minijail_main.cc - Issue 6881066: [minijail] Add the ability to set capabilities from the command line

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: minijail_main.cc

Issue 6881066: [minijail] Add the ability to set capabilities from the command line (Closed) Base URL: http://git.chromium.org/git/minijail.git@master

Patch Set: Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: minijail_main.cc

diff --git a/minijail_main.cc b/minijail_main.cc

index a40397ce53526da80a5a13fdfa8576ea0104ade5..69a854dd4b3b2d87b0714392dcf4a658324d197a 100644

--- a/minijail_main.cc

+++ b/minijail_main.cc

@@ -1,7 +1,7 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

// Driver program for applying a minijail from the commandline to

// a process and its children (depending on the feature).

@@ -22,6 +22,7 @@

#include <base/basictypes.h>

#include <base/command_line.h>

#include <base/logging.h>

+#include <base/string_number_conversions.h>

#include <base/string_util.h>

namespace switches {

@@ -63,7 +64,7 @@ static const char kHelpMessage[] = "Available Switches:\n"

" (Note, this is a blacklist and not a whitelist so it may need attention)\n"

" --uid [number]\n"

" Numeric uid to transition to prior to execution.\n"

-" --use-capabilities\n"

+" --use-capabilities [uint64 bitmask]\n"

" Restricts all root-level capabilities to CAP_SETPCAP and enables\n"

" SECURE_NOROOT.\n"

" -- /path/to/program [arg1 [arg2 [ . . . ] ] ]\n"

@@ -94,6 +95,17 @@ static void ProcessSwitches(CommandLine *cl,

jail_opts->set_sanitize_environment(

cl->HasSwitch(switches::kSanitizeEnvironment));

+ if (jail_opts->use_capabilities()) {

+ jail_opts->set_caps_bitmask(0);

+ // TODO(cmasone): switch to something that parses unsigned ints.

+ int64 caps = 0;

+ if (base::StringToInt64(

+ cl->GetSwitchValueASCII(switches::kUseCapabilities), &caps)) {

+ uint64 bitmask = (caps < 0 ? 0 : caps);

+ jail_opts->set_caps_bitmask(bitmask);

+ }

std::string uid_string = cl->GetSwitchValueASCII(switches::kUid);

if (!uid_string.empty()) {

errno = 0;

« no previous file with comments | « minijail.cc ('k') | minijail_unittest.cc » ('j') | no next file with comments »