diff options
author | Toni Uhlig <matzeton@googlemail.com> | 2018-05-16 14:11:54 +0200 |
---|---|---|
committer | Toni Uhlig <matzeton@googlemail.com> | 2018-05-16 14:11:54 +0200 |
commit | e97d33d7b6a80daf4508dba7c69e96f7977ce436 (patch) | |
tree | bd844bcaa5860dc557ae28ea9408fce359b67bc7 /src/jail.c | |
parent | ffdf43212d29d38e51e067c04891c600f5318c01 (diff) |
POTD skeleton #57.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/jail.c')
-rw-r--r-- | src/jail.c | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -233,7 +233,7 @@ static int jail_childfn(prisoner_process *ctx) int s, master_fd; int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC| CLONE_NEWNS|CLONE_NEWNET/*|CLONE_NEWUSER*/; - unsigned int ug_map[3] = { 0, 10000, 65535 }; + //unsigned int ug_map[3] = { 0, 10000, 65535 }; pid_t self_pid, child_pid; assert(ctx); @@ -247,11 +247,12 @@ static int jail_childfn(prisoner_process *ctx) if (!ctx->newroot) FATAL("New root set for pid %d", self_pid); + if (clearenv()) + FATAL("Clearing ENV for pid %d", self_pid); + D2("Unshare prisoner %d", self_pid); if (unshare(unshare_flags)) FATAL("Unshare prisoner %d", self_pid); - if (update_uid_map(getpid(), ug_map)) - FATAL("UID mapping for %d", getpid()); D2("Safe change root to: '%s'", ctx->newroot); if (safe_chroot(ctx->newroot)) @@ -308,6 +309,14 @@ static int jail_childfn(prisoner_process *ctx) case 0: if (mount_proc(path_proc)) exit(EXIT_FAILURE); +/* + if (update_setgroups_self(0)) + exit(EXIT_FAILURE); + if (update_guid_map(getpid(), ug_map, 0)) + exit(EXIT_FAILURE); + if (update_guid_map(getpid(), ug_map, 1)) + exit(EXIT_FAILURE); +*/ if (close_fds_except(0, 1, 2, -1)) exit(EXIT_FAILURE); if (execl(path_shell, path_shell, (char *) NULL)) |