Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform / minijail / e1749eb93a119bf03b5b033d74c541dbb45be00e / . / minijail0.c
blob: ef7d5762d382282c7d2ca3daf0fd36a847b86790 [file] [log] [blame]
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]1/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
Will Drewry32ac9f52011-08-18 21:36:27 -0500[diff] [blame]3 * found in the LICENSE file.
4 */
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]5
6#include <stdio.h>
7#include <stdlib.h>
8#include <string.h>
9#include <unistd.h>
10
11#include "libminijail.h"
Will Drewry32ac9f52011-08-18 21:36:27 -0500[diff] [blame]12#include "libsyscalls.h"
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]13
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]14static void set_user(struct minijail *j, const char *arg)
15{
16 char *end = NULL;
17 int uid = strtod(arg, &end);
18 if (!*end && *arg) {
19 minijail_change_uid(j, uid);
20 return;
21 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]22
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]23 if (minijail_change_user(j, arg)) {
24 fprintf(stderr, "Bad user: '%s'\n", arg);
25 exit(1);
26 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]27}
28
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]29static void set_group(struct minijail *j, const char *arg)
30{
31 char *end = NULL;
32 int gid = strtod(arg, &end);
33 if (!*end && *arg) {
34 minijail_change_gid(j, gid);
35 return;
36 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]37
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]38 if (minijail_change_group(j, arg)) {
39 fprintf(stderr, "Bad group: '%s'\n", arg);
40 exit(1);
41 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]42}
43
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]44static void use_caps(struct minijail *j, const char *arg)
45{
46 uint64_t caps;
47 char *end = NULL;
48 caps = strtoull(arg, &end, 16);
49 if (*end) {
50 fprintf(stderr, "Invalid cap set: '%s'\n", arg);
51 exit(1);
52 }
53 minijail_use_caps(j, caps);
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]54}
55
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]56static void usage(const char *progn)
57{
58 printf("Usage: %s [options...] <program> [args...]\n"
59 " -c <caps>: restrict caps to <caps>\n"
60 " -G: inherit secondary groups from uid\n"
61 " -g <group>: change gid to <group>\n"
62 " -h: help (this message)\n"
63 " -H: seccomp filter help message\n"
64 " -p: use pid namespace\n"
65 " -r: remount filesystems readonly (implies -v)\n"
66 " -s: use seccomp\n"
67 " -S <file>: set seccomp filters using <file>\n"
68 " E.g., -S /usr/share/filters/<prog>.$(uname -m)\n"
69 " -u <user>: change uid to <user>\n"
70 " -v: use vfs namespace\n", progn);
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]71}
72
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]73static void seccomp_filter_usage(const char *progn)
74{
75 const struct syscall_entry *entry = syscall_table;
76 printf("Usage: %s -S <policy.file> <program> [args...]\n\n"
77 "System call names supported:\n", progn);
78 for (; entry->name && entry->nr >= 0; ++entry)
79 printf(" %s [%d]\n", entry->name, entry->nr);
80 printf("\nSee minijail0(5) for example policies.\n");
Will Drewry32ac9f52011-08-18 21:36:27 -0500[diff] [blame]81}
82
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]83int main(int argc, char *argv[])
84{
85 struct minijail *j = minijail_new();
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]86
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]87 int opt;
88 while ((opt = getopt(argc, argv, "u:g:sS:c:vrGhHp")) != -1) {
89 switch (opt) {
90 case 'u':
91 set_user(j, optarg);
92 break;
93 case 'g':
94 set_group(j, optarg);
95 break;
96 case 's':
97 minijail_use_seccomp(j);
98 break;
99 case 'S':
100 minijail_parse_seccomp_filters(j, optarg);
101 minijail_use_seccomp_filter(j);
102 break;
103 case 'c':
104 use_caps(j, optarg);
105 break;
106 case 'v':
107 minijail_namespace_vfs(j);
108 break;
109 case 'r':
110 minijail_remount_readonly(j);
111 break;
112 case 'G':
113 minijail_inherit_usergroups(j);
114 break;
115 case 'p':
116 minijail_namespace_pids(j);
117 break;
118 case 'H':
119 seccomp_filter_usage(argv[0]);
120 exit(1);
121 default:
122 usage(argv[0]);
123 exit(1);
124 }
125 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]126
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]127 if (argc == optind) {
128 usage(argv[0]);
129 exit(1);
130 }
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]131
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]132 argc -= optind;
133 argv += optind;
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]134
Elly Jonese1749eb2011-10-07 13:54:59 -0400[diff] [blame^]135 minijail_run(j, argv[0], argv);
136 return minijail_wait(j);
Elly Jonescd7a9042011-07-22 13:56:51 -0400[diff] [blame]137}