| Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame^] | 1 | /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. */ |
| 4 | |
| 5 | #include <stdio.h> |
| 6 | #include <stdlib.h> |
| 7 | #include <string.h> |
| 8 | #include <unistd.h> |
| 9 | |
| 10 | #include "libminijail.h" |
| 11 | |
| 12 | static void set_user(struct minijail *j, const char *arg) { |
| 13 | char *end = NULL; |
| 14 | int uid = strtod(arg, &end); |
| 15 | if (!*end && *arg) { |
| 16 | minijail_change_uid(j, uid); |
| 17 | return; |
| 18 | } |
| 19 | |
| 20 | if (minijail_change_user(j, arg)) { |
| 21 | fprintf(stderr, "Bad user: '%s'\n", arg); |
| 22 | exit(1); |
| 23 | } |
| 24 | } |
| 25 | |
| 26 | static void set_group(struct minijail *j, const char *arg) { |
| 27 | char *end = NULL; |
| 28 | int gid = strtod(arg, &end); |
| 29 | if (!*end && *arg) { |
| 30 | minijail_change_gid(j, gid); |
| 31 | return; |
| 32 | } |
| 33 | |
| 34 | if (minijail_change_group(j, arg)) { |
| 35 | fprintf(stderr, "Bad group: '%s'\n", arg); |
| 36 | exit(1); |
| 37 | } |
| 38 | } |
| 39 | |
| 40 | static void use_caps(struct minijail *j, const char *arg) { |
| 41 | uint64_t caps; |
| 42 | char *end = NULL; |
| 43 | caps = strtoull(arg, &end, 16); |
| 44 | if (*end) { |
| 45 | fprintf(stderr, "Invalid cap set: '%s'\n", arg); |
| 46 | exit(1); |
| 47 | } |
| 48 | minijail_use_caps(j, caps); |
| 49 | } |
| 50 | |
| 51 | static void usage(const char *progn) { |
| 52 | printf("Usage: %s [-Ghprsv] [-c <caps>] [-g <group>] [-u <user>] <program> [args...]\n" |
| 53 | " -c: restrict caps to <caps>\n" |
| 54 | " -G: inherit groups from uid\n" |
| 55 | " -g: change gid to <group>\n" |
| 56 | " -h: help (this message)\n" |
| 57 | " -p: use pid namespace\n" |
| 58 | " -r: remount filesystems readonly (implies -v)\n" |
| 59 | " -s: use seccomp\n" |
| 60 | " -u: change uid to <user>\n" |
| 61 | " -v: use vfs namespace\n", progn); |
| 62 | } |
| 63 | |
| 64 | int main(int argc, char *argv[]) { |
| 65 | struct minijail *j = minijail_new(); |
| 66 | |
| 67 | int opt; |
| 68 | while ((opt = getopt(argc, argv, "u:g:sc:vrGhp")) != -1) { |
| 69 | switch (opt) { |
| 70 | case 'u': |
| 71 | set_user(j, optarg); |
| 72 | break; |
| 73 | case 'g': |
| 74 | set_group(j, optarg); |
| 75 | break; |
| 76 | case 's': |
| 77 | minijail_use_seccomp(j); |
| 78 | break; |
| 79 | case 'c': |
| 80 | use_caps(j, optarg); |
| 81 | break; |
| 82 | case 'v': |
| 83 | minijail_namespace_vfs(j); |
| 84 | break; |
| 85 | case 'r': |
| 86 | minijail_remount_readonly(j); |
| 87 | break; |
| 88 | case 'G': |
| 89 | minijail_inherit_usergroups(j); |
| 90 | break; |
| 91 | case 'p': |
| 92 | minijail_namespace_pids(j); |
| 93 | break; |
| 94 | default: |
| 95 | usage(argv[0]); |
| 96 | exit(1); |
| 97 | } |
| 98 | } |
| 99 | |
| 100 | if (argc == optind) { |
| 101 | usage(argv[0]); |
| 102 | exit(1); |
| 103 | } |
| 104 | |
| 105 | argc -= optind; |
| 106 | argv += optind; |
| 107 | |
| 108 | minijail_run(j, argv[0], argv); |
| 109 | return minijail_wait(j); |
| 110 | } |