2 * Marc E. Fiuczynski <mef@cs.princeton.edu>
4 * Copyright (c) 2004 The Trustees of Princeton University (Trustees).
6 * Portions of this file are derived from the Paul Brett's vserver.c
7 * modification to bash (vsh).
9 * It is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2, or (at your option) any
14 * It is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
17 * License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with Poptop; see the file COPYING. If not, write to the Free Software
21 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #include <sys/syscall.h>
38 #include <asm/unistd.h>
39 #include <sys/mount.h>
40 #include <sys/types.h>
45 #include "linuxcaps.h"
48 /* Null byte made explicit */
49 #define NULLBYTE_SIZE 1
51 /* Base for all vserver roots for chroot */
52 #define VSERVER_ROOT_BASE "/vservers"
55 /* Change to root:root (before entering new context) */
56 static int setuidgid_root()
59 fprintf(stderr, "setgid error\n");
63 fprintf(stderr, "setuid error\n");
69 static void compute_new_root(char *base, char **root, uid_t uid)
74 if ((pwd = getpwuid(uid)) == NULL) {
75 perror("vserver: getpwuid error ");
80 strlen(base) + strlen("/") +
81 strlen(pwd->pw_name) + NULLBYTE_SIZE;
82 (*root) = (char *)malloc(root_len);
83 if ((*root) == NULL) {
84 perror("vserver: malloc error ");
88 sprintf((*root), "%s/%s", base, pwd->pw_name);
89 (*root)[root_len - 1] = '\0';
92 /* Example: sandbox_root = /vservers/bnc, relpath = /proc/1 */
93 static int sandbox_file_exists(char *sandbox_root, char *relpath)
99 len = strlen(sandbox_root) + strlen(relpath) + NULLBYTE_SIZE;
100 if ((file = (char *)malloc(len)) == NULL) {
101 perror("vserver: malloc error ");
104 sprintf(file, "%s%s", sandbox_root, relpath);
105 file[len - 1] = '\0';
106 if (stat(file, &stat_buf) == 0) {
115 static int proc_mounted(char *sandbox_root)
117 return sandbox_file_exists(sandbox_root, "/proc/1");
120 static int devpts_mounted(char *sandbox_root)
122 return sandbox_file_exists(sandbox_root, "/dev/pts/0");
125 static void mount_proc(char *sandbox_root,uid_t uid)
127 char *source = "/proc";
131 len = strlen(sandbox_root) + strlen("/") + strlen("proc") + NULLBYTE_SIZE;
132 if ((target = (char *)malloc(len)) == NULL) {
133 perror("vserver: malloc error ");
137 sprintf(target, "%s/proc", sandbox_root);
138 target[len - 1] = '\0';
139 if (!proc_mounted(sandbox_root))
140 mount(source, target, "proc", MS_BIND | MS_RDONLY, NULL);
145 static void mount_devpts(char *sandbox_root)
147 char *source = "/dev/pts";
151 len = strlen(sandbox_root) + strlen("/") + strlen("dev/pts") + NULLBYTE_SIZE;
152 if ((target = (char *)malloc(len)) == NULL) {
153 perror("vserver: malloc error ");
157 sprintf(target, "%s/dev/pts", sandbox_root);
158 target[len - 1] = '\0';
159 if (!devpts_mounted(sandbox_root))
160 mount(source, target, "devpts", 0, NULL);
165 static int sandbox_chroot(uid_t uid)
167 char *sandbox_root = NULL;
169 compute_new_root(VSERVER_ROOT_BASE,&sandbox_root, uid);
170 mount_proc(sandbox_root,uid);
171 mount_devpts(sandbox_root);
172 if (chroot(sandbox_root) < 0) {
173 fprintf(stderr,"vserver: chroot error (%s): ",sandbox_root);
177 if (chdir("/") < 0) {
178 perror("vserver: chdir error ");
188 // The following capabilities are normally available
189 // to vservers administrator, but are place for
191 {"CAP_CHOWN",CAP_CHOWN},
192 {"CAP_DAC_OVERRIDE",CAP_DAC_OVERRIDE},
193 {"CAP_DAC_READ_SEARCH",CAP_DAC_READ_SEARCH},
194 {"CAP_FOWNER",CAP_FOWNER},
195 {"CAP_FSETID",CAP_FSETID},
196 {"CAP_KILL",CAP_KILL},
197 {"CAP_SETGID",CAP_SETGID},
198 {"CAP_SETUID",CAP_SETUID},
199 {"CAP_SETPCAP",CAP_SETPCAP},
200 {"CAP_SYS_TTY_CONFIG",CAP_SYS_TTY_CONFIG},
201 {"CAP_LEASE",CAP_LEASE},
202 {"CAP_SYS_CHROOT",CAP_SYS_CHROOT},
204 // Those capabilities are not normally available
205 // to vservers because they are not needed and
206 // may represent a security risk
207 {"CAP_LINUX_IMMUTABLE",CAP_LINUX_IMMUTABLE},
208 {"CAP_NET_BIND_SERVICE",CAP_NET_BIND_SERVICE},
209 {"CAP_NET_BROADCAST",CAP_NET_BROADCAST},
210 {"CAP_NET_ADMIN", CAP_NET_ADMIN},
211 {"CAP_NET_RAW", CAP_NET_RAW},
212 {"CAP_IPC_LOCK", CAP_IPC_LOCK},
213 {"CAP_IPC_OWNER", CAP_IPC_OWNER},
214 {"CAP_SYS_MODULE",CAP_SYS_MODULE},
215 {"CAP_SYS_RAWIO", CAP_SYS_RAWIO},
216 {"CAP_SYS_PACCT", CAP_SYS_PACCT},
217 {"CAP_SYS_ADMIN", CAP_SYS_ADMIN},
218 {"CAP_SYS_BOOT", CAP_SYS_BOOT},
219 {"CAP_SYS_NICE", CAP_SYS_NICE},
220 {"CAP_SYS_RESOURCE",CAP_SYS_RESOURCE},
221 {"CAP_SYS_TIME", CAP_SYS_TIME},
222 {"CAP_MKNOD", CAP_MKNOD},
224 {"CAP_QUOTACTL", CAP_QUOTACTL},
229 #define VSERVERCONF "/etc/vservers/"
230 static unsigned get_remove_cap(char *name) {
237 remove_cap = /* NOTE: keep in sync with chcontext.c */
238 (1<<CAP_LINUX_IMMUTABLE)|
239 (1<<CAP_NET_BROADCAST)|
250 (1<<CAP_SYS_RESOURCE)|
263 * find out which capabilities to put back in by reading the conf file
266 /* construct the pathname to the conf file */
267 vserverconflen = strlen(VSERVERCONF) + strlen(name) + strlen(".conf") + NULLBYTE_SIZE;
268 vserverconf = (char *)malloc(vserverconflen);
269 sprintf(vserverconf, "%s%s.conf", VSERVERCONF, name);
271 fprintf(stderr,"opening file %s\n",vserverconf);
272 /* open the conf file for reading */
273 fb = fopen(vserverconf,"r");
281 /* the conf file file exist */
282 while((bufsize = getline(&buffer,&len,fb))>0) {
285 /* walk past leading spaces */
286 while(isspace((int)buffer[index]) && (index < bufsize)) index++;
288 /* ignore if it's a comment */
289 if ((buffer[index] == '#') || (index >= bufsize)) continue;
291 /* check if it is the S_CAPS */
292 if (strstr(buffer,"S_CAPS")!=NULL) {
296 fprintf(stderr,"Found S_CAPS\n");
297 for (j=0; tbcap[j].option != NULL; j++){
298 if (strstr(buffer,tbcap[j].option)!=NULL){
299 fprintf(stderr,"%s\n",tbcap[j].option);
300 cap |= (1<<tbcap[j].bit);
307 /* close the conf file */
310 fprintf(stderr,"failed to open %s\n",vserverconf);
315 static int sandbox_processes(uid_t uid, unsigned remove_cap)
324 flags |= 1; /* VX_INFO_LOCK -- cannot request a new vx_id */
325 /* flags |= 4; VX_INFO_NPROC -- limit number of procs in a context */
327 if (vc_new_s_context(context,remove_cap,flags) < 0) {
328 perror("vserver: new_s_context error ");
335 void runas_slice_user(char *username)
338 char *home_env, *logname_env, *mail_env, *shell_env, *user_env;
339 int home_len, logname_len, mail_len, shell_len, user_len;
340 static char *envp[10];
342 if ((pwd = getpwnam(username)) == NULL) {
343 perror("vserver: getpwnam error ");
347 if (setgid(pwd->pw_gid) < 0) {
348 perror("vserver: setgid error ");
352 if (setuid(pwd->pw_uid) < 0) {
353 perror("vserver: setuid error ");
357 if (chdir(pwd->pw_dir) < 0) {
358 perror("vserver: chdir error ");
362 home_len = strlen("HOME=") + strlen(pwd->pw_dir) + NULLBYTE_SIZE;
363 logname_len = strlen("LOGNAME=") + strlen(username) + NULLBYTE_SIZE;
364 mail_len = strlen("MAIL=/var/spool/mail/") + strlen(username)
366 shell_len = strlen("SHELL=") + strlen(pwd->pw_shell) + NULLBYTE_SIZE;
367 user_len = strlen("USER=") + strlen(username) + NULLBYTE_SIZE;
369 home_env = (char *)malloc(home_len);
370 logname_env = (char *)malloc(logname_len);
371 mail_env = (char *)malloc(mail_len);
372 shell_env = (char *)malloc(shell_len);
373 user_env = (char *)malloc(user_len);
375 if ((home_env == NULL) ||
376 (logname_env == NULL) ||
377 (mail_env == NULL) ||
378 (shell_env == NULL) ||
379 (user_env == NULL)) {
380 perror("vserver: malloc error ");
384 sprintf(home_env, "HOME=%s", pwd->pw_dir);
385 sprintf(logname_env, "LOGNAME=%s", username);
386 sprintf(mail_env, "MAIL=/var/spool/mail/%s", username);
387 sprintf(shell_env, "SHELL=%s", pwd->pw_shell);
388 sprintf(user_env, "USER=%s", username);
390 home_env[home_len - 1] = '\0';
391 logname_env[logname_len - 1] = '\0';
392 mail_env[mail_len - 1] = '\0';
393 shell_env[shell_len - 1] = '\0';
394 user_env[user_len - 1] = '\0';
397 envp[1] = logname_env;
403 if ((putenv(home_env) < 0) ||
404 (putenv(logname_env) < 0) ||
405 (putenv(mail_env) < 0) ||
406 (putenv(shell_env) < 0) ||
407 (putenv(user_env) < 0)) {
408 perror("vserver: putenv error ");
415 void slice_enter(char *context)
421 if ((pwd = getpwnam(context)) == NULL) {
422 fprintf(stderr,"vserver: getpwname(%s) failed",context);
426 context = (char*)malloc(strlen(pwd->pw_name)+NULLBYTE_SIZE);
428 perror("vserver: malloc failed");
431 strcpy(context,pwd->pw_name);
433 if (setuidgid_root() < 0) { /* For chroot, new_s_context */
434 fprintf(stderr,"vserver: Could not setuid/setguid to root:root\n");
438 remove_cap = get_remove_cap(context);
441 if (sandbox_chroot(uid) < 0) {
442 fprintf(stderr, "vserver: Could not chroot to vserver root\n");
446 if (sandbox_processes(uid, remove_cap) < 0) {
447 fprintf(stderr, "vserver: Could not sandbox processes in vserver\n");