Blame - minijail0.c - platform/external/minijail

blob: b0daed2b5887d5dff04b7691adcc3cd5c0bb7809 [file] [log] [blame]

Elly Jones	e58176c	2012-01-23 11:46:17 -0500	[diff] [blame]	1	/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	2	* Use of this source code is governed by a BSD-style license that can be
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	3	* found in the LICENSE file.
				4	*/
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	5
Jorge Lucangeli Obes	4b2d5ee	2014-01-09 15:47:47 -0800	[diff] [blame]	6	#include <dlfcn.h>
Stephen Barber	5dd5b1b	2017-10-16 23:02:39 -0700	[diff] [blame]	7	#include <errno.h>
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	8	#include <getopt.h>
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	9	#include <stdio.h>
				10	#include <stdlib.h>
				11	#include <string.h>
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	12	#include <sys/capability.h>
				13	#include <sys/types.h>
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	14	#include <unistd.h>
				15
				16	#include "libminijail.h"
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	17	#include "libsyscalls.h"
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	18
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	19	#include "elfparse.h"
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	20	#include "system.h"
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	21	#include "util.h"
				22
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	23	#define IDMAP_LEN 32U
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	24	#define DEFAULT_TMP_SIZE (64 * 1024 * 1024)
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	25
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	26	static void set_user(struct minijail j, const char arg, uid_t *out_uid,
				27	gid_t *out_gid)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	28	{
				29	char *end = NULL;
				30	int uid = strtod(arg, &end);
				31	if (!end && arg) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	32	*out_uid = uid;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	33	minijail_change_uid(j, uid);
				34	return;
				35	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	36
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	37	if (lookup_user(arg, out_uid, out_gid)) {
				38	fprintf(stderr, "Bad user: '%s'\n", arg);
				39	exit(1);
				40	}
				41
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	42	if (minijail_change_user(j, arg)) {
				43	fprintf(stderr, "Bad user: '%s'\n", arg);
				44	exit(1);
				45	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	46	}
				47
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	48	static void set_group(struct minijail j, const char arg, gid_t *out_gid)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	49	{
				50	char *end = NULL;
				51	int gid = strtod(arg, &end);
				52	if (!end && arg) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	53	*out_gid = gid;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	54	minijail_change_gid(j, gid);
				55	return;
				56	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	57
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	58	if (lookup_group(arg, out_gid)) {
				59	fprintf(stderr, "Bad group: '%s'\n", arg);
				60	exit(1);
				61	}
				62
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	63	if (minijail_change_group(j, arg)) {
				64	fprintf(stderr, "Bad group: '%s'\n", arg);
				65	exit(1);
				66	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	67	}
				68
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	69	static void skip_securebits(struct minijail j, const char arg)
				70	{
				71	uint64_t securebits_skip_mask;
				72	char *end = NULL;
				73	securebits_skip_mask = strtoull(arg, &end, 16);
				74	if (*end) {
				75	fprintf(stderr, "Invalid securebit mask: '%s'\n", arg);
				76	exit(1);
				77	}
				78	minijail_skip_setting_securebits(j, securebits_skip_mask);
				79	}
				80
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	81	static void use_caps(struct minijail j, const char arg)
				82	{
				83	uint64_t caps;
				84	char *end = NULL;
				85	caps = strtoull(arg, &end, 16);
				86	if (*end) {
				87	fprintf(stderr, "Invalid cap set: '%s'\n", arg);
				88	exit(1);
				89	}
				90	minijail_use_caps(j, caps);
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	91	}
				92
Jorge Lucangeli Obes	c8b21e1	2014-06-13 14:26:16 -0700	[diff] [blame]	93	static void add_binding(struct minijail j, char arg)
				94	{
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	95	char *src = strtok(arg, ",");
Elly Jones	5ba42b5	2011-12-07 13:31:43 -0500	[diff] [blame]	96	char *dest = strtok(NULL, ",");
				97	char *flags = strtok(NULL, ",");
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	98	if (!src \|\| !dest) {
				99	fprintf(stderr, "Bad binding: %s %s\n", src, dest);
				100	exit(1);
				101	}
				102	if (minijail_bind(j, src, dest, flags ? atoi(flags) : 0)) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	103	fprintf(stderr, "minijail_bind failed.\n");
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	104	exit(1);
				105	}
				106	}
				107
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	108	static void add_rlimit(struct minijail j, char arg)
				109	{
				110	char *type = strtok(arg, ",");
				111	char *cur = strtok(NULL, ",");
				112	char *max = strtok(NULL, ",");
				113	if (!type \|\| !cur \|\| !max) {
				114	fprintf(stderr, "Bad rlimit '%s'.\n", arg);
				115	exit(1);
				116	}
				117	if (minijail_rlimit(j, atoi(type), atoi(cur), atoi(max))) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	118	fprintf(stderr, "minijail_rlimit '%s,%s,%s' failed.\n", type,
				119	cur, max);
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	120	exit(1);
				121	}
				122	}
				123
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	124	static void add_mount(struct minijail j, char arg)
				125	{
				126	char *src = strtok(arg, ",");
				127	char *dest = strtok(NULL, ",");
				128	char *type = strtok(NULL, ",");
				129	char *flags = strtok(NULL, ",");
Dylan Reid	81e2397	2016-05-18 14:06:35 -0700	[diff] [blame]	130	char *data = strtok(NULL, ",");
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	131	if (!src \|\| !dest \|\| !type) {
				132	fprintf(stderr, "Bad mount: %s %s %s\n", src, dest, type);
				133	exit(1);
				134	}
Dylan Reid	81e2397	2016-05-18 14:06:35 -0700	[diff] [blame]	135	if (minijail_mount_with_data(j, src, dest, type,
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	136	flags ? strtoul(flags, NULL, 16) : 0,
				137	data)) {
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	138	fprintf(stderr, "minijail_mount failed.\n");
				139	exit(1);
				140	}
				141	}
				142
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	143	static char *build_idmap(id_t id, id_t lowerid)
				144	{
				145	int ret;
				146	char *idmap = malloc(IDMAP_LEN);
				147	ret = snprintf(idmap, IDMAP_LEN, "%d %d 1", id, lowerid);
				148	if (ret < 0 \|\| (size_t)ret >= IDMAP_LEN) {
				149	free(idmap);
				150	fprintf(stderr, "Could not build id map.\n");
				151	exit(1);
				152	}
				153	return idmap;
				154	}
				155
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	156	static int has_cap_setgid()
				157	{
				158	cap_t caps;
				159	cap_flag_value_t cap_value;
				160
				161	if (!CAP_IS_SUPPORTED(CAP_SETGID))
				162	return 0;
				163
				164	caps = cap_get_proc();
				165	if (!caps) {
				166	fprintf(stderr, "Could not get process' capabilities: %m\n");
				167	exit(1);
				168	}
				169
				170	if (cap_get_flag(caps, CAP_SETGID, CAP_EFFECTIVE, &cap_value)) {
				171	fprintf(stderr, "Could not get the value of CAP_SETGID: %m\n");
				172	exit(1);
				173	}
				174
				175	if (cap_free(caps)) {
				176	fprintf(stderr, "Could not free capabilities: %m\n");
				177	exit(1);
				178	}
				179
				180	return cap_value == CAP_SET;
				181	}
				182
				183	static void set_ugid_mapping(struct minijail *j, int set_uidmap, uid_t uid,
				184	char *uidmap, int set_gidmap, gid_t gid,
				185	char *gidmap)
				186	{
				187	if (set_uidmap) {
				188	minijail_namespace_user(j);
				189	minijail_namespace_pids(j);
				190
				191	if (!uidmap) {
				192	/*
				193	* If no map is passed, map the current uid to the
				194	* chosen uid in the target namespace (or root, if none
				195	* was chosen).
				196	*/
				197	uidmap = build_idmap(uid, getuid());
				198	}
				199	if (0 != minijail_uidmap(j, uidmap)) {
				200	fprintf(stderr, "Could not set uid map.\n");
				201	exit(1);
				202	}
				203	free(uidmap);
				204	}
				205	if (set_gidmap) {
				206	minijail_namespace_user(j);
				207	minijail_namespace_pids(j);
				208
				209	if (!gidmap) {
				210	/*
				211	* If no map is passed, map the current gid to the
				212	* chosen gid in the target namespace.
				213	*/
				214	gidmap = build_idmap(gid, getgid());
				215	}
				216	if (!has_cap_setgid()) {
				217	/*
				218	* This means that we are not running as root,
				219	* so we also have to disable setgroups(2) to
				220	* be able to set the gid map.
				221	* See
				222	* http://man7.org/linux/man-pages/man7/user_namespaces.7.html
				223	*/
				224	minijail_namespace_user_disable_setgroups(j);
				225	}
				226	if (0 != minijail_gidmap(j, gidmap)) {
				227	fprintf(stderr, "Could not set gid map.\n");
				228	exit(1);
				229	}
				230	free(gidmap);
				231	}
				232	}
				233
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	234	static void use_chroot(struct minijail j, const char path, int *chroot,
				235	int pivot_root)
				236	{
				237	if (pivot_root) {
				238	fprintf(stderr, "Could not set chroot because "
				239	"'-P' was specified.\n");
				240	exit(1);
				241	}
				242	if (minijail_enter_chroot(j, path)) {
				243	fprintf(stderr, "Could not set chroot.\n");
				244	exit(1);
				245	}
				246	*chroot = 1;
				247	}
				248
				249	static void use_pivot_root(struct minijail j, const char path,
				250	int *pivot_root, int chroot)
				251	{
				252	if (chroot) {
				253	fprintf(stderr, "Could not set pivot_root because "
				254	"'-C' was specified.\n");
				255	exit(1);
				256	}
				257	if (minijail_enter_pivot_root(j, path)) {
				258	fprintf(stderr, "Could not set pivot_root.\n");
				259	exit(1);
				260	}
				261	minijail_namespace_vfs(j);
				262	*pivot_root = 1;
				263	}
				264
				265	static void use_profile(struct minijail j, const char profile,
				266	int pivot_root, int chroot, size_t tmp_size)
				267	{
				268	if (!strcmp(profile, "minimalistic-mountns")) {
				269	minijail_namespace_vfs(j);
				270	if (minijail_bind(j, "/", "/", 0)) {
				271	fprintf(stderr, "minijail_bind failed.\n");
				272	exit(1);
				273	}
				274	if (minijail_bind(j, "/proc", "/proc", 0)) {
				275	fprintf(stderr, "minijail_bind failed.\n");
				276	exit(1);
				277	}
				278	minijail_mount_dev(j);
				279	if (!*tmp_size) {
				280	/* Avoid clobbering \|tmp_size\| if it was already set. */
				281	*tmp_size = DEFAULT_TMP_SIZE;
				282	}
				283	minijail_remount_proc_readonly(j);
				284	use_pivot_root(j, "/var/empty", pivot_root, chroot);
				285	} else {
				286	fprintf(stderr, "Unrecognized profile name '%s'\n", profile);
				287	exit(1);
				288	}
				289	}
				290
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	291	static void usage(const char *progn)
				292	{
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	293	size_t i;
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	294	/* clang-format off */
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	295	printf("Usage: %s [-dGhHiIKlLnNprRstUvyYz]\n"
Jorge Lucangeli Obes	a32e839	2016-09-01 16:52:40 -0400	[diff] [blame]	296	" [-a <table>]\n"
				297	" [-b <src>,<dest>[,<writeable>]] [-k <src>,<dest>,<type>[,<flags>][,<data>]]\n"
				298	" [-c <caps>] [-C <dir>] [-P <dir>] [-e[file]] [-f <file>] [-g <group>]\n"
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	299	" [-m[<uid> <loweruid> <count>]] [-M[<gid> <lowergid> <count>]] [--profile <name>]\n"
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	300	" [-R <type,cur,max>] [-S <file>] [-t[size]] [-T <type>] [-u <user>] [-V <file>]\n"
Jorge Lucangeli Obes	9dd256e	2016-02-16 15:31:02 -0800	[diff] [blame]	301	" <program> [args...]\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	302	" -a <table>: Use alternate syscall table <table>.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	303	" -b <...>: Bind <src> to <dest> in chroot.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	304	" Multiple instances allowed.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	305	" -B <mask>: Skip setting securebits in <mask> when restricting capabilities (-c).\n"
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	306	" By default, SECURE_NOROOT, SECURE_NO_SETUID_FIXUP, and \n"
				307	" SECURE_KEEP_CAPS (together with their respective locks) are set.\n"
Mike Frysinger	eaab420	2017-08-14 14:57:21 -0400	[diff] [blame]	308	" -k <...>: Mount <src> at <dest> in chroot.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	309	" <flags> and <data> can be specified as in mount(2).\n"
				310	" Multiple instances allowed.\n"
				311	" -c <caps>: Restrict caps to <caps>.\n"
				312	" -C <dir>: chroot(2) to <dir>.\n"
				313	" Not compatible with -P.\n"
				314	" -P <dir>: pivot_root(2) to <dir> (implies -v).\n"
				315	" Not compatible with -C.\n"
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	316	" --mount-dev, Create a new /dev with a minimal set of device nodes (implies -v).\n"
Luis Hector Chavez	d775f4c	2017-10-25 11:36:57 -0700	[diff] [blame]	317	" -d: See the minijail0(1) man page for the exact set.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	318	" -e[file]: Enter new network namespace, or existing one if \|file\| is provided.\n"
				319	" -f <file>: Write the pid of the jailed process to <file>.\n"
				320	" -g <group>: Change gid to <group>.\n"
				321	" -G: Inherit supplementary groups from uid.\n"
				322	" Not compatible with -y.\n"
				323	" -y: Keep uid's supplementary groups.\n"
				324	" Not compatible with -G.\n"
				325	" -h: Help (this message).\n"
				326	" -H: Seccomp filter help message.\n"
				327	" -i: Exit immediately after fork (do not act as init).\n"
				328	" -I: Run <program> as init (pid 1) inside a new pid namespace (implies -p).\n"
				329	" -K: Don't mark all existing mounts as MS_PRIVATE.\n"
				330	" -l: Enter new IPC namespace.\n"
				331	" -L: Report blocked syscalls to syslog when using seccomp filter.\n"
				332	" Forces the following syscalls to be allowed:\n"
Kees Cook	03b2af2	2014-12-18 17:11:13 -0800	[diff] [blame]	333	" ", progn);
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	334	/* clang-format on */
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	335	for (i = 0; i < log_syscalls_len; i++)
				336	printf("%s ", log_syscalls[i]);
				337
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	338	/* clang-format off */
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	339	printf("\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	340	" -m[map]: Set the uid map of a user namespace (implies -pU).\n"
				341	" Same arguments as newuidmap(1), multiple mappings should be separated by ',' (comma).\n"
				342	" With no mapping, map the current uid to root inside the user namespace.\n"
				343	" Not compatible with -b without the 'writable' option.\n"
				344	" -M[map]: Set the gid map of a user namespace (implies -pU).\n"
				345	" Same arguments as newgidmap(1), multiple mappings should be separated by ',' (comma).\n"
				346	" With no mapping, map the current gid to root inside the user namespace.\n"
				347	" Not compatible with -b without the 'writable' option.\n"
				348	" -n: Set no_new_privs.\n"
				349	" -N: Enter a new cgroup namespace.\n"
				350	" -p: Enter new pid namespace (implies -vr).\n"
				351	" -r: Remount /proc read-only (implies -v).\n"
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	352	" -R: Set rlimits, can be specified multiple times.\n"
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	353	" -s: Use seccomp mode 1 (not the same as -S).\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	354	" -S <file>: Set seccomp filter using <file>.\n"
				355	" E.g., '-S /usr/share/filters/<prog>.$(uname -m)'.\n"
				356	" Requires -n when not running as root.\n"
				357	" -t[size]: Mount tmpfs at /tmp (implies -v).\n"
				358	" Optional argument specifies size (default \"64M\").\n"
Graziano Misuraca	58602a8	2017-08-28 17:33:15 -0700	[diff] [blame]	359	" -T <type>: Assume <program> is a <type> ELF binary; <type> can be 'static' or 'dynamic'.\n"
				360	" This will avoid accessing <program> binary before execve(2).\n"
				361	" Type 'static' will avoid preload hooking.\n"
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	362	" -u <user>: Change uid to <user>.\n"
				363	" -U: Enter new user namespace (implies -p).\n"
				364	" -v: Enter new mount namespace.\n"
				365	" -V <file>: Enter specified mount namespace.\n"
				366	" -w: Create and join a new anonymous session keyring.\n"
				367	" -Y: Synchronize seccomp filters across thread group.\n"
				368	" -z: Don't forward signals to jailed process.\n"
				369	" --ambient: Raise ambient capabilities. Requires -c.\n"
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	370	" --uts[=name]: Enter a new UTS namespace (and set hostname).\n"
				371	" --logging=<s>:Use <s> as the logging system.\n"
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	372	" <s> must be 'syslog' (default) or 'stderr'.\n"
				373	" --profile <p>,Configure minijail0 to run with the <p> sandboxing profile,\n"
				374	" which is a convenient way to express multiple flags\n"
				375	" that are typically used together.\n"
				376	" See the minijail0(1) man page for the full list.\n");
Luis Hector Chavez	fb449ab	2016-10-14 09:49:22 -0700	[diff] [blame]	377	/* clang-format on */
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	378	}
				379
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	380	static void seccomp_filter_usage(const char *progn)
				381	{
				382	const struct syscall_entry *entry = syscall_table;
				383	printf("Usage: %s -S <policy.file> <program> [args...]\n\n"
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	384	"System call names supported:\n",
				385	progn);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	386	for (; entry->name && entry->nr >= 0; ++entry)
				387	printf(" %s [%d]\n", entry->name, entry->nr);
				388	printf("\nSee minijail0(5) for example policies.\n");
Will Drewry	32ac9f5	2011-08-18 21:36:27 -0500	[diff] [blame]	389	}
				390
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	391	static int parse_args(struct minijail j, int argc, char argv[],
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	392	int exit_immediately, ElfType elftype)
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	393	{
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	394	int opt;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	395	int use_seccomp_filter = 0;
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	396	int forward = 1;
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	397	int binding = 0;
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	398	int chroot = 0, pivot_root = 0;
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	399	int mount_ns = 0, skip_remount = 0;
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	400	int inherit_suppl_gids = 0, keep_suppl_gids = 0;
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	401	int caps = 0, ambient_caps = 0;
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	402	int seccomp = -1;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	403	const size_t path_max = 4096;
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	404	uid_t uid = 0;
				405	gid_t gid = 0;
				406	char uidmap = NULL, gidmap = NULL;
				407	int set_uidmap = 0, set_gidmap = 0;
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	408	size_t tmp_size = 0;
Luis Hector Chavez	95582e7	2017-09-05 09:13:25 -0700	[diff] [blame]	409	const char *filter_path = NULL;
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	410	int log_to_stderr = 0;
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	411
				412	const char *optstring =
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	413	"+u:g:sS:c:C:P:b:B:V:f:m::M::k:a:e::R:T:vrGhHinNplLt::IUKwyYzd";
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	414	/* clang-format off */
				415	const struct option long_options[] = {
Mike Frysinger	227c291	2017-10-04 14:27:04 -0400	[diff] [blame]	416	{"help", no_argument, 0, 'h'},
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	417	{"mount-dev", no_argument, 0, 'd'},
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	418	{"ambient", no_argument, 0, 128},
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	419	{"uts", optional_argument, 0, 129},
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	420	{"logging", required_argument, 0, 130},
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	421	{"profile", required_argument, 0, 131},
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	422	{0, 0, 0, 0},
				423	};
				424	/* clang-format on */
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	425
Mike Frysinger	99becbd	2017-10-04 14:26:52 -0400	[diff] [blame]	426	while ((opt = getopt_long(argc, argv, optstring, long_options, NULL)) !=
				427	-1) {
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	428	switch (opt) {
				429	case 'u':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	430	set_user(j, optarg, &uid, &gid);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	431	break;
				432	case 'g':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	433	set_group(j, optarg, &gid);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	434	break;
Jorge Lucangeli Obes	c2c9bcc	2012-05-01 09:30:24 -0700	[diff] [blame]	435	case 'n':
				436	minijail_no_new_privs(j);
Jorge Lucangeli Obes	0341d6c	2012-07-16 15:27:31 -0700	[diff] [blame]	437	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	438	case 's':
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	439	if (seccomp != -1 && seccomp != 1) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	440	fprintf(stderr,
				441	"Do not use -s & -S together.\n");
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	442	exit(1);
				443	}
				444	seccomp = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	445	minijail_use_seccomp(j);
				446	break;
				447	case 'S':
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	448	if (seccomp != -1 && seccomp != 2) {
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	449	fprintf(stderr,
				450	"Do not use -s & -S together.\n");
Mike Frysinger	e61fd66	2017-06-20 14:07:41 -0400	[diff] [blame]	451	exit(1);
				452	}
				453	seccomp = 2;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	454	minijail_use_seccomp_filter(j);
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	455	if (strlen(optarg) >= path_max) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	456	fprintf(stderr, "Filter path is too long.\n");
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	457	exit(1);
				458	}
				459	filter_path = strndup(optarg, path_max);
				460	if (!filter_path) {
				461	fprintf(stderr,
				462	"Could not strndup(3) filter path.\n");
				463	exit(1);
				464	}
				465	use_seccomp_filter = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	466	break;
Dylan Reid	f794247	2015-11-18 17:55:26 -0800	[diff] [blame]	467	case 'l':
				468	minijail_namespace_ipc(j);
				469	break;
Jorge Lucangeli Obes	bda833c	2012-07-31 16:25:56 -0700	[diff] [blame]	470	case 'L':
				471	minijail_log_seccomp_filter_failures(j);
				472	break;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	473	case 'b':
				474	add_binding(j, optarg);
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	475	binding = 1;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	476	break;
Luis Hector Chavez	ec0a2c1	2017-06-29 20:29:57 -0700	[diff] [blame]	477	case 'B':
				478	skip_securebits(j, optarg);
				479	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	480	case 'c':
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	481	caps = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	482	use_caps(j, optarg);
				483	break;
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	484	case 'C':
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	485	use_chroot(j, optarg, &chroot, pivot_root);
Yu-Hsi Chiang	64d65a7	2015-08-13 17:43:27 +0800	[diff] [blame]	486	break;
Dylan Reid	648b220	2015-10-23 00:50:00 -0700	[diff] [blame]	487	case 'k':
				488	add_mount(j, optarg);
				489	break;
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	490	case 'K':
				491	minijail_skip_remount_private(j);
				492	skip_remount = 1;
				493	break;
Yu-Hsi Chiang	64d65a7	2015-08-13 17:43:27 +0800	[diff] [blame]	494	case 'P':
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	495	use_pivot_root(j, optarg, &pivot_root, chroot);
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	496	break;
Yu-Hsi Chiang	3cc05ea	2015-08-11 11:23:17 +0800	[diff] [blame]	497	case 'f':
				498	if (0 != minijail_write_pid_file(j, optarg)) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	499	fprintf(stderr,
				500	"Could not prepare pid file path.\n");
Yu-Hsi Chiang	3cc05ea	2015-08-11 11:23:17 +0800	[diff] [blame]	501	exit(1);
				502	}
				503	break;
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	504	case 't':
Mike Frysinger	ec7def2	2017-01-13 18:44:45 -0500	[diff] [blame]	505	minijail_namespace_vfs(j);
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	506	if (!tmp_size) {
				507	/*
				508	* Avoid clobbering \|tmp_size\| if it was already
				509	* set.
				510	*/
				511	tmp_size = DEFAULT_TMP_SIZE;
				512	}
				513	if (optarg != NULL &&
				514	0 != parse_size(&tmp_size, optarg)) {
Martin Pelikán	ab9eb44	2017-01-25 11:53:58 +1100	[diff] [blame]	515	fprintf(stderr, "Invalid /tmp tmpfs size.\n");
				516	exit(1);
				517	}
Elly Jones	51a5b6c	2011-10-12 19:09:26 -0400	[diff] [blame]	518	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	519	case 'v':
				520	minijail_namespace_vfs(j);
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	521	mount_ns = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	522	break;
Jorge Lucangeli Obes	1563b5b	2014-07-10 07:01:53 -0700	[diff] [blame]	523	case 'V':
				524	minijail_namespace_enter_vfs(j, optarg);
				525	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	526	case 'r':
Dylan Reid	791f577	2015-09-14 20:02:42 -0700	[diff] [blame]	527	minijail_remount_proc_readonly(j);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	528	break;
				529	case 'G':
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	530	if (keep_suppl_gids) {
				531	fprintf(stderr,
				532	"-y and -G are not compatible.\n");
				533	exit(1);
				534	}
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	535	minijail_inherit_usergroups(j);
Lutz Justen	13807cb	2017-01-03 17:11:55 +0100	[diff] [blame]	536	inherit_suppl_gids = 1;
				537	break;
				538	case 'y':
				539	if (inherit_suppl_gids) {
				540	fprintf(stderr,
				541	"-y and -G are not compatible.\n");
				542	exit(1);
				543	}
				544	minijail_keep_supplementary_gids(j);
				545	keep_suppl_gids = 1;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	546	break;
Dylan Reid	4cbc2a5	2016-06-17 19:06:07 -0700	[diff] [blame]	547	case 'N':
				548	minijail_namespace_cgroups(j);
				549	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	550	case 'p':
				551	minijail_namespace_pids(j);
				552	break;
Elly Fong-Jones	6c08630	2013-03-20 17:15:28 -0400	[diff] [blame]	553	case 'e':
Dylan Reid	1102f5a	2015-09-15 11:52:20 -0700	[diff] [blame]	554	if (optarg)
				555	minijail_namespace_enter_net(j, optarg);
				556	else
				557	minijail_namespace_net(j);
Elly Fong-Jones	6c08630	2013-03-20 17:15:28 -0400	[diff] [blame]	558	break;
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	559	case 'i':
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	560	*exit_immediately = 1;
				561	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	562	case 'H':
				563	seccomp_filter_usage(argv[0]);
				564	exit(1);
Yu-Hsi Chiang	3e954ec	2015-07-28 16:48:14 +0800	[diff] [blame]	565	case 'I':
				566	minijail_namespace_pids(j);
				567	minijail_run_as_init(j);
				568	break;
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	569	case 'U':
				570	minijail_namespace_user(j);
				571	minijail_namespace_pids(j);
				572	break;
				573	case 'm':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	574	set_uidmap = 1;
				575	if (uidmap) {
				576	free(uidmap);
				577	uidmap = NULL;
Jorge Lucangeli Obes	ab6fa6f	2016-08-04 15:42:48 -0400	[diff] [blame]	578	}
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	579	if (optarg)
				580	uidmap = strdup(optarg);
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	581	break;
				582	case 'M':
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	583	set_gidmap = 1;
				584	if (gidmap) {
				585	free(gidmap);
				586	gidmap = NULL;
Jorge Lucangeli Obes	200299c	2016-09-23 15:21:57 -0400	[diff] [blame]	587	}
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	588	if (optarg)
				589	gidmap = strdup(optarg);
Yu-Hsi Chiang	10e9123	2015-08-05 14:40:45 +0800	[diff] [blame]	590	break;
Andrew Bresticker	eac2894	2015-11-11 16:04:46 -0800	[diff] [blame]	591	case 'a':
				592	if (0 != minijail_use_alt_syscall(j, optarg)) {
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	593	fprintf(stderr,
				594	"Could not set alt-syscall table.\n");
Andrew Bresticker	eac2894	2015-11-11 16:04:46 -0800	[diff] [blame]	595	exit(1);
				596	}
				597	break;
Dylan Reid	0f72ef4	2017-06-06 15:42:49 -0700	[diff] [blame]	598	case 'R':
				599	add_rlimit(j, optarg);
				600	break;
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	601	case 'T':
				602	if (!strcmp(optarg, "static"))
				603	*elftype = ELFSTATIC;
				604	else if (!strcmp(optarg, "dynamic"))
				605	*elftype = ELFDYNAMIC;
				606	else {
Jorge Lucangeli Obes	768d42b	2016-02-17 10:28:25 -0800	[diff] [blame]	607	fprintf(stderr, "ELF type must be 'static' or "
				608	"'dynamic'.\n");
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	609	exit(1);
				610	}
				611	break;
Chirantan Ekbote	866bb3a	2017-02-07 12:26:42 -0800	[diff] [blame]	612	case 'w':
				613	minijail_new_session_keyring(j);
				614	break;
Jorge Lucangeli Obes	1365061	2016-09-02 11:27:29 -0400	[diff] [blame]	615	case 'Y':
				616	minijail_set_seccomp_filter_tsync(j);
				617	break;
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	618	case 'z':
				619	forward = 0;
				620	break;
Mike Frysinger	33ffef3	2017-01-13 19:53:19 -0500	[diff] [blame]	621	case 'd':
				622	minijail_namespace_vfs(j);
				623	minijail_mount_dev(j);
				624	break;
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	625	/* Long options. */
				626	case 128: /* Ambient caps. */
				627	ambient_caps = 1;
				628	minijail_set_ambient_caps(j);
				629	break;
Mike Frysinger	b9a7b16	2017-05-30 15:25:49 -0400	[diff] [blame]	630	case 129: /* UTS/hostname namespace. */
				631	minijail_namespace_uts(j);
				632	if (optarg)
				633	minijail_namespace_set_hostname(j, optarg);
				634	break;
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	635	case 130: /* Logging. */
				636	if (!strcmp(optarg, "syslog"))
				637	log_to_stderr = 0;
				638	else if (!strcmp(optarg, "stderr")) {
				639	log_to_stderr = 1;
				640	} else {
				641	fprintf(stderr, "--logger must be 'syslog' or "
				642	"'stderr'.\n");
				643	exit(1);
				644	}
				645	break;
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	646	case 131: /* Profile */
				647	use_profile(j, optarg, &pivot_root, chroot, &tmp_size);
				648	break;
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	649	default:
				650	usage(argv[0]);
Mike Frysinger	227c291	2017-10-04 14:27:04 -0400	[diff] [blame]	651	exit(opt == 'h' ? 0 : 1);
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	652	}
				653	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	654
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	655	if (log_to_stderr) {
				656	init_logging(LOG_TO_FD, STDERR_FILENO, LOG_INFO);
				657	/*
				658	* When logging to stderr, ensure the FD survives the jailing.
				659	*/
				660	if (0 !=
				661	minijail_preserve_fd(j, STDERR_FILENO, STDERR_FILENO)) {
				662	fprintf(stderr, "Could not preserve stderr.\n");
				663	exit(1);
				664	}
				665	}
				666
Luis Hector Chavez	7132355	2017-09-05 09:17:22 -0700	[diff] [blame]	667	/* Set up uid/gid mapping. */
				668	if (set_uidmap \|\| set_gidmap) {
				669	set_ugid_mapping(j, set_uidmap, uid, uidmap, set_gidmap, gid,
				670	gidmap);
				671	}
				672
Jorge Lucangeli Obes	a6eb21a	2017-04-20 10:44:00 -0400	[diff] [blame]	673	/* Can only set ambient caps when using regular caps. */
				674	if (ambient_caps && !caps) {
				675	fprintf(stderr, "Can't set ambient capabilities (--ambient) "
				676	"without actually using capabilities (-c).\n");
				677	exit(1);
				678	}
				679
Jorge Lucangeli Obes	dba6209	2017-05-18 17:10:23 -0400	[diff] [blame]	680	/* Set up signal handlers in minijail unless asked not to. */
				681	if (forward)
				682	minijail_forward_signals(j);
				683
Mike Frysinger	ac08a68	2017-10-10 02:04:50 -0400	[diff] [blame]	684	/*
				685	* Only allow bind mounts when entering a chroot, using pivot_root, or
				686	* a new mount namespace.
				687	*/
				688	if (binding && !(chroot \|\| pivot_root \|\| mount_ns)) {
				689	fprintf(stderr, "Bind mounts require a chroot, pivot_root, or "
				690	" new mount namespace.\n");
Jorge Lucangeli Obes	2b12ba4	2016-01-26 10:37:51 -0800	[diff] [blame]	691	exit(1);
				692	}
				693
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	694	/*
Jorge Lucangeli Obes	a521bee	2016-03-03 13:47:57 -0800	[diff] [blame]	695	* Remounting / as MS_PRIVATE only happens when entering a new mount
				696	* namespace, so skipping it only applies in that case.
				697	*/
				698	if (skip_remount && !mount_ns) {
				699	fprintf(stderr, "Can't skip marking mounts as MS_PRIVATE"
				700	" without mount namespaces.\n");
				701	exit(1);
				702	}
				703
				704	/*
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	705	* We parse seccomp filters here to make sure we've collected all
				706	* cmdline options.
				707	*/
				708	if (use_seccomp_filter) {
				709	minijail_parse_seccomp_filters(j, filter_path);
Jorge Lucangeli Obes	0b20877	2017-04-19 14:15:46 -0400	[diff] [blame]	710	free((void *)filter_path);
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	711	}
				712
Luis Hector Chavez	d45fc42	2017-10-25 15:11:53 -0700	[diff] [blame]	713	/* Mount a tmpfs under /tmp and set its size. */
				714	if (tmp_size)
				715	minijail_mount_tmp_size(j, tmp_size);
				716
Luis Hector Chavez	fe5fb8e	2017-06-29 10:41:27 -0700	[diff] [blame]	717	/*
				718	* There should be at least one additional unparsed argument: the
				719	* executable name.
				720	*/
Elly Jones	e1749eb	2011-10-07 13:54:59 -0400	[diff] [blame]	721	if (argc == optind) {
				722	usage(argv[0]);
				723	exit(1);
				724	}
Lee Campbell	11af062	2014-05-22 12:36:04 -0700	[diff] [blame]	725
Luis Hector Chavez	fe5fb8e	2017-06-29 10:41:27 -0700	[diff] [blame]	726	if (*elftype == ELFERROR) {
				727	/*
				728	* -T was not specified.
				729	* Get the path to the program adjusted for changing root.
				730	*/
				731	char *program_path =
				732	minijail_get_original_path(j, argv[optind]);
				733
				734	/* Check that we can access the target program. */
				735	if (access(program_path, X_OK)) {
				736	fprintf(stderr,
				737	"Target program '%s' is not accessible.\n",
				738	argv[optind]);
				739	exit(1);
				740	}
				741
				742	/* Check if target is statically or dynamically linked. */
				743	*elftype = get_elf_linkage(program_path);
				744	free(program_path);
				745	}
				746
				747	/*
				748	* Setting capabilities need either a dynamically-linked binary, or the
				749	* use of ambient capabilities for them to be able to survive an
				750	* execve(2).
				751	*/
				752	if (caps && *elftype == ELFSTATIC && !ambient_caps) {
				753	fprintf(stderr, "Can't run statically-linked binaries with "
				754	"capabilities (-c) without also setting "
				755	"ambient capabilities. Try passing "
				756	"--ambient.\n");
				757	exit(1);
				758	}
				759
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	760	return optind;
				761	}
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	762
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	763	int main(int argc, char *argv[])
				764	{
				765	struct minijail *j = minijail_new();
Jorge Lucangeli Obes	d99a40d	2016-01-26 13:50:44 -0800	[diff] [blame]	766	const char *dl_mesg = NULL;
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	767	int exit_immediately = 0;
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	768	ElfType elftype = ELFERROR;
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	769	int consumed = parse_args(j, argc, argv, &exit_immediately, &elftype);
Elly Fong-Jones	f65c9fe	2013-01-22 13:55:02 -0500	[diff] [blame]	770	argc -= consumed;
				771	argv += consumed;
Jorge Lucangeli Obes	482cb9d	2014-07-23 15:16:04 -0700	[diff] [blame]	772
Stephen Barber	5dd5b1b	2017-10-16 23:02:39 -0700	[diff] [blame]	773	/*
				774	* Make the process group ID of this process equal to its PID.
				775	* In the non-interactive case (e.g. when minijail0 is started from
				776	* init) this ensures the parent process and the jailed process
				777	* can be killed together.
				778	*
				779	* Don't fail on EPERM, since setpgid(0, 0) can only EPERM when
				780	* the process is already a process group leader.
				781	*/
				782	if (setpgid(0 /* use calling PID /, 0 / make PGID = PID */)) {
				783	if (errno != EPERM) {
				784	fprintf(stderr, "setpgid(0, 0) failed\n");
				785	exit(1);
				786	}
				787	}
				788
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	789	if (elftype == ELFSTATIC) {
Jorge Lucangeli Obes	5471450	2015-09-30 10:08:45 -0700	[diff] [blame]	790	/*
				791	* Target binary is statically linked so we cannot use
				792	* libminijailpreload.so.
				793	*/
				794	minijail_run_no_preload(j, argv[0], argv);
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	795	} else if (elftype == ELFDYNAMIC) {
				796	/*
				797	* Target binary is dynamically linked so we can
				798	* inject libminijailpreload.so into it.
				799	*/
				800
				801	/* Check that we can dlopen() libminijailpreload.so. */
				802	if (!dlopen(PRELOADPATH, RTLD_LAZY \| RTLD_LOCAL)) {
Matthew Dempsky	2ed0912	2016-02-11 09:43:37 -0800	[diff] [blame]	803	dl_mesg = dlerror();
				804	fprintf(stderr, "dlopen(): %s\n", dl_mesg);
				805	return 1;
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	806	}
				807	minijail_run(j, argv[0], argv);
				808	} else {
Jorge Lucangeli Obes	2f61ee4	2014-06-16 11:08:18 -0700	[diff] [blame]	809	fprintf(stderr,
				810	"Target program '%s' is not a valid ELF file.\n",
				811	argv[0]);
Jorge Lucangeli Obes	4b2d5ee	2014-01-09 15:47:47 -0800	[diff] [blame]	812	return 1;
				813	}
Lee Campbell	1e4fc6a	2014-06-06 17:40:02 -0700	[diff] [blame]	814
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	815	if (exit_immediately) {
Luis Hector Chavez	114a930	2017-09-05 20:36:58 -0700	[diff] [blame]	816	info("not running init loop, exiting immediately\n");
Christopher Wiley	88f76a7	2013-11-01 14:12:56 -0700	[diff] [blame]	817	return 0;
				818	}
lhchavez	6c8d820	2017-09-01 03:55:11 +0000	[diff] [blame]	819	int ret = minijail_wait(j);
				820	#if defined(__SANITIZE_ADDRESS__)
				821	minijail_destroy(j);
				822	#endif /* __SANITIZE_ADDRESS__ */
				823	return ret;
Elly Jones	cd7a904	2011-07-22 13:56:51 -0400	[diff] [blame]	824	}