]>
git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/cups-exec.c
4 * Sandbox helper for CUPS.
6 * Copyright 2007-2014 by Apple Inc.
8 * These coded instructions, statements, and computer programs are the
9 * property of Apple Inc. and are protected by Federal copyright
10 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
11 * which should have been included with this file. If this file is
12 * file is missing or damaged, see the license at "http://www.cups.org/".
16 * cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN
20 * Include necessary headers...
23 #include <cups/string-private.h>
24 #include <cups/file.h>
30 # ifndef SANDBOX_NAMED_EXTERNAL
31 # define SANDBOX_NAMED_EXTERNAL 0x0003
32 # endif /* !SANDBOX_NAMED_EXTERNAL */
33 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
34 #endif /* HAVE_SANDBOX_H */
38 * 'main()' - Apply sandbox profile and execute program.
41 int /* O - Exit status */
42 main(int argc
, /* I - Number of command-line args */
43 char *argv
[]) /* I - Command-line arguments */
47 int niceval
; /* Nice value */
49 char *sandbox_error
= NULL
; /* Sandbox error, if any */
50 #endif /* HAVE_SANDBOX_H */
54 * Check that we have enough arguments...
59 puts("Usage: cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN");
64 * Make sure side and back channel FDs are non-blocking...
67 fcntl(3, F_SETFL
, O_NDELAY
);
68 fcntl(4, F_SETFL
, O_NDELAY
);
71 * Change UID, GID, and nice value...
74 uid
= (uid_t
)atoi(argv
[2]);
75 gid
= (gid_t
)atoi(argv
[3]);
76 niceval
= atoi(argv
[4]);
86 if (setgroups(1, &gid
))
89 if (uid
&& setuid(uid
))
97 * Run in a separate security profile...
100 if (strcmp(argv
[1], "none") &&
101 sandbox_init(argv
[1], SANDBOX_NAMED_EXTERNAL
, &sandbox_error
))
103 cups_file_t
*fp
; /* File */
104 char line
[1024]; /* Line from file */
105 int linenum
= 0; /* Line number in file */
107 fprintf(stderr
, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error
,
109 sandbox_free_error(sandbox_error
);
111 if ((fp
= cupsFileOpen(argv
[1], "r")) != NULL
)
113 while (cupsFileGets(fp
, line
, sizeof(line
)))
116 fprintf(stderr
, "DEBUG: %4d %s\n", linenum
, line
);
121 return (100 + EINVAL
);
123 #endif /* HAVE_SANDBOX_H */
126 * If we get here, execv() failed...
129 fprintf(stderr
, "DEBUG: execv failed: %s\n", strerror(errno
));
130 return (errno
+ 100);