| Index: src/trusted/service_runtime/sel_main.c
|
| diff --git a/src/trusted/service_runtime/sel_main.c b/src/trusted/service_runtime/sel_main.c
|
| index 627771f13092d28a3651020c35c2e7d2b96d62e5..02117a34aa4470d39dda230e34174e5b1ef66d61 100644
|
| --- a/src/trusted/service_runtime/sel_main.c
|
| +++ b/src/trusted/service_runtime/sel_main.c
|
| @@ -127,6 +127,7 @@ static void PrintUsage(void) {
|
| "Usage: sel_ldr [-h d:D] [-r d:D] [-w d:D] [-i d:D]\n"
|
| " [-f nacl_file]\n"
|
| " [-l log_file]\n"
|
| + " [-m fs_root]\n"
|
| " [-X d] [-acFglQRsSQv]\n"
|
| " -- [nacl_file] [args]\n"
|
| "\n");
|
| @@ -151,6 +152,14 @@ static void PrintUsage(void) {
|
| " -R an RPC supplies the NaCl module.\n"
|
| " No nacl_file argument is expected, and the -f flag cannot be\n"
|
| " used with this flag.\n"
|
| + " -m directory to mount as root.\n"
|
| + " If not provided (and -a is also missing), no filesystem access\n"
|
| + " of any kind is allowed. If provided, safely allows read/write\n"
|
| + " access to just the provided folder as if it were the FS root.\n"
|
| + " If read-only access is desired, setting appropriate "
|
| + " filesystem-level permissions for the user sel_ldr runs as\n"
|
| + " should be adequate. If both -m and -a are passed, -m behavior\n"
|
| + " supersedes -a for filesystem operations.\n"
|
| "\n"
|
| " (testing flags)\n"
|
| " -a allow file access plus some other syscalls! dangerous!\n"
|
| @@ -186,6 +195,7 @@ static int my_getopt(int argc, char *const *argv, const char *shortopts) {
|
| struct SelLdrOptions {
|
| char *nacl_file;
|
| char *blob_library_file;
|
| + char *root_mount;
|
| int app_argc;
|
| char **app_argv;
|
|
|
| @@ -212,6 +222,7 @@ static void SelLdrOptionsCtor(struct SelLdrOptions *options) {
|
|
|
| options->nacl_file = NULL;
|
| options->blob_library_file = NULL;
|
| + options->root_mount = NULL;
|
| options->app_argc = 0;
|
| options->app_argv = NULL;
|
|
|
| @@ -259,7 +270,7 @@ static void NaClSelLdrParseArgs(int argc, char **argv,
|
| #if NACL_LINUX
|
| "+D:z:"
|
| #endif
|
| - "aB:cdeE:f:Fgh:i:l:pqQr:RsSvw:X:Z")) != -1) {
|
| + "aB:cdeE:f:Fgh:i:l:m:pqQr:RsSvw:X:Z")) != -1) {
|
| switch (opt) {
|
| case 'a':
|
| if (!options->quiet)
|
| @@ -352,6 +363,9 @@ static void NaClSelLdrParseArgs(int argc, char **argv,
|
| NaClLogSetFile(optarg);
|
| }
|
| break;
|
| + case 'm':
|
| + options->root_mount = optarg;
|
| + break;
|
| case 'p':
|
| options->enable_env_passthrough = 1;
|
| break;
|
| @@ -601,6 +615,14 @@ int NaClSelLdrMain(int argc, char **argv) {
|
| NaClInsecurelyBypassAllAclChecks();
|
| }
|
|
|
| + if (options->root_mount != NULL) {
|
| + if (!NaClMountRootDir(options->root_mount)) {
|
| + NaClLog(LOG_ERROR, "Failed to mount root dir "
|
| + "(not supported on Windows)\n");
|
| + return -1;
|
| + }
|
| + }
|
| +
|
| nap->ignore_validator_result = (options->debug_mode_ignore_validator > 0);
|
| nap->skip_validator = (options->debug_mode_ignore_validator > 1);
|
| nap->enable_exception_handling = options->enable_exception_handling;
|
| @@ -782,7 +804,7 @@ int NaClSelLdrMain(int argc, char **argv) {
|
| *
|
| * We cannot enable the sandbox if file access is enabled.
|
| */
|
| - if (!NaClAclBypassChecks && g_enable_outer_sandbox_func != NULL) {
|
| + if (!NaClFileAccessEnabled() && g_enable_outer_sandbox_func != NULL) {
|
| g_enable_outer_sandbox_func();
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 1211173002:
add restricted filesystem access to sel_ldr
Base URL: https://chromium.googlesource.com/native_client/src/native_client.git@master