]>
Commit | Line | Data |
---|---|---|
3badb668 | 1 | /* |
2 | * "$Id$" | |
3 | * | |
4 | * Sandbox helper for CUPS. | |
5 | * | |
c45401bb | 6 | * Copyright 2007-2012 by Apple Inc. |
3badb668 | 7 | * |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Apple Inc. and are protected by Federal copyright | |
10 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
11 | * which should have been included with this file. If this file is | |
12 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
13 | * | |
14 | * Usage: | |
15 | * | |
16 | * cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN | |
17 | * | |
18 | * Contents: | |
19 | * | |
20 | * main() - Apply sandbox profile and execute program. | |
21 | */ | |
22 | ||
23 | /* | |
24 | * Include necessary headers... | |
25 | */ | |
26 | ||
27 | #include <cups/string-private.h> | |
28 | #include <unistd.h> | |
29 | #ifdef HAVE_SANDBOX_H | |
3badb668 | 30 | # include <sandbox.h> |
eb6029b7 | 31 | # ifndef SANDBOX_NAMED_EXTERNAL |
32 | # define SANDBOX_NAMED_EXTERNAL 0x0003 | |
33 | # endif /* !SANDBOX_NAMED_EXTERNAL */ | |
3e334381 | 34 | # pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
3badb668 | 35 | #endif /* HAVE_SANDBOX_H */ |
36 | ||
37 | ||
38 | /* | |
39 | * 'main()' - Apply sandbox profile and execute program. | |
40 | */ | |
41 | ||
42 | int /* O - Exit status */ | |
43 | main(int argc, /* I - Number of command-line args */ | |
44 | char *argv[]) /* I - Command-line arguments */ | |
45 | { | |
0f54c9f9 | 46 | int i; /* Looping var */ |
3badb668 | 47 | #ifdef HAVE_SANDBOX_H |
48 | char *sandbox_error = NULL; /* Sandbox error, if any */ | |
49 | #endif /* HAVE_SANDBOX_H */ | |
50 | ||
51 | ||
52 | /* | |
53 | * Check that we have enough arguments... | |
54 | */ | |
55 | ||
56 | if (argc < 4) | |
57 | { | |
58 | puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... " | |
59 | "argvN"); | |
60 | return (1); | |
61 | } | |
62 | ||
63 | #ifdef HAVE_SANDBOX_H | |
64 | /* | |
65 | * Run in a separate security profile... | |
66 | */ | |
67 | ||
0f54c9f9 | 68 | if (strcmp(argv[1], "none") && |
69 | sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error)) | |
3badb668 | 70 | { |
71 | fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error, | |
72 | strerror(errno)); | |
73 | sandbox_free_error(sandbox_error); | |
74 | return (1); | |
75 | } | |
76 | #endif /* HAVE_SANDBOX_H */ | |
77 | ||
0f54c9f9 | 78 | /* |
79 | * Close file descriptors we don't need (insurance): | |
80 | * | |
81 | * 0 = stdin | |
82 | * 1 = stdout | |
83 | * 2 = stderr | |
84 | * 3 = back-channel | |
85 | * 4 = side-channel | |
86 | * 5-N = unused | |
87 | */ | |
88 | ||
89 | for (i = 5; i < 1024; i ++) | |
90 | close(i); | |
91 | ||
3badb668 | 92 | /* |
93 | * Execute the program... | |
94 | */ | |
95 | ||
96 | execv(argv[2], argv + 3); | |
97 | ||
98 | /* | |
99 | * If we get here, execv() failed... | |
100 | */ | |
101 | ||
102 | fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno)); | |
103 | return (1); | |
104 | } | |
105 | ||
106 | ||
107 | /* | |
108 | * End of "$Id$". | |
109 | */ |