Commit graph

22 commits

Author SHA1 Message Date
13c7aa2ca4 Just reuse argv instead of duplicating 2021-01-15 20:22:22 +01:00
b37648d869 Remove remnants of debug code 2021-01-15 20:22:22 +01:00
5928224d87 Usage on stderr 2021-01-15 20:22:22 +01:00
d1664d03f8 Replace redundent error handling 2021-01-15 20:22:22 +01:00
6806d43759 Add clean target 2021-01-15 20:22:22 +01:00
bbb85d353e Drop root after unshare.
Apparently only the unshare call needs root. The fork which results in
a new PID namespace does not.
2021-01-15 20:22:22 +01:00
6655b38a47 Use sigaction instead of signal
This way we don't have to handle EINTR.
2021-01-15 20:22:22 +01:00
48445a573b Handle EINTR error code for wait and waitpid 2021-01-15 20:22:22 +01:00
12e4cd391a Don't use printf in signal handler 2021-01-15 20:22:22 +01:00
5fbd7abd26 More explanation 2021-01-15 20:22:22 +01:00
9ef65e0f4c Drop group rights first
We might not be able to drop group rights after dropping user rights
so do group rights first.
2021-01-15 20:22:22 +01:00
ab8ef29376 Fix error message for setresgid 2021-01-15 20:22:22 +01:00
1ab32c39d0 Merge all the various definitions of the err variable 2021-01-15 20:22:22 +01:00
b94fa5bfcf Clean up code style 2021-01-15 20:22:22 +01:00
6bd03ad564 Add sanity check
As a sanity check whether we're able to regain root after dropping
it. If we are able to, then something went wrong.
2021-01-15 20:22:22 +01:00
650a576c56 Make dropped root privileges permanent
seteuid sets the effective uid but at the same time retains the old
effective uid as a so called saved uid, which allows the process to go
back to root at a later point in time. As we don't want that, we use
the function setresuid and setresgid instead, allowing to set the
real, effective and saved uid/gid. We keep the real uid/gid unchanged,
but set the effective and saved uid/gid to the value of the real uid.
This forbids us to not regain root priviliges.
2021-01-15 20:22:22 +01:00
5fe9ba36a2 Add signal handler for SIGTERM
When the head process receives a SIGTERM we have to forward that to the init
process, which in turn has to forward it to the executed process which is
jailed. That process can then decide to exit, which also terminates the init and
head process through SIGCHILD/wait means.
2021-01-12 19:51:05 +01:00
1f5e1a9c1f Drop root privileges earlier
We don't need the root privileges after we unshare and the first fork. Therefor
we can drop those for safety reasons.
2021-01-12 19:50:07 +01:00
f3cd63c137 Use execvp instead execv
execvp resolves the executable location using PATH
2021-01-12 13:24:08 +01:00
8ac3b8afe3 Add install target to Makefile 2021-01-07 21:13:59 +01:00
2c397da373 Initial version 2021-01-06 04:42:04 +01:00
3f5f72f940 Initial empty commit. 2021-01-06 04:37:43 +01:00