socsvn commit: r256914 - soc2013/dpl/head/lib/libzcap

Wed Sep 4 21:18:22 UTC 2013

Author: dpl
Date: Wed Sep  4 21:18:22 2013
New Revision: 256914
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=256914

Log:
  Simplified capsicum.h. Now it doesn't include other files, except what is needed. Also, it has been guarded.
  Also, I'm working on the infrastructure of the sandbox.
  

Modified:
  soc2013/dpl/head/lib/libzcap/capsicum.c
  soc2013/dpl/head/lib/libzcap/capsicum.h
  soc2013/dpl/head/lib/libzcap/zconf.h

Modified: soc2013/dpl/head/lib/libzcap/capsicum.c
==============================================================================

--- soc2013/dpl/head/lib/libzcap/capsicum.c	Wed Sep  4 20:55:56 2013	(r256913)
+++ soc2013/dpl/head/lib/libzcap/capsicum.c	Wed Sep  4 21:18:22 2013	(r256914)
@@ -1,10 +1,12 @@
 #include "capsicum.h"
 #include "zlib.h"
 
+#include <sys/capability.h>
+#include <sys/ioctl.h>
+#include <sys/procdesc.h>
 #include <sys/queue.h>
-#include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/ioctl.h>
+#include <sys/types.h>
 
 #include <nv.h>
 #include <signal.h>
@@ -13,8 +15,8 @@
 #include <stdio.h>
 #include <err.h>
 
-extern struct sandbox;
-extern struct slisthead sandboxes;
+struct sandbox;
+struct slisthead sandboxes;
 
 struct sandbox * startSandbox(void *data);
 int stopSandbox(struct sandbox *sandbox);
@@ -56,12 +58,12 @@
 int
 stopSandbox(struct sandbox *sandbox)
 {
-	int sandboxpid;
+	int pid;
 
-	if ((sandboxpid = pdgetpid(sandbox->pd)) < 0)
+	if (pdgetpid(sandbox->pd, &pid) < 0)
 		err(1, "Couldn't get child PID");
 
-	if (kill(SIGKILL, sandboxpid) < 0)
+	if (kill(SIGKILL, pid) < 0)
 		err(1, "Couldn't kill child");
 
 	SLIST_REMOVE(&sandboxes, sandbox, entry, entries);
@@ -72,14 +74,15 @@
 void
 startNullSandbox(void)
 {
+	struct sandbox newsandbox;
 	if (!slist_initiated) {
 		sandboxes = SLIST_HEAD_INITIALIZER(head);
 		SLIST_INIT(&sandboxes);
 		/* Here we add a sandbox used for non-structure related stuff */
 		/* This will be the first sandbox always */
 		if (SLIST_EMPTY(&sandboxes)) {
-			newsandbox = startChild(newsandbox, NULL);
-			SLIST_INSERT_HEAD(&sandboxes, newsandbox, entries);
+			newsandbox = startChild(NULL);
+			SLIST_INSERT_HEAD(sandboxes, newsandbox, entries);
 		}
 	}
 	slist_initiated = 1;
@@ -112,7 +115,7 @@
 	int procd, sv[2];
 	struct sandbox *newsandbox;
 
-	if ((newsandbox = malloc(sizeof (struct sandbox)) == NULL)
+	if ((newsandbox = malloc(sizeof (struct sandbox))) == NULL)
 		err(1, "Couldn't allocate memory for sandboxes");
 
 	sv[0] = sv[1] = 0;
@@ -120,7 +123,7 @@
 		perror("zcaplib: socketpair()");
 
 	procd = pdfork();
-	if (pid == 0 ){
+	if (procd == 0 ){
 		if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0)
 			err(1, "Couldn't limit rights");
 		if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE|CAP_FSTAT) < 0)
@@ -137,20 +140,23 @@
 			err(1, "Couldn't find zlibworker.");
 		}
 		exit(0);
-	} else if (pid == -1) {
+	} else if (procd == -1) {
 		err(1, "Couldn't fork");
 	} else {
 		close(sv[1]);
 		signal(SIGCHLD, suicide);
 		atexit(killChild);
-		sandbox->dataptr = data;
-		sandbox->pd = procd;
-		sandbox->socket = sv[0];
+		newsandbox->dataptr = data;
+		newsandbox->pd = procd;
+		newsandbox->socket = sv[0];
 	}
 }
 
 void killChild(void) {
-	kill(pid, SIGKILL);
+	int pid;
+	SLIST_FOREACH(sandbox, &sandboxes, entries)
+		if (pdgetpid(sandbox->pd, &pid) > 0)
+			kill(SIGKILL, pid)
 }
 void suicide(int signal) {
 	kill(getpid(), SIGKILL);

Modified: soc2013/dpl/head/lib/libzcap/capsicum.h
==============================================================================
--- soc2013/dpl/head/lib/libzcap/capsicum.h	Wed Sep  4 20:55:56 2013	(r256913)
+++ soc2013/dpl/head/lib/libzcap/capsicum.h	Wed Sep  4 21:18:22 2013	(r256914)
@@ -1,20 +1,12 @@
 /*
  * We're using Capsicum!
  */
-#define CAPSICUM
-#include <sys/capability.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/socket.h>
-
-#include <dnv.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <nv.h>
-#include <unistd.h>
+#ifndef CAPSICUM_H
+#define CAPSICUM_H
 
-#include "commands.h"
+#include <sys/queue.h>
 
+#include <nv.h>
 
 #define MAXLEN (5*1024)
 
@@ -41,3 +33,5 @@
 	int socket;			/* Socket we have to pass the data through */
 	SLIST_ENTRY(entry)	entries;	/* Singly-linked list. */
 };
+
+#endif	/* CAPSICUM_H */
\ No newline at end of file

Modified: soc2013/dpl/head/lib/libzcap/zconf.h
==============================================================================
--- soc2013/dpl/head/lib/libzcap/zconf.h	Wed Sep  4 20:55:56 2013	(r256913)
+++ soc2013/dpl/head/lib/libzcap/zconf.h	Wed Sep  4 21:18:22 2013	(r256914)
@@ -480,7 +480,6 @@
 /*
  * This is hard-configured for FreeBSD.
  */
-#include "capsicum.h"
 #define  z_off_t  off_t
 #ifndef _FILE_OFFSET_BITS
 #define _FILE_OFFSET_BITS 64
