summaryrefslogtreecommitdiffstats
path: root/sandbox/linux/seccomp/trusted_process.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/linux/seccomp/trusted_process.cc')
-rw-r--r--sandbox/linux/seccomp/trusted_process.cc29
1 files changed, 11 insertions, 18 deletions
diff --git a/sandbox/linux/seccomp/trusted_process.cc b/sandbox/linux/seccomp/trusted_process.cc
index b4bee94..3686277 100644
--- a/sandbox/linux/seccomp/trusted_process.cc
+++ b/sandbox/linux/seccomp/trusted_process.cc
@@ -21,7 +21,7 @@ SecureMem::Args* Sandbox::getSecureMem() {
return NULL;
}
-void Sandbox::trustedProcess(int parentProc, int processFdPub, int sandboxFd,
+void Sandbox::trustedProcess(int parentMapsFd, int processFdPub, int sandboxFd,
int cloneFd, SecureMem::Args* secureArena) {
std::map<long long, struct Thread> threads;
SysCalls sys;
@@ -99,7 +99,7 @@ newThreadCreated:
// Dispatch system call to handler function. Treat both exit() and clone()
// specially.
- if (syscallTable[header.sysnum].trustedProcess(parentProc,
+ if (syscallTable[header.sysnum].trustedProcess(parentMapsFd,
sandboxFd,
currentThread->fdPub,
currentThread->fd,
@@ -117,7 +117,7 @@ newThreadCreated:
}
}
-void Sandbox::initializeProtectedMap(int fd) {
+int Sandbox::initializeProtectedMap(int fd) {
int mapsFd;
if (!getFd(fd, &mapsFd, NULL, NULL, NULL)) {
maps_failure:
@@ -152,8 +152,6 @@ void Sandbox::initializeProtectedMap(int fd) {
}
truncated = strchr(line, '\n') == NULL;
}
- SysCalls sys;
- NOINTR_SYS(sys.close(mapsFd));
// Prevent low address memory allocations. Some buggy kernels allow those
if (protectedMap_[0] < (64 << 10)) {
@@ -161,9 +159,12 @@ void Sandbox::initializeProtectedMap(int fd) {
}
// Let the sandbox know that we are done parsing the memory map.
+ SysCalls sys;
if (write(sys, fd, &mapsFd, sizeof(mapsFd)) != sizeof(mapsFd)) {
goto maps_failure;
}
+
+ return mapsFd;
}
SecureMem::Args* Sandbox::createTrustedProcess(int processFdPub, int sandboxFd,
@@ -189,13 +190,6 @@ SecureMem::Args* Sandbox::createTrustedProcess(int processFdPub, int sandboxFd,
syscall_mutex_ = 0x80000000;
- // Hold on to a file handle in the parent's process directory. We can use
- // this later to reliably tell if the parent died.
- int parentProc = open("/proc/self/", O_RDONLY|O_DIRECTORY);
- if (parentProc < 0) {
- die("Failed to access /proc/self");
- }
-
// Create a trusted process that can evaluate system call parameters and
// decide whether a system call should execute. This process runs outside of
// the seccomp sandbox. It communicates with the sandbox'd process through
@@ -211,7 +205,7 @@ SecureMem::Args* Sandbox::createTrustedProcess(int processFdPub, int sandboxFd,
// If we don't know the list of our open file handles, just try closing
// all valid ones.
for (int fd = sysconf(_SC_OPEN_MAX); --fd > 2; ) {
- if (fd != parentProc && fd != sandboxFd && fd != cloneFd) {
+ if (fd != sandboxFd && fd != cloneFd) {
close(fd);
}
}
@@ -224,8 +218,7 @@ SecureMem::Args* Sandbox::createTrustedProcess(int processFdPub, int sandboxFd,
continue;
int fd = atoi(res->d_name);
if (fd > 2 &&
- fd != parentProc && fd != sandboxFd && fd != cloneFd &&
- fd != dirfd(dir)) {
+ fd != sandboxFd && fd != cloneFd && fd != dirfd(dir)) {
close(fd);
}
}
@@ -241,15 +234,15 @@ SecureMem::Args* Sandbox::createTrustedProcess(int processFdPub, int sandboxFd,
#endif
}
- initializeProtectedMap(sandboxFd);
- trustedProcess(parentProc, processFdPub, sandboxFd, cloneFd, secureArena);
+ int parentMapsFd = initializeProtectedMap(sandboxFd);
+ trustedProcess(parentMapsFd, processFdPub, sandboxFd,
+ cloneFd, secureArena);
die();
}
// We are still in the untrusted code. Deny access to restricted resources.
mprotect(secureArena, 8192*kMaxThreads, PROT_NONE);
mprotect(&syscall_mutex_, 4096, PROT_NONE);
- close(parentProc);
close(sandboxFd);
return secureArena;
generated by cgit v1.1 at 2025-10-13 23:15:56 +0000