags, NULL, 16) : 0,
				143	data)) {
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	144	fprintf(stderr, "minijail_mount failed.\n");
				145	exit(1);
				146	}
				147	}
				148
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	149	static char *build_idmap(id_t id, id_t lowerid)
				150	{
				151	int ret;
				152	char *idmap = malloc(IDMAP_LEN);
				153	ret = snprintf(idmap, IDMAP_LEN, "%d %d 1", id, lowerid);
				154	if (ret < 0 \|\| (size_t)ret >= IDMAP_LEN) {
				155	free(idmap);
				156	fprintf(stderr, "Could not build id map.\n");
				157	exit(1);
				158	}
				159	return idmap;
				160	}
				161
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	162	static int has_cap_setgid()
				163	{
				164	cap_t caps;
				165	cap_flag_value_t cap_value;
				166
				167	if (!CAP_IS_SUPPORTED(CAP_SETGID))
				168	return 0;
				169
				170	caps = cap_get_proc();
				171	if (!caps) {
				172	fprintf(stderr, "Could not get process' capabilities: %m\n");
				173	exit(1);
				174	}
				175
				176	if (cap_get_flag(caps, CAP_SETGID, CAP_EFFECTIVE, &cap_value)) {
				177	fprintf(stderr, "Could not get the value of CAP_SETGID: %m\n");
				178	exit(1);
				179	}
				180
				181	if (cap_free(caps)) {
				182	fprintf(stderr, "Could not free capabilities: %m\n");
				183	exit(1);
				184	}
				185
				186	return cap_value == CAP_SET;
				187	}
				188
				189	static void set_ugid_mapping(struct minijail *j, int set_uidmap, uid_t uid,
				190	char *uidmap, int set_gidmap, gid_t gid,
				191	char *gidmap)
				192	{
				193	if (set_uidmap) {
				194	minijail_namespace_user(j);
				195	minijail_namespace_pids(j);
				196
				197	if (!uidmap) {
				198	/*
				199	* If no map is passed, map the current uid to the
				200	* chosen uid in the target namespace (or root, if none
				201	* was chosen).
				202	*/
				203	uidmap = build_idmap(uid, getuid());
				204	}
				205	if (0 != minijail_uidmap(j, uidmap)) {
				206	fprintf(stderr, "Could not set uid map.\n");
				207	exit(1);
				208	}
				209	free(uidmap);
				210	}
				211	if (set_gidmap) {
				212	minijail_namespace_user(j);
				213	minijail_namespace_pids(j);
				214
				215	if (!gidmap) {
				216	/*
				217	* If no map is passed, map the current gid to the
				218	* chosen gid in the target namespace.
				219	*/
				220	gidmap = build_idmap(gid, getgid());
				221	}
				222	if (!has_cap_setgid()) {
				223	/*
				224	* This means that we are not running as root,
				225	* so we also have to disable setgroups(2) to
				226	* be able to set the gid map.
				227	* See
				228	* http://man7.org/linux/man-pages/man7/user_namespaces.7.html
				229	*/
				230	minijail_namespace_user_disable_setgroups(j);
				231	}
				232	if (0 != minijail_gidmap(j, gidmap)) {
				233	fprintf(stderr, "Could not set gid map.\n");
				234	exit(1);
				235	}
				236	free(gidmap);
				237	}
				238	}
				239
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	240	static void use_chroot(struct minijail j, const char path, int *chroot,
				241	int pivot_root)
				242	{
				243	if (pivot_root) {
				244	fprintf(stderr, "Could not set chroot because "
				245	"'-P' was specified.\n");
				246	exit(1);
				247	}
				248	if (minijail_enter_chroot(j, path)) {
				249	fprintf(stderr, "Could not set chroot.\n");
				250	exit(1);
				251	}
				252	*chroot = 1;
				253	}
				254
				255	static void use_pivot_root(struct minijail j, const char path,
				256	int *pivot_root, int chroot)
				257	{
				258	if (chroot) {
				259	fprintf(stderr, "Could not set pivot_root because "
				260	"'-C' was specified.\n");
				261	exit(1);
				262	}
				263	if (minijail_enter_pivot_root(j, path)) {
				264	fprintf(stderr, "Could not set pivot_root.\n");
				265	exit(1);
				266	}
				267	minijail_namespace_vfs(j);
				268	*pivot_root = 1;
				269	}
				270
				271	static void use_profile(struct minijail j, const char profile,
				272	int pivot_root, int chroot, size_t tmp_size)
				273	{
				274	if (!strcmp(profile, "minimalistic-mountns")) {
				275	minijail_namespace_vfs(j);
				276	if (minijail_bind(j, "/", "/", 0)) {
				277	fprintf(stderr, "minijail_bind failed.\n");
				278	exit(1);
				279	}
				280	if (minijail_bind(j, "/proc", "/proc", 0)) {
				281	fprintf(stderr, "minijail_bind failed.\n");
				282	exit(1);
				283	}
				284	minijail_mount_dev(j);
				285	if (!*tmp_size) {
				286	/* Avoid clobbering \|tmp_size\| if it was already set. */
				287	*tmp_size = DEFAULT_TMP_SIZE;
				288	}
				289	minijail_remount_proc_readonly(j);
				290	use_pivot_root(j, "/var/empty", pivot_root, chroot);
				291	} else {
				292	fprintf(stderr, "Unrecognized profile name '%s'\n", profile);
				293	exit(1);
				294	}
				295	}
				296
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	297	static void usage(const char *progn)
				298	{
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	299	size_t i;
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	300	/* clang-format off */
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	301	printf("Usage: %s [-dGhHiIKlLnNprRstUvyYz]\n"
Jorge Lucangeli Obes	a32e839	2016-09-01 16:52:40 -0400	[diff] [blame]	302	" [-a <table>]\n"
Mike Frysinger	fea05c6	2018-01-17 16:56:48 -0500	[diff] [blame]	303	" [-b <src>[,<dest>[,<writeable>]]] [-k <src>,<dest>,<type>[,<flags>[,<data>]]]\n"
Jorge Lucangeli Obes	a32e839	2016-09-01 16:52:40 -0400	[diff] [blame]	304	" [-c <caps>] [-C <dir>] [-P <dir>] [-e[file]] [-f <file>] [-g <group>]\n"
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	305	" [-m[<uid> <loweruid> <count>]] [-M[<gid> <lowergid> <count>]] [--profile <name>]\n"
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	306	" [-R <type,cur,max>] [-S <file>] [-t[size]] [-T <type>] [-u <user>] [-V <file>]\n"
Jorge Lucangeli Obes	9dd256e	2016-02-16 15:31:02 -0800	[diff] [blame]	307	" <program> [args...]\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	308	" -a <table>: Use alternate syscall table <table>.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	309	" -b <...>: Bind <src> to <dest> in chroot.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	310	" Multiple instances allowed.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	311	" -B <mask>: Skip setting securebits in <mask> when restricting capabilities (-c).\n"
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	312	" By default, SECURE_NOROOT, SECURE_NO_SETUID_FIXUP, and \n"
				313	" SECURE_KEEP_CAPS (together with their respective locks) are set.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	314	" -k <...>: Mount <src> at <dest> in chroot.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	315	" <flags> and <data> can be specified as in mount(2).\n"
				316	" Multiple instances allowed.\n"
				317	" -c <caps>: Restrict caps to <caps>.\n"
				318	" -C <dir>: chroot(2) to <dir>.\n"
				319	" Not compatible with -P.\n"
				320	" -P <dir>: pivot_root(2) to <dir> (implies -v).\n"
				321	" Not compatible with -C.\n"
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	322	" --mount-dev, Create a new /dev with a minimal set of device nodes (implies -v).\n"
Luis Hector Chavez	d775f4c	2017-10-25 11:36:57 -0700	[diff] [blame]	323	" -d: See the minijail0(1) man page for the exact set.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	324	" -e[file]: Enter new network namespace, or existing one if \|file\| is provided.\n"
				325	" -f <file>: Write the pid of the jailed process to <file>.\n"
				326	" -g <group>: Change gid to <group>.\n"
				327	" -G: Inherit supplementary groups from uid.\n"
				328	" Not compatible with -y.\n"
				329	" -y: Keep uid's supplementary groups.\n"
				330	" Not compatible with -G.\n"
				331	" -h: Help (this message).\n"
				332	" -H: Seccomp filter help message.\n"
				333	" -i: Exit immediately after fork (do not act as init).\n"
				334	" -I: Run <program> as init (pid 1) inside a new pid namespace (implies -p).\n"
				335	" -K: Don't mark all existing mounts as MS_PRIVATE.\n"
				336	" -l: Enter new IPC namespace.\n"
				337	" -L: Report blocked syscalls to syslog when using seccomp filter.\n"
				338	" Forces the following syscalls to be allowed:\n"
Kees Cook	03b2af2	2014-12-18 17:11:13 -0800	[diff] [blame]	339	" ", progn);
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	340	/* clang-format on */
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	341	for (i = 0; i < log_syscalls_len; i++)
				342	printf("%s ", log_syscalls[i]);
				343
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	344	/* clang-format off */
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	345	printf("\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	346	" -m[map]: Set the uid map of a user namespace (implies -pU).\n"
				347	" Same arguments as newuidmap(1), multiple mappings should be separated by ',' (comma).\n"
				348	" With no mapping, map the current uid to root inside the user namespace.\n"
				349	" Not compatible with -b without the 'writable' option.\n"
				350	" -M[map]: Set the gid map of a user namespace (implies -pU).\n"
				351	" Same arguments as newgidmap(1), multiple mappings should be separated by ',' (comma).\n"
				352	" With no mapping, map the current gid to root inside the user namespace.\n"
				353	" Not compatible with -b without the 'writable' option.\n"
				354	" -n: Set no_new_privs.\n"
				355	" -N: Enter a new cgroup namespace.\n"
				356	" -p: Enter new pid namespace (implies -vr).\n"
				357	" -r: Remount /proc read-only (implies -v).\n"
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	358	" -R: Set rlimits, can be specified multiple times.\n"
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	359	" -s: Use seccomp mode 1 (not the same as -S).\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	360	" -S <file>: Set seccomp filter using <file>.\n"
				361	" E.g., '-S /usr/share/filters/<prog>.$(uname -m)'.\n"
				362	" Requires -n when not running as root.\n"
				363	" -t[size]: Mount tmpfs at /tmp (implies -v).\n"
				364	" Optional argument specifies size (default \"64M\").\n"
Graziano Misuraca	58602a8	2017-08-28 17:33:15 -0700	[diff] [blame]	365	" -T <type>: Assume <program> is a <type> ELF binary; <type> can be 'static' or 'dynamic'.\n"
				366	" This will avoid accessing <program> binary before execve(2).\n"
				367	" Type 'static' will avoid preload hooking.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	368	" -u <user>: Change uid to <user>.\n"
				369	" -U: Enter new user namespace (implies -p).\n"
				370	" -v: Enter new mount namespace.\n"
				371	" -V <file>: Enter specified mount namespace.\n"
				372	" -w: Create and join a new anonymous session keyring.\n"
				373	" -Y: Synchronize seccomp filters across thread group.\n"
				374	" -z: Don't forward signals to jailed process.\n"
				375	" --ambient: Raise ambient capabilities. Requires -c.\n"
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	376	" --uts[=name]: Enter a new UTS namespace (and set hostname).\n"
				377	" --logging=<s>:Use <s> as the logging system.\n"
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	378	" <s> must be 'syslog' (default) or 'stderr'.\n"
				379	" --profile <p>,Configure minijail0 to run with the <p> sandboxing profile,\n"
				380	" which is a convenient way to express multiple flags\n"
				381	" that are typically used together.\n"
				382	" See the minijail0(1) man page for the full list.\n");
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	383	/* clang-format on */
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	384	}
				385
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	386	static void seccomp_filter_usage(const char *progn)
				387	{
				388	const struct syscall_entry *entry = syscall_table;
				389	printf("Usage: %s -S <policy.file> <program> [args...]\n\n"
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	390	"System call names supported:\n",
				391	progn);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	392	for (; entry->name && entry->nr >= 0; ++entry)
				393	printf(" %s [%d]\n", entry->name, entry->nr);
				394	printf("\nSee minijail0(5) for example policies.\n");
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	395	}
				396
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	397	static int parse_args(struct minijail j, int argc, char argv[],
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	398	int exit_immediately, ElfType elftype)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	399	{
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	400	int opt;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	401	int use_seccomp_filter = 0;
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	402	int forward = 1;
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	403	int binding = 0;
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	404	int chroot = 0, pivot_root = 0;
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	405	int mount_ns = 0, skip_remount = 0;
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	406	int inherit_suppl_gids = 0, keep_suppl_gids = 0;
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	407	int caps = 0, ambient_caps = 0;
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	408	int seccomp = -1;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	409	const size_t path_max = 4096;
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	410	uid_t uid = 0;
				411	gid_t gid = 0;
				412	char uidmap = NULL, gidmap = NULL;
				413	int set_uidmap = 0, set_gidmap = 0;
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	414	size_t tmp_size = 0;
Luis Hector Chavez	95582e7	2017-09-05 09:13:25 -0700	[diff] [blame]	415	const char *filter_path = NULL;
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	416	int log_to_stderr = 0;
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	417
				418	const char *optstring =
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	419	"+u:g:sS:c:C:P:b:B:V:f:m::M::k:a:e::R:T:vrGhHinNplLt::IUKwyYzd";
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	420	/* clang-format off */
				421	const struct option long_options[] = {
Mike Frysinger	227c291	2017-10-04 14:27:04 -0400	[diff] [blame]	422	{"help", no_argument, 0, 'h'},
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	423	{"mount-dev", no_argument, 0, 'd'},
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	424	{"ambient", no_argument, 0, 128},
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	425	{"uts", optional_argument, 0, 129},
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	426	{"logging", required_argument, 0, 130},
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	427	{"profile", required_argument, 0, 131},
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	428	{0, 0, 0, 0},
				429	};
				430	/* clang-format on */
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	431
Mike Frysinger	99becbd	2017-10-04 14:26:52 -0400	[diff] [blame]	432	while ((opt = getopt_long(argc, argv, optstring, long_options, NULL)) !=
				433	-1) {
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	434	switch (opt) {
				435	case 'u':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	436	set_user(j, optarg, &uid, &gid);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	437	break;
				438	case 'g':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	439	set_group(j, optarg, &gid);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	440	break;
Jorge Lucangeli Obes	c2c9bcc	2012-05-01 09:30:24 -0700	[diff] [blame]	441	case 'n':
				442	minijail_no_new_privs(j);
Jorge Lucangeli Obes	0341d6c	2012-07-16 15:27:31 -0700	[diff] [blame]	443	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	444	case 's':
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	445	if (seccomp != -1 && seccomp != 1) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	446	fprintf(stderr,
				447	"Do not use -s & -S together.\n");
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	448	exit(1);
				449	}
				450	seccomp = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	451	minijail_use_seccomp(j);
				452	break;
				453	case 'S':
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	454	if (seccomp != -1 && seccomp != 2) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	455	fprintf(stderr,
				456	"Do not use -s & -S together.\n");
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	457	exit(1);
				458	}
				459	seccomp = 2;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	460	minijail_use_seccomp_filter(j);
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	461	if (strlen(optarg) >= path_max) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	462	fprintf(stderr, "Filter path is too long.\n");
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	463	exit(1);
				464	}
				465	filter_path = strndup(optarg, path_max);
				466	if (!filter_path) {
				467	fprintf(stderr,
				468	"Could not strndup(3) filter path.\n");
				469	exit(1);
				470	}
				471	use_seccomp_filter = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	472	break;
Dylan Reid	f794247	2015-11-18 17:55:26 -0800	[diff] [blame]	473	case 'l':
				474	minijail_namespace_ipc(j);
				475	break;
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	476	case 'L':
				477	minijail_log_seccomp_filter_failures(j);
				478	break;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	479	case 'b':
				480	add_binding(j, optarg);
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	481	binding = 1;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	482	break;
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	483	case 'B':
				484	skip_securebits(j, optarg);
				485	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	486	case 'c':
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	487	caps = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	488	use_caps(j, optarg);
				489	break;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	490	case 'C':
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	491	use_chroot(j, optarg, &chroot, pivot_root);
Yu-Hsi Chiang	64d65a7	2015-08-13 17:43:27 +0800	[diff] [blame]	492	break;
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	493	case 'k':
				494	add_mount(j, optarg);
				495	break;
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	496	case 'K':
				497	minijail_skip_remount_private(j);
				498	skip_remount = 1;
				499	break;
Yu-Hsi Chiang	64d65a7	2015-08-13 17:43:27 +0800	[diff] [blame]	500	case 'P':
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	501	use_pivot_root(j, optarg, &pivot_root, chroot);
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	502	break;
Yu-Hsi Chiang	3cc05ea	2015-08-11 11:23:17 +0800	[diff] [blame]	503	case 'f':
				504	if (0 != minijail_write_pid_file(j, optarg)) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	505	fprintf(stderr,
				506	"Could not prepare pid file path.\n");
Yu-Hsi Chiang	3cc05ea	2015-08-11 11:23:17 +0800	[diff] [blame]	507	exit(1);
				508	}
				509	break;
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	510	case 't':
Mike Frysinger	ec7def2	2017-01-13 18:44:45 -0500	[diff] [blame]	511	minijail_namespace_vfs(j);
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	512	if (!tmp_size) {
				513	/*
				514	* Avoid clobbering \|tmp_size\| if it was already
				515	* set.
				516	*/
				517	tmp_size = DEFAULT_TMP_SIZE;
				518	}
				519	if (optarg != NULL &&
				520	0 != parse_size(&tmp_size, optarg)) {
Martin Pelikán	ab9eb44	2017-01-25 11:53:58 +1100	[diff] [blame]	521	fprintf(stderr, "Invalid /tmp tmpfs size.\n");
				522	exit(1);
				523	}
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	524	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	525	case 'v':
				526	minijail_namespace_vfs(j);
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	527	mount_ns = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	528	break;
Jorge Lucangeli Obes	1563b5b	2014-07-10 07:01:53 -0700	[diff] [blame]	529	case 'V':
				530	minijail_namespace_enter_vfs(j, optarg);
				531	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	532	case 'r':
Dylan Reid	791f577	2015-09-14 20:02:42 -0700	[diff] [blame]	533	minijail_remount_proc_readonly(j);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	534	break;
				535	case 'G':
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	536	if (keep_suppl_gids) {
				537	fprintf(stderr,
				538	"-y and -G are not compatible.\n");
				539	exit(1);
				540	}
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	541	minijail_inherit_usergroups(j);
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	542	inherit_suppl_gids = 1;
				543	break;
				544	case 'y':
				545	if (inherit_suppl_gids) {
				546	fprintf(stderr,
				547	"-y and -G are not compatible.\n");
				548	exit(1);
				549	}
				550	minijail_keep_supplementary_gids(j);
				551	keep_suppl_gids = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	552	break;
Dylan Reid	4cbc2a5	2016-06-17 19:06:07 -0700	[diff] [blame]	553	case 'N':
				554	minijail_namespace_cgroups(j);
				555	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	556	case 'p':
				557	minijail_namespace_pids(j);
				558	break;
Elly Fong-Jones	6c08630	2013-03-20 17:15:28 -0400	[diff] [blame]	559	case 'e':
Dylan Reid	1102f5a	2015-09-15 11:52:20 -0700	[diff] [blame]	560	if (optarg)
				561	minijail_namespace_enter_net(j, optarg);
				562	else
				563	minijail_namespace_net(j);
Elly Fong-Jones	6c08630	2013-03-20 17:15:28 -0400	[diff] [blame]	564	break;
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	565	case 'i':
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	566	*exit_immediately = 1;
				567	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	568	case 'H':
				569	seccomp_filter_usage(argv[0]);
Mike Frysinger	5b67e0b	2018-01-22 18:52:06 -0500	[diff] [blame]	570	exit(0);
Yu-Hsi Chiang	3e954ec	2015-07-28 16:48:14 +0800	[diff] [blame]	571	case 'I':
				572	minijail_namespace_pids(j);
				573	minijail_run_as_init(j);
				574	break;
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	575	case 'U':
				576	minijail_namespace_user(j);
				577	minijail_namespace_pids(j);
				578	break;
				579	case 'm':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	580	set_uidmap = 1;
				581	if (uidmap) {
				582	free(uidmap);
				583	uidmap = NULL;
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	584	}
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	585	if (optarg)
				586	uidmap = strdup(optarg);
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	587	break;
				588	case 'M':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	589	set_gidmap = 1;
				590	if (gidmap) {
				591	free(gidmap);
				592	gidmap = NULL;
Jorge Lucangeli Obes	200299c	2016-09-23 15:21:57 -0400	[diff] [blame]	593	}
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	594	if (optarg)
				595	gidmap = strdup(optarg);
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	596	break;
Andrew Bresticker	eac2894	2015-11-11 16:04:46 -0800	[diff] [blame]	597	case 'a':
				598	if (0 != minijail_use_alt_syscall(j, optarg)) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	599	fprintf(stderr,
				600	"Could not set alt-syscall table.\n");
Andrew Bresticker	eac2894	2015-11-11 16:04:46 -0800	[diff] [blame]	601	exit(1);
				602	}
				603	break;
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	604	case 'R':
				605	add_rlimit(j, optarg);
				606	break;
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	607	case 'T':
				608	if (!strcmp(optarg, "static"))
				609	*elftype = ELFSTATIC;
				610	else if (!strcmp(optarg, "dynamic"))
				611	*elftype = ELFDYNAMIC;
				612	else {
Jorge Lucangeli Obes	768d42b	2016-02-17 10:28:25 -0800	[diff] [blame]	613	fprintf(stderr, "ELF type must be 'static' or "
				614	"'dynamic'.\n");
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	615	exit(1);
				616	}
				617	break;
Chirantan Ekbote	866bb3a	2017-02-07 12:26:42 -0800	[diff] [blame]	618	case 'w':
				619	minijail_new_session_keyring(j);
				620	break;
Jorge Lucangeli Obes	1365061	2016-09-02 11:27:29 -0400	[diff] [blame]	621	case 'Y':
				622	minijail_set_seccomp_filter_tsync(j);
				623	break;
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	624	case 'z':
				625	forward = 0;
				626	break;
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	627	case 'd':
				628	minijail_namespace_vfs(j);
				629	minijail_mount_dev(j);
				630	break;
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	631	/* Long options. */
				632	case 128: /* Ambient caps. */
				633	ambient_caps = 1;
				634	minijail_set_ambient_caps(j);
				635	break;
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	636	case 129: /* UTS/hostname namespace. */
				637	minijail_namespace_uts(j);
				638	if (optarg)
				639	minijail_namespace_set_hostname(j, optarg);
				640	break;
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	641	case 130: /* Logging. */
				642	if (!strcmp(optarg, "syslog"))
				643	log_to_stderr = 0;
				644	else if (!strcmp(optarg, "stderr")) {
				645	log_to_stderr = 1;
				646	} else {
				647	fprintf(stderr, "--logger must be 'syslog' or "
				648	"'stderr'.\n");
				649	exit(1);
				650	}
				651	break;
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	652	case 131: /* Profile */
				653	use_profile(j, optarg, &pivot_root, chroot, &tmp_size);
				654	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	655	default:
				656	usage(argv[0]);
Mike Frysinger	227c291	2017-10-04 14:27:04 -0400	[diff] [blame]	657	exit(opt == 'h' ? 0 : 1);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	658	}
				659	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	660
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	661	if (log_to_stderr) {
				662	init_logging(LOG_TO_FD, STDERR_FILENO, LOG_INFO);
				663	/*
				664	* When logging to stderr, ensure the FD survives the jailing.
				665	*/
				666	if (0 !=
				667	minijail_preserve_fd(j, STDERR_FILENO, STDERR_FILENO)) {
				668	fprintf(stderr, "Could not preserve stderr.\n");
				669	exit(1);
				670	}
				671	}
				672
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	673	/* Set up uid/gid mapping. */
				674	if (set_uidmap \|\| set_gidmap) {
				675	set_ugid_mapping(j, set_uidmap, uid, uidmap, set_gidmap, gid,
				676	gidmap);
				677	}
				678
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	679	/* Can only set ambient caps when using regular caps. */
				680	if (ambient_caps && !caps) {
				681	fprintf(stderr, "Can't set ambient capabilities (--ambient) "
				682	"without actually using capabilities (-c).\n");
				683	exit(1);
				684	}
				685
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	686	/* Set up signal handlers in minijail unless asked not to. */
				687	if (forward)
				688	minijail_forward_signals(j);
				689
Mike Frysinger	ac08a68	2017-10-10 02:04:50 -0400	[diff] [blame]	690	/*
				691	* Only allow bind mounts when entering a chroot, using pivot_root, or
				692	* a new mount namespace.
				693	*/
				694	if (binding && !(chroot \|\| pivot_root \|\| mount_ns)) {
				695	fprintf(stderr, "Bind mounts require a chroot, pivot_root, or "
				696	" new mount namespace.\n");
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	697	exit(1);
				698	}
				699
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	700	/*
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	701	* Remounting / as MS_PRIVATE only happens when entering a new mount
				702	* namespace, so skipping it only applies in that case.
				703	*/
				704	if (skip_remount && !mount_ns) {
				705	fprintf(stderr, "Can't skip marking mounts as MS_PRIVATE"
				706	" without mount namespaces.\n");
				707	exit(1);
				708	}
				709
				710	/*
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	711	* We parse seccomp filters here to make sure we've collected all
				712	* cmdline options.
				713	*/
				714	if (use_seccomp_filter) {
				715	minijail_parse_seccomp_filters(j, filter_path);
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	716	free((void *)filter_path);
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	717	}
				718
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	719	/* Mount a tmpfs under /tmp and set its size. */
				720	if (tmp_size)
				721	minijail_mount_tmp_size(j, tmp_size);
				722
Luis Hector Chavez	fe5fb8e	2017-06-29 10:41:27 -0700	[diff] [blame]	723	/*
				724	* There should be at least one additional unparsed argument: the
				725	* executable name.
				726	*/
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	727	if (argc == optind) {
				728	usage(argv[0]);
				729	exit(1);
				730	}
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	731
Luis Hector Chavez	fe5fb8e	2017-06-29 10:41:27 -0700	[diff] [blame]	732	if (*elftype == ELFERROR) {
				733	/*
				734	* -T was not specified.
				735	* Get the path to the program adjusted for changing root.
				736	*/
				737	char *program_path =
				738	minijail_get_original_path(j, argv[optind]);
				739
				740	/* Check that we can access the target program. */
				741	if (access(program_path, X_OK)) {
				742	fprintf(stderr,
				743	"Target program '%s' is not accessible.\n",
				744	argv[optind]);
				745	exit(1);
				746	}
				747
				748	/* Check if target is statically or dynamically linked. */
				749	*elftype = get_elf_linkage(program_path);
				750	free(program_path);
				751	}
				752
				753	/*
				754	* Setting capabilities need either a dynamically-linked binary, or the
				755	* use of ambient capabilities for them to be able to survive an
				756	* execve(2).
				757	*/
				758	if (caps && *elftype == ELFSTATIC && !ambient_caps) {
				759	fprintf(stderr, "Can't run statically-linked binaries with "
				760	"capabilities (-c) without also setting "
				761	"ambient capabilities. Try passing "
				762	"--ambient.\n");
				763	exit(1);
				764	}
				765
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	766	return optind;
				767	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	768
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	769	int main(int argc, char *argv[])
				770	{
				771	struct minijail *j = minijail_new();
Jorge Lucangeli Obes	d99a40d	2016-01-26 13:50:44 -0800	[diff] [blame]	772	const char *dl_mesg = NULL;
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	773	int exit_immediately = 0;
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	774	ElfType elftype = ELFERROR;
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	775	int consumed = parse_args(j, argc, argv, &exit_immediately, &elftype);
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	776	argc -= consumed;
				777	argv += consumed;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	778
Stephen Barber	5dd5b1b	2017-10-16 23:02:39 -0700	[diff] [blame]	779	/*
				780	* Make the process group ID of this process equal to its PID.
				781	* In the non-interactive case (e.g. when minijail0 is started from
				782	* init) this ensures the parent process and the jailed process
				783	* can be killed together.
				784	*
				785	* Don't fail on EPERM, since setpgid(0, 0) can only EPERM when
				786	* the process is already a process group leader.
				787	*/
				788	if (setpgid(0 /* use calling PID /, 0 / make PGID = PID */)) {
				789	if (errno != EPERM) {
				790	fprintf(stderr, "setpgid(0, 0) failed\n");
				791	exit(1);
				792	}
				793	}
				794
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	795	if (elftype == ELFSTATIC) {
Jorge Lucangeli Obes	5471450	2015-09-30 10:08:45 -0700	[diff] [blame]	796	/*
				797	* Target binary is statically linked so we cannot use
				798	* libminijailpreload.so.
				799	*/
				800	minijail_run_no_preload(j, argv[0], argv);
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	801	} else if (elftype == ELFDYNAMIC) {
				802	/*
				803	* Target binary is dynamically linked so we can
				804	* inject libminijailpreload.so into it.
				805	*/
				806
				807	/* Check that we can dlopen() libminijailpreload.so. */
				808	if (!dlopen(PRELOADPATH, RTLD_LAZY \| RTLD_LOCAL)) {
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	809	dl_mesg = dlerror();
				810	fprintf(stderr, "dlopen(): %s\n", dl_mesg);
				811	return 1;
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	812	}
				813	minijail_run(j, argv[0], argv);
				814	} else {
Jorge Lucangeli Obes	2f61ee4	2014-06-16 11:08:18 -0700	[diff] [blame]	815	fprintf(stderr,
				816	"Target program '%s' is not a valid ELF file.\n",
				817	argv[0]);
Jorge Lucangeli Obes	4b2d5ee	2014-01-09 15:47:47 -0800	[diff] [blame]	818	return 1;
				819	}
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	820
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	821	if (exit_immediately) {
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	822	info("not running init loop, exiting immediately\n");
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	823	return 0;
				824	}
lhchavez	6c8d820	2017-09-01 03:55:11 +0000	[diff] [blame]	825	int ret = minijail_wait(j);
				826	#if defined(__SANITIZE_ADDRESS__)
				827	minijail_destroy(j);
				828	#endif /* __SANITIZE_ADDRESS__ */
				829	return ret;
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	830	}