Changeset View
Changeset View
Standalone View
Standalone View
sandbox-capsicum.c
Show All 18 Lines | |||||
#ifdef SANDBOX_CAPSICUM | #ifdef SANDBOX_CAPSICUM | ||||
#include <sys/types.h> | #include <sys/types.h> | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/time.h> | #include <sys/time.h> | ||||
#include <sys/resource.h> | #include <sys/resource.h> | ||||
#include <sys/capsicum.h> | #include <sys/capsicum.h> | ||||
#include <errno.h> | #include <errno.h> | ||||
#include <stdarg.h> | #include <stdarg.h> | ||||
#include <stdio.h> | #include <stdio.h> | ||||
#include <stdlib.h> | #include <stdlib.h> | ||||
#include <string.h> | #include <string.h> | ||||
#include <unistd.h> | #include <unistd.h> | ||||
#include <capsicum_helpers.h> | |||||
cem: Probably sort capsicum_helpers.h with or even after libc headers, rather than before. | |||||
Not Done Inline ActionsI see capsicum_helpers.h refers to libc headers (time.h, unistd.h, etc.). naito.yuichiro_gmail.com: I see `capsicum_helpers.h` refers to libc headers (time.h, unistd.h, etc.).
It seems that… | |||||
#include "log.h" | #include "log.h" | ||||
#include "monitor.h" | #include "monitor.h" | ||||
#include "ssh-sandbox.h" | #include "ssh-sandbox.h" | ||||
#include "xmalloc.h" | #include "xmalloc.h" | ||||
/* | /* | ||||
* Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits, | * Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits, | ||||
Show All 23 Lines | ssh_sandbox_init(struct monitor *monitor) | ||||
return box; | return box; | ||||
} | } | ||||
void | void | ||||
ssh_sandbox_child(struct ssh_sandbox *box) | ssh_sandbox_child(struct ssh_sandbox *box) | ||||
{ | { | ||||
struct rlimit rl_zero; | struct rlimit rl_zero; | ||||
cap_rights_t rights; | cap_rights_t rights; | ||||
caph_cache_tzdata(); | |||||
Not Done Inline ActionsMaybe spell as caph_cache_tzdata() instead. It does the same thing but shows intent without the comment. cem: Maybe spell as `caph_cache_tzdata()` instead. It does the same thing but shows intent without… | |||||
Not Done Inline ActionsIndeed. I'll fix this. naito.yuichiro_gmail.com: Indeed. I'll fix this.
| |||||
rl_zero.rlim_cur = rl_zero.rlim_max = 0; | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||||
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) | if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) | ||||
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", | fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", | ||||
__func__, strerror(errno)); | __func__, strerror(errno)); | ||||
#ifndef SANDBOX_SKIP_RLIMIT_NOFILE | #ifndef SANDBOX_SKIP_RLIMIT_NOFILE | ||||
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) | if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) | ||||
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", | fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", | ||||
▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines |
Probably sort capsicum_helpers.h with or even after libc headers, rather than before.