sandbox/linux/services/namespace_utils.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/linux/services/namespace_utils.h"
   6
   7 #include <fcntl.h>
   8 #include <sched.h>
   9 #include <sys/types.h>
  10 #include <sys/stat.h>
  11 #include <unistd.h>
  12
  13 #include <string>
  14
  15 #include "base/files/file_path.h"
  16 #include "base/files/file_util.h"
  17 #include "base/files/scoped_file.h"
  18 #include "base/logging.h"
  19 #include "base/posix/eintr_wrapper.h"
  20 #include "base/process/launch.h"
  21 #include "base/strings/safe_sprintf.h"
  22 #include "base/third_party/valgrind/valgrind.h"
  23
  24 namespace sandbox {
  25
  26 namespace {
  27 bool IsRunningOnValgrind() {
  28   return RUNNING_ON_VALGRIND;
  29 }
  30
  31 const char kProcSelfSetgroups[] = "/proc/self/setgroups";
  32 }  // namespace
  33
  34 // static
  35 bool NamespaceUtils::WriteToIdMapFile(const char* map_file, generic_id_t id) {
  36   // This function needs to be async-signal-safe, as it may be called in between
  37   // fork and exec.
  38
  39   int fd = HANDLE_EINTR(open(map_file, O_WRONLY));
  40   if (fd == -1) {
  41     return false;
  42   }
  43
  44   const generic_id_t inside_id = id;
  45   const generic_id_t outside_id = id;
  46
  47   char mapping[64];
  48   const ssize_t len =
  49       base::strings::SafeSPrintf(mapping, "%d %d 1\n", inside_id, outside_id);
  50   const ssize_t rc = HANDLE_EINTR(write(fd, mapping, len));
  51   RAW_CHECK(IGNORE_EINTR(close(fd)) == 0);
  52   return rc == len;
  53 }
  54
  55 // static
  56 bool NamespaceUtils::KernelSupportsUnprivilegedNamespace(int type) {
  57   // Valgrind will let clone(2) pass-through, but doesn't support unshare(),
  58   // so always consider namespaces unsupported there.
  59   if (IsRunningOnValgrind()) {
  60     return false;
  61   }
  62
  63   // As of Linux 3.8, /proc/self/ns/* files exist for all namespace types. Since
  64   // user namespaces were added in 3.8, it is OK to rely on the existence of
  65   // /proc/self/ns/*.
  66   if (!base::PathExists(base::FilePath("/proc/self/ns/user"))) {
  67     return false;
  68   }
  69
  70   const char* path;
  71   switch (type) {
  72     case CLONE_NEWUSER:
  73       return true;
  74     case CLONE_NEWIPC:
  75       path = "/proc/self/ns/ipc";
  76       break;
  77     case CLONE_NEWNET:
  78       path = "/proc/self/ns/net";
  79       break;
  80     case CLONE_NEWNS:
  81       path = "/proc/self/ns/mnt";
  82       break;
  83     case CLONE_NEWPID:
  84       path = "/proc/self/ns/pid";
  85       break;
  86     case CLONE_NEWUTS:
  87       path = "/proc/self/ns/uts";
  88       break;
  89     default:
  90       NOTREACHED();
  91       return false;
  92   }
  93
  94   return base::PathExists(base::FilePath(path));
  95 }
  96
  97 // static
  98 bool NamespaceUtils::KernelSupportsDenySetgroups() {
  99   return base::PathExists(base::FilePath(kProcSelfSetgroups));
 100 }
 101
 102 // static
 103 bool NamespaceUtils::DenySetgroups() {
 104   // This function needs to be async-signal-safe.
 105   int fd = HANDLE_EINTR(open(kProcSelfSetgroups, O_WRONLY));
 106   if (fd == -1) {
 107     return false;
 108   }
 109
 110   static const char kDeny[] = "deny";
 111   const ssize_t len = sizeof(kDeny) - 1;
 112   const ssize_t rc = HANDLE_EINTR(write(fd, kDeny, len));
 113   RAW_CHECK(IGNORE_EINTR(close(fd)) == 0);
 114   return rc == len;
 115 }
 116
 117 }  // namespace sandbox