MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Get sandbox mostly working

This commit is contained in:
Radon Rosborough 2021-08-13 18:08:54 -07:00
parent cf7e5c470b
commit 50ade82e81
3 changed files with 53 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
backend/sandbox.js
View File

@ -51,12 +51,15 @@ async function main() {
} }
}); });
}); });
const args = privilegedPty( const args = [].concat.apply(
{ uuid }, ["riju-pty", "-f"],
bash( privilegedPty(
`env L='${lang}' LANG_CONFIG=${quote( { uuid },
JSON.stringify(langConfig) bash(
)} bash --rcfile <(cat <<< ${quote(sandboxScript)})` `env L='${lang}' LANG_CONFIG=${quote(
JSON.stringify(langConfig)
)} bash --rcfile <(cat <<< ${quote(sandboxScript)})`
)
) )
); );
const proc = spawn(args[0], args.slice(1), { const proc = spawn(args[0], args.slice(1), {

15
system/res/sentinel.bash
View File

@ -2,7 +2,20 @@
set -euo pipefail set -euo pipefail
while read -t2 -a cmd; do while read -t2 -r cmdline; do
cmd=(${cmdline})
for (( i=0; i<${#cmd[@]}; i++ )); do
arg="${cmd[$i]}"
arg="${arg}x"
arg="$(sed 's/+s/ /g' <<< "${arg}")"
arg="$(sed 's/+n/\n/g' <<< "${arg}")"
arg="$(sed 's/+t/\t/g' <<< "${arg}")"
arg="$(sed 's/+p/+/g' <<< "${arg}")"
arg="${arg%x}"
cmd[$i]="${arg}"
done
if (( "${#cmd[@]}" > 0 )); then if (( "${#cmd[@]}" > 0 )); then
case "${cmd[0]}" in case "${cmd[0]}" in
ping) ;; ping) ;;

71
system/src/riju-system-privileged.c
View File

@ -1,4 +1,5 @@
#define _GNU_SOURCE #define _GNU_SOURCE
#include <ctype.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <grp.h> #include <grp.h>
@ -34,49 +35,37 @@ void die_with_usage()
char *quoteArgs(int argc, char **cmdline) char *quoteArgs(int argc, char **cmdline)
{ {
char **printfArgs = malloc(sizeof(char *) * (argc + 3)); int orig_len = 0;
printfArgs[0] = "printf"; for (int i = 0; i < argc; ++i)
printfArgs[1] = "%q "; orig_len += strlen(cmdline[i]);
memcpy(printfArgs + 2, cmdline, sizeof(char *) * argc); int quoted_len = orig_len * 2 + argc;
printfArgs[argc + 2] = NULL; char *quoted = malloc(sizeof(char) * quoted_len);
int fd[2]; char *quoted_ptr = quoted;
if (pipe(fd) < 0) for (int i = 0; i < argc; ++i) {
die("pipe failed"); for (char *ptr = cmdline[i]; *ptr != '\0'; ++ptr) {
pid_t pid = fork(); if (*ptr == ' ') {
if (pid < 0) *(quoted_ptr++) = '+';
die("fork failed"); *(quoted_ptr++) = 's';
else if (pid == 0) { } else if (*ptr == '\n') {
if (dup2(fd[1], STDOUT_FILENO) < 0) *(quoted_ptr++) = '+';
die("dup2 failed"); *(quoted_ptr++) = 'n';
if (close(fd[0]) < 0 || close(fd[1]) < 0) } else if (*ptr == '\t') {
die("close failed"); *(quoted_ptr++) = '+';
execvp(printfArgs[0], printfArgs); *(quoted_ptr++) = 't';
die("execvp failed"); } else if (*ptr == '+') {
} *(quoted_ptr++) = '+';
if (close(fd[1]) < 0) *(quoted_ptr++) = 'p';
die("close failed"); } else if (isprint(*ptr)) {
char *buf = malloc(1024); *(quoted_ptr++) = *ptr;
if (buf == NULL) } else {
die("malloc failed"); die("riju-system-privileged got non-printable char");
ssize_t len_allocated = 1024; }
ssize_t len_total = 0;
ssize_t len_read;
while ((len_read = read(fd[0], buf + len_total, 1024)) > 0) {
len_total += len_read;
if (len_allocated - len_total < 1024) {
char *new_buf = malloc(len_allocated + 1024);
len_allocated += 1024;
if (new_buf == NULL)
die("malloc failed");
memcpy(new_buf, buf, len_total);
free(buf);
buf = new_buf;
} }
if (i < argc - 1)
*(quoted_ptr++) = ' ';
} }
if (len_read < 0) *(quoted_ptr++) = '\0';
die("read failed"); return quoted;
buf[len_total] = '\0';
return buf;
} }
char *getUUID() char *getUUID()