Index: src/trusted/service_runtime/sel_main.c |
diff --git a/src/trusted/service_runtime/sel_main.c b/src/trusted/service_runtime/sel_main.c |
index 627771f13092d28a3651020c35c2e7d2b96d62e5..bbbea4fde11367c4b133766007718c71b06231e8 100644 |
--- a/src/trusted/service_runtime/sel_main.c |
+++ b/src/trusted/service_runtime/sel_main.c |
@@ -127,6 +127,7 @@ static void PrintUsage(void) { |
"Usage: sel_ldr [-h d:D] [-r d:D] [-w d:D] [-i d:D]\n" |
" [-f nacl_file]\n" |
" [-l log_file]\n" |
+ " [-m fs_root]\n" |
" [-X d] [-acFglQRsSQv]\n" |
" -- [nacl_file] [args]\n" |
"\n"); |
@@ -151,6 +152,14 @@ static void PrintUsage(void) { |
" -R an RPC supplies the NaCl module.\n" |
" No nacl_file argument is expected, and the -f flag cannot be\n" |
" used with this flag.\n" |
+ " -m directory to mount as root.\n" |
+ " If not provided (and -a is also missing), no filesystem access\n" |
+ " of any kind is allowed. If provided, safely allows read/write\n" |
+ " access to just the provided folder as if it were the FS root.\n" |
+ " If read-only access is desired, setting appropriate " |
+ " filesystem-level permissions for the user sel_ldr runs as\n" |
+ " should be adequate. If both -m and -a are passed, -m behavior\n" |
+ " supersedes -a for filesystem operations.\n" |
"\n" |
" (testing flags)\n" |
" -a allow file access plus some other syscalls! dangerous!\n" |
@@ -186,6 +195,7 @@ static int my_getopt(int argc, char *const *argv, const char *shortopts) { |
struct SelLdrOptions { |
char *nacl_file; |
char *blob_library_file; |
+ char *root_mount; |
int app_argc; |
char **app_argv; |
@@ -212,6 +222,7 @@ static void SelLdrOptionsCtor(struct SelLdrOptions *options) { |
options->nacl_file = NULL; |
options->blob_library_file = NULL; |
+ options->root_mount = NULL; |
options->app_argc = 0; |
options->app_argv = NULL; |
@@ -259,7 +270,7 @@ static void NaClSelLdrParseArgs(int argc, char **argv, |
#if NACL_LINUX |
"+D:z:" |
#endif |
- "aB:cdeE:f:Fgh:i:l:pqQr:RsSvw:X:Z")) != -1) { |
+ "aB:cdeE:f:Fgh:i:l:m:pqQr:RsSvw:X:Z")) != -1) { |
switch (opt) { |
case 'a': |
if (!options->quiet) |
@@ -352,6 +363,9 @@ static void NaClSelLdrParseArgs(int argc, char **argv, |
NaClLogSetFile(optarg); |
} |
break; |
+ case 'm': |
+ options->root_mount = optarg; |
+ break; |
case 'p': |
options->enable_env_passthrough = 1; |
break; |
@@ -601,6 +615,10 @@ int NaClSelLdrMain(int argc, char **argv) { |
NaClInsecurelyBypassAllAclChecks(); |
} |
+ if (options->root_mount != NULL) { |
+ NaClMountRootFolder(options->root_mount); |
jtolds
2015/06/25 23:05:05
super open to other names for all these things. it
|
+ } |
+ |
nap->ignore_validator_result = (options->debug_mode_ignore_validator > 0); |
nap->skip_validator = (options->debug_mode_ignore_validator > 1); |
nap->enable_exception_handling = options->enable_exception_handling; |
@@ -782,7 +800,7 @@ int NaClSelLdrMain(int argc, char **argv) { |
* |
* We cannot enable the sandbox if file access is enabled. |
*/ |
- if (!NaClAclBypassChecks && g_enable_outer_sandbox_func != NULL) { |
+ if (!NaClFileAccessEnabled() && g_enable_outer_sandbox_func != NULL) { |
g_enable_outer_sandbox_func(); |
} |