Elly Jones | e58176c | 2012-01-23 11:46:17 -0500 | [diff] [blame] | 1 | /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 2 | * Use of this source code is governed by a BSD-style license that can be |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 3 | * found in the LICENSE file. |
| 4 | */ |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 5 | |
Jorge Lucangeli Obes | 4b2d5ee | 2014-01-09 15:47:47 -0800 | [diff] [blame] | 6 | #include <dlfcn.h> |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 7 | #include <stdio.h> |
| 8 | #include <stdlib.h> |
| 9 | #include <string.h> |
| 10 | #include <unistd.h> |
| 11 | |
| 12 | #include "libminijail.h" |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 13 | #include "libsyscalls.h" |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 14 | |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 15 | #include "elfparse.h" |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 16 | #include "util.h" |
| 17 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 18 | static void set_user(struct minijail *j, const char *arg) |
| 19 | { |
| 20 | char *end = NULL; |
| 21 | int uid = strtod(arg, &end); |
| 22 | if (!*end && *arg) { |
| 23 | minijail_change_uid(j, uid); |
| 24 | return; |
| 25 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 26 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 27 | if (minijail_change_user(j, arg)) { |
| 28 | fprintf(stderr, "Bad user: '%s'\n", arg); |
| 29 | exit(1); |
| 30 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 31 | } |
| 32 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 33 | static void set_group(struct minijail *j, const char *arg) |
| 34 | { |
| 35 | char *end = NULL; |
| 36 | int gid = strtod(arg, &end); |
| 37 | if (!*end && *arg) { |
| 38 | minijail_change_gid(j, gid); |
| 39 | return; |
| 40 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 41 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 42 | if (minijail_change_group(j, arg)) { |
| 43 | fprintf(stderr, "Bad group: '%s'\n", arg); |
| 44 | exit(1); |
| 45 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 46 | } |
| 47 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 48 | static void use_caps(struct minijail *j, const char *arg) |
| 49 | { |
| 50 | uint64_t caps; |
| 51 | char *end = NULL; |
| 52 | caps = strtoull(arg, &end, 16); |
| 53 | if (*end) { |
| 54 | fprintf(stderr, "Invalid cap set: '%s'\n", arg); |
| 55 | exit(1); |
| 56 | } |
| 57 | minijail_use_caps(j, caps); |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 58 | } |
| 59 | |
Jorge Lucangeli Obes | c8b21e1 | 2014-06-13 14:26:16 -0700 | [diff] [blame] | 60 | static void add_binding(struct minijail *j, char *arg) |
| 61 | { |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 62 | char *src = strtok(arg, ","); |
Elly Jones | 5ba42b5 | 2011-12-07 13:31:43 -0500 | [diff] [blame] | 63 | char *dest = strtok(NULL, ","); |
| 64 | char *flags = strtok(NULL, ","); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 65 | if (!src || !dest) { |
| 66 | fprintf(stderr, "Bad binding: %s %s\n", src, dest); |
| 67 | exit(1); |
| 68 | } |
| 69 | if (minijail_bind(j, src, dest, flags ? atoi(flags) : 0)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 70 | fprintf(stderr, "minijail_bind failed.\n"); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 71 | exit(1); |
| 72 | } |
| 73 | } |
| 74 | |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 75 | static void add_mount(struct minijail *j, char *arg) |
| 76 | { |
| 77 | char *src = strtok(arg, ","); |
| 78 | char *dest = strtok(NULL, ","); |
| 79 | char *type = strtok(NULL, ","); |
| 80 | char *flags = strtok(NULL, ","); |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 81 | char *data = strtok(NULL, ","); |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 82 | if (!src || !dest || !type) { |
| 83 | fprintf(stderr, "Bad mount: %s %s %s\n", src, dest, type); |
| 84 | exit(1); |
| 85 | } |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 86 | if (minijail_mount_with_data(j, src, dest, type, |
| 87 | flags ? strtoul(flags, NULL, 16) : 0, data)) { |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 88 | fprintf(stderr, "minijail_mount failed.\n"); |
| 89 | exit(1); |
| 90 | } |
| 91 | } |
| 92 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 93 | static void usage(const char *progn) |
| 94 | { |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 95 | size_t i; |
| 96 | |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 97 | printf("Usage: %s [-GhiIlnprstUv]\n" |
| 98 | " [-b <src>,<dest>[,<writeable>]] [-f <file>]" |
| 99 | " [-c <caps>] [-C <dir>] [-g <group>] [-u <user>]\n" |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 100 | " [-S <file>] [-k <src>,<dest>,<type>[,<flags>][,<data>]] [-T <type>]\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 101 | " [-m \"<uid> <loweruid> <count>[,<uid> <loweruid> <count>]\"]\n" |
| 102 | " [-M \"<gid> <lowergid> <count>[,<uid> <loweruid> <count>]\"]\n" |
| 103 | " <program> [args...]\n" |
| 104 | " -a <table>: Use alternate syscall table <table>.\n" |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 105 | " -b: Bind <src> to <dest> in chroot.\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 106 | " Multiple instances allowed.\n" |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 107 | " -k: Mount <src> at <dest> in chroot.\n" |
Dylan Reid | 81e2397 | 2016-05-18 14:06:35 -0700 | [diff] [blame] | 108 | " <flags> and <data> can be specified as in mount(2).\n" |
| 109 | " Multiple instances allowed.\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 110 | " -c <caps>: Restrict caps to <caps>.\n" |
| 111 | " -C <dir>: chroot(2) to <dir>.\n" |
| 112 | " Not compatible with -P.\n" |
| 113 | " -e[file]: Enter new network namespace, or existing one if 'file' is provided.\n" |
| 114 | " -f <file>: Write the pid of the jailed process to <file>.\n" |
| 115 | " -G: Inherit supplementary groups from uid.\n" |
| 116 | " -g <group>: Change gid to <group>.\n" |
| 117 | " -h: Help (this message).\n" |
| 118 | " -H: Seccomp filter help message.\n" |
| 119 | " -i: Exit immediately after fork (do not act as init).\n" |
| 120 | " Not compatible with -p.\n" |
| 121 | " -I: Run <program> as init (pid 1) inside a new pid namespace (implies -p).\n" |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 122 | " -K: Don't mark all existing mounts as MS_PRIVATE.\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 123 | " -l: Enter new IPC namespace.\n" |
| 124 | " -L: Report blocked syscalls to syslog when using seccomp filter.\n" |
Kees Cook | 03b2af2 | 2014-12-18 17:11:13 -0800 | [diff] [blame] | 125 | " Forces the following syscalls to be allowed:\n" |
| 126 | " ", progn); |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 127 | for (i = 0; i < log_syscalls_len; i++) |
| 128 | printf("%s ", log_syscalls[i]); |
| 129 | |
| 130 | printf("\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 131 | " -m: Set the uid mapping of a user namespace (implies -pU).\n" |
Yu-Hsi Chiang | 1912c5b | 2015-08-31 18:59:49 +0800 | [diff] [blame] | 132 | " Same arguments as newuidmap(1), multiple mappings should be separated by ',' (comma).\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 133 | " Not compatible with -b without the 'writable' option.\n" |
| 134 | " -M: Set the gid mapping of a user namespace (implies -pU).\n" |
Yu-Hsi Chiang | 1912c5b | 2015-08-31 18:59:49 +0800 | [diff] [blame] | 135 | " Same arguments as newgidmap(1), multiple mappings should be separated by ',' (comma).\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 136 | " Not compatible with -b without the 'writable' option.\n" |
| 137 | " -n: Set no_new_privs.\n" |
Dylan Reid | 4cbc2a5 | 2016-06-17 19:06:07 -0700 | [diff] [blame] | 138 | " -N: Enter a new cgroup namespace.\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 139 | " -p: Enter new pid namespace (implies -vr).\n" |
| 140 | " -P <dir>: pivot_root(2) to <dir> (implies -v).\n" |
| 141 | " Not compatible with -C.\n" |
| 142 | " -r: Remount /proc read-only (implies -v).\n" |
| 143 | " -s: Use seccomp.\n" |
| 144 | " -S <file>: Set seccomp filter using <file>.\n" |
| 145 | " E.g., '-S /usr/share/filters/<prog>.$(uname -m)'.\n" |
| 146 | " Requires -n when not running as root.\n" |
| 147 | " -t: Mount tmpfs at /tmp inside chroot.\n" |
Jorge Lucangeli Obes | 768d42b | 2016-02-17 10:28:25 -0800 | [diff] [blame] | 148 | " -T <type>: Don't access <program> before execve(2), assume <type> ELF binary.\n" |
| 149 | " <type> must be 'static' or 'dynamic'.\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 150 | " -u <user>: Change uid to <user>.\n" |
Brian Norris | 3b5841b | 2016-03-16 16:43:49 -0700 | [diff] [blame] | 151 | " -U: Enter new user namespace (implies -p).\n" |
Jorge Lucangeli Obes | 9dd256e | 2016-02-16 15:31:02 -0800 | [diff] [blame] | 152 | " -v: Enter new mount namespace.\n" |
| 153 | " -V <file>: Enter specified mount namespace.\n"); |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 154 | } |
| 155 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 156 | static void seccomp_filter_usage(const char *progn) |
| 157 | { |
| 158 | const struct syscall_entry *entry = syscall_table; |
| 159 | printf("Usage: %s -S <policy.file> <program> [args...]\n\n" |
| 160 | "System call names supported:\n", progn); |
| 161 | for (; entry->name && entry->nr >= 0; ++entry) |
| 162 | printf(" %s [%d]\n", entry->name, entry->nr); |
| 163 | printf("\nSee minijail0(5) for example policies.\n"); |
Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 164 | } |
| 165 | |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 166 | static int parse_args(struct minijail *j, int argc, char *argv[], |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 167 | int *exit_immediately, ElfType *elftype) |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 168 | { |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 169 | int opt; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 170 | int use_seccomp_filter = 0; |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 171 | int binding = 0; |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 172 | int pivot_root = 0, chroot = 0; |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 173 | int mount_ns = 0, skip_remount = 0; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 174 | const size_t path_max = 4096; |
| 175 | const char *filter_path; |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 176 | if (argc > 1 && argv[1][0] != '-') |
| 177 | return 1; |
Jorge Lucangeli Obes | 5471450 | 2015-09-30 10:08:45 -0700 | [diff] [blame] | 178 | while ((opt = getopt(argc, argv, |
Dylan Reid | 4cbc2a5 | 2016-06-17 19:06:07 -0700 | [diff] [blame] | 179 | "u:g:sS:c:C:P:b:V:f:m:M:k:a:e::T:vrGhHinNplLtIUK")) |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 180 | != -1) { |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 181 | switch (opt) { |
| 182 | case 'u': |
| 183 | set_user(j, optarg); |
| 184 | break; |
| 185 | case 'g': |
| 186 | set_group(j, optarg); |
| 187 | break; |
Jorge Lucangeli Obes | c2c9bcc | 2012-05-01 09:30:24 -0700 | [diff] [blame] | 188 | case 'n': |
| 189 | minijail_no_new_privs(j); |
Jorge Lucangeli Obes | 0341d6c | 2012-07-16 15:27:31 -0700 | [diff] [blame] | 190 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 191 | case 's': |
| 192 | minijail_use_seccomp(j); |
| 193 | break; |
| 194 | case 'S': |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 195 | minijail_use_seccomp_filter(j); |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 196 | if (strlen(optarg) >= path_max) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 197 | fprintf(stderr, "Filter path is too long.\n"); |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 198 | exit(1); |
| 199 | } |
| 200 | filter_path = strndup(optarg, path_max); |
| 201 | if (!filter_path) { |
| 202 | fprintf(stderr, |
| 203 | "Could not strndup(3) filter path.\n"); |
| 204 | exit(1); |
| 205 | } |
| 206 | use_seccomp_filter = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 207 | break; |
Dylan Reid | f794247 | 2015-11-18 17:55:26 -0800 | [diff] [blame] | 208 | case 'l': |
| 209 | minijail_namespace_ipc(j); |
| 210 | break; |
Jorge Lucangeli Obes | bda833c | 2012-07-31 16:25:56 -0700 | [diff] [blame] | 211 | case 'L': |
| 212 | minijail_log_seccomp_filter_failures(j); |
| 213 | break; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 214 | case 'b': |
| 215 | add_binding(j, optarg); |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 216 | binding = 1; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 217 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 218 | case 'c': |
| 219 | use_caps(j, optarg); |
| 220 | break; |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 221 | case 'C': |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 222 | if (pivot_root) { |
| 223 | fprintf(stderr, "Could not set chroot because " |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 224 | "'-P' was specified.\n"); |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 225 | exit(1); |
| 226 | } |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 227 | if (0 != minijail_enter_chroot(j, optarg)) { |
| 228 | fprintf(stderr, "Could not set chroot.\n"); |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 229 | exit(1); |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 230 | } |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 231 | chroot = 1; |
| 232 | break; |
Dylan Reid | 648b220 | 2015-10-23 00:50:00 -0700 | [diff] [blame] | 233 | case 'k': |
| 234 | add_mount(j, optarg); |
| 235 | break; |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 236 | case 'K': |
| 237 | minijail_skip_remount_private(j); |
| 238 | skip_remount = 1; |
| 239 | break; |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 240 | case 'P': |
| 241 | if (chroot) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 242 | fprintf(stderr, |
| 243 | "Could not set pivot_root because " |
| 244 | "'-C' was specified.\n"); |
Yu-Hsi Chiang | 64d65a7 | 2015-08-13 17:43:27 +0800 | [diff] [blame] | 245 | exit(1); |
| 246 | } |
| 247 | if (0 != minijail_enter_pivot_root(j, optarg)) { |
| 248 | fprintf(stderr, "Could not set pivot_root.\n"); |
| 249 | exit(1); |
| 250 | } |
| 251 | minijail_namespace_vfs(j); |
| 252 | pivot_root = 1; |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 253 | break; |
Yu-Hsi Chiang | 3cc05ea | 2015-08-11 11:23:17 +0800 | [diff] [blame] | 254 | case 'f': |
| 255 | if (0 != minijail_write_pid_file(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 256 | fprintf(stderr, |
| 257 | "Could not prepare pid file path.\n"); |
Yu-Hsi Chiang | 3cc05ea | 2015-08-11 11:23:17 +0800 | [diff] [blame] | 258 | exit(1); |
| 259 | } |
| 260 | break; |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 261 | case 't': |
| 262 | minijail_mount_tmp(j); |
Elly Jones | 51a5b6c | 2011-10-12 19:09:26 -0400 | [diff] [blame] | 263 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 264 | case 'v': |
| 265 | minijail_namespace_vfs(j); |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 266 | mount_ns = 1; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 267 | break; |
Jorge Lucangeli Obes | 1563b5b | 2014-07-10 07:01:53 -0700 | [diff] [blame] | 268 | case 'V': |
| 269 | minijail_namespace_enter_vfs(j, optarg); |
| 270 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 271 | case 'r': |
Dylan Reid | 791f577 | 2015-09-14 20:02:42 -0700 | [diff] [blame] | 272 | minijail_remount_proc_readonly(j); |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 273 | break; |
| 274 | case 'G': |
| 275 | minijail_inherit_usergroups(j); |
| 276 | break; |
Dylan Reid | 4cbc2a5 | 2016-06-17 19:06:07 -0700 | [diff] [blame] | 277 | case 'N': |
| 278 | minijail_namespace_cgroups(j); |
| 279 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 280 | case 'p': |
| 281 | minijail_namespace_pids(j); |
| 282 | break; |
Elly Fong-Jones | 6c08630 | 2013-03-20 17:15:28 -0400 | [diff] [blame] | 283 | case 'e': |
Dylan Reid | 1102f5a | 2015-09-15 11:52:20 -0700 | [diff] [blame] | 284 | if (optarg) |
| 285 | minijail_namespace_enter_net(j, optarg); |
| 286 | else |
| 287 | minijail_namespace_net(j); |
Elly Fong-Jones | 6c08630 | 2013-03-20 17:15:28 -0400 | [diff] [blame] | 288 | break; |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 289 | case 'i': |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 290 | *exit_immediately = 1; |
| 291 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 292 | case 'H': |
| 293 | seccomp_filter_usage(argv[0]); |
| 294 | exit(1); |
Yu-Hsi Chiang | 3e954ec | 2015-07-28 16:48:14 +0800 | [diff] [blame] | 295 | case 'I': |
| 296 | minijail_namespace_pids(j); |
| 297 | minijail_run_as_init(j); |
| 298 | break; |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 299 | case 'U': |
| 300 | minijail_namespace_user(j); |
| 301 | minijail_namespace_pids(j); |
| 302 | break; |
| 303 | case 'm': |
| 304 | minijail_namespace_user(j); |
| 305 | minijail_namespace_pids(j); |
| 306 | if (0 != minijail_uidmap(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 307 | fprintf(stderr, "Could not set uidmap.\n"); |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 308 | exit(1); |
| 309 | } |
| 310 | break; |
| 311 | case 'M': |
| 312 | minijail_namespace_user(j); |
| 313 | minijail_namespace_pids(j); |
| 314 | if (0 != minijail_gidmap(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 315 | fprintf(stderr, "Could not set gidmap.\n"); |
Yu-Hsi Chiang | 10e9123 | 2015-08-05 14:40:45 +0800 | [diff] [blame] | 316 | exit(1); |
| 317 | } |
| 318 | break; |
Andrew Bresticker | eac2894 | 2015-11-11 16:04:46 -0800 | [diff] [blame] | 319 | case 'a': |
| 320 | if (0 != minijail_use_alt_syscall(j, optarg)) { |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 321 | fprintf(stderr, |
| 322 | "Could not set alt-syscall table.\n"); |
Andrew Bresticker | eac2894 | 2015-11-11 16:04:46 -0800 | [diff] [blame] | 323 | exit(1); |
| 324 | } |
| 325 | break; |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 326 | case 'T': |
| 327 | if (!strcmp(optarg, "static")) |
| 328 | *elftype = ELFSTATIC; |
| 329 | else if (!strcmp(optarg, "dynamic")) |
| 330 | *elftype = ELFDYNAMIC; |
| 331 | else { |
Jorge Lucangeli Obes | 768d42b | 2016-02-17 10:28:25 -0800 | [diff] [blame] | 332 | fprintf(stderr, "ELF type must be 'static' or " |
| 333 | "'dynamic'.\n"); |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 334 | exit(1); |
| 335 | } |
| 336 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 337 | default: |
| 338 | usage(argv[0]); |
| 339 | exit(1); |
| 340 | } |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 341 | if (optind < argc && argv[optind][0] != '-') |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 342 | break; |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 343 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 344 | |
Jorge Lucangeli Obes | 2b12ba4 | 2016-01-26 10:37:51 -0800 | [diff] [blame] | 345 | /* Only allow bind mounts when entering a chroot or using pivot_root. */ |
| 346 | if (binding && !(chroot || pivot_root)) { |
| 347 | fprintf(stderr, "Can't add bind mounts without chroot or" |
| 348 | " pivot_root.\n"); |
| 349 | exit(1); |
| 350 | } |
| 351 | |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 352 | /* |
Jorge Lucangeli Obes | a521bee | 2016-03-03 13:47:57 -0800 | [diff] [blame] | 353 | * Remounting / as MS_PRIVATE only happens when entering a new mount |
| 354 | * namespace, so skipping it only applies in that case. |
| 355 | */ |
| 356 | if (skip_remount && !mount_ns) { |
| 357 | fprintf(stderr, "Can't skip marking mounts as MS_PRIVATE" |
| 358 | " without mount namespaces.\n"); |
| 359 | exit(1); |
| 360 | } |
| 361 | |
| 362 | /* |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 363 | * We parse seccomp filters here to make sure we've collected all |
| 364 | * cmdline options. |
| 365 | */ |
| 366 | if (use_seccomp_filter) { |
| 367 | minijail_parse_seccomp_filters(j, filter_path); |
| 368 | free((void*)filter_path); |
| 369 | } |
| 370 | |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 371 | if (argc == optind) { |
| 372 | usage(argv[0]); |
| 373 | exit(1); |
| 374 | } |
Lee Campbell | 11af062 | 2014-05-22 12:36:04 -0700 | [diff] [blame] | 375 | |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 376 | return optind; |
| 377 | } |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 378 | |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 379 | int main(int argc, char *argv[]) |
| 380 | { |
| 381 | struct minijail *j = minijail_new(); |
Jorge Lucangeli Obes | d99a40d | 2016-01-26 13:50:44 -0800 | [diff] [blame] | 382 | const char *dl_mesg = NULL; |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 383 | int exit_immediately = 0; |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 384 | ElfType elftype = ELFERROR; |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 385 | int consumed = parse_args(j, argc, argv, &exit_immediately, &elftype); |
Elly Fong-Jones | f65c9fe | 2013-01-22 13:55:02 -0500 | [diff] [blame] | 386 | argc -= consumed; |
| 387 | argv += consumed; |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 388 | |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 389 | if (elftype == ELFERROR) { |
| 390 | /* |
| 391 | * -T was not specified. |
| 392 | * Get the path to the program adjusted for changing root. |
| 393 | */ |
| 394 | char *program_path = minijail_get_original_path(j, argv[0]); |
Dylan Reid | 08946cc | 2015-09-16 19:10:57 -0700 | [diff] [blame] | 395 | |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 396 | /* Check that we can access the target program. */ |
| 397 | if (access(program_path, X_OK)) { |
| 398 | fprintf(stderr, |
| 399 | "Target program '%s' is not accessible.\n", |
| 400 | argv[0]); |
| 401 | return 1; |
| 402 | } |
| 403 | |
| 404 | /* Check if target is statically or dynamically linked. */ |
| 405 | elftype = get_elf_linkage(program_path); |
| 406 | free(program_path); |
Elly Fong-Jones | 6d71785 | 2013-03-19 16:29:03 -0400 | [diff] [blame] | 407 | } |
Jorge Lucangeli Obes | 482cb9d | 2014-07-23 15:16:04 -0700 | [diff] [blame] | 408 | |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 409 | if (elftype == ELFSTATIC) { |
Jorge Lucangeli Obes | 5471450 | 2015-09-30 10:08:45 -0700 | [diff] [blame] | 410 | /* |
| 411 | * Target binary is statically linked so we cannot use |
| 412 | * libminijailpreload.so. |
| 413 | */ |
| 414 | minijail_run_no_preload(j, argv[0], argv); |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 415 | } else if (elftype == ELFDYNAMIC) { |
| 416 | /* |
| 417 | * Target binary is dynamically linked so we can |
| 418 | * inject libminijailpreload.so into it. |
| 419 | */ |
| 420 | |
| 421 | /* Check that we can dlopen() libminijailpreload.so. */ |
| 422 | if (!dlopen(PRELOADPATH, RTLD_LAZY | RTLD_LOCAL)) { |
Matthew Dempsky | 2ed0912 | 2016-02-11 09:43:37 -0800 | [diff] [blame] | 423 | dl_mesg = dlerror(); |
| 424 | fprintf(stderr, "dlopen(): %s\n", dl_mesg); |
| 425 | return 1; |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 426 | } |
| 427 | minijail_run(j, argv[0], argv); |
| 428 | } else { |
Jorge Lucangeli Obes | 2f61ee4 | 2014-06-16 11:08:18 -0700 | [diff] [blame] | 429 | fprintf(stderr, |
| 430 | "Target program '%s' is not a valid ELF file.\n", |
| 431 | argv[0]); |
Jorge Lucangeli Obes | 4b2d5ee | 2014-01-09 15:47:47 -0800 | [diff] [blame] | 432 | return 1; |
| 433 | } |
Lee Campbell | 1e4fc6a | 2014-06-06 17:40:02 -0700 | [diff] [blame] | 434 | |
Christopher Wiley | 88f76a7 | 2013-11-01 14:12:56 -0700 | [diff] [blame] | 435 | if (exit_immediately) { |
| 436 | info("not running init loop, exiting immediately"); |
| 437 | return 0; |
| 438 | } |
Elly Jones | e1749eb | 2011-10-07 13:54:59 -0400 | [diff] [blame] | 439 | return minijail_wait(j); |
Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 440 | } |