mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-12 09:17:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix O_CLOEXEC behavior with unveil()

Browse source
This commit is contained in:
Justine Tunney 2022-07-18 21:05:46 -07:00
parent bf59defc0c
commit 057e8f5b54
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
libc/mem/unveil.c
View file

@ -25,12 +25,14 @@
#include "libc/calls/syscall-sysv.internal.h" #include "libc/calls/syscall-sysv.internal.h"
#include "libc/calls/syscall_support-sysv.internal.h" #include "libc/calls/syscall_support-sysv.internal.h"
#include "libc/errno.h" #include "libc/errno.h"
#include "libc/intrin/kprintf.h"
#include "libc/mem/mem.h" #include "libc/mem/mem.h"
#include "libc/nexgen32e/threaded.h" #include "libc/nexgen32e/threaded.h"
#include "libc/runtime/internal.h" #include "libc/runtime/internal.h"
#include "libc/str/str.h" #include "libc/str/str.h"
#include "libc/sysv/consts/at.h" #include "libc/sysv/consts/at.h"
#include "libc/sysv/consts/f.h" #include "libc/sysv/consts/f.h"
#include "libc/sysv/consts/fd.h"
#include "libc/sysv/consts/o.h" #include "libc/sysv/consts/o.h"
#include "libc/sysv/consts/pr.h" #include "libc/sysv/consts/pr.h"
#include "libc/sysv/consts/s.h" #include "libc/sysv/consts/s.h"
@ -90,7 +92,8 @@ static int err_close(int rc, int fd) {
static int unveil_init(void) { static int unveil_init(void) {
int rc, fd; int rc, fd;
if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) < 0) { if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) <
0) {
if (errno == EOPNOTSUPP) errno = ENOSYS; if (errno == EOPNOTSUPP) errno = ENOSYS;
return -1; return -1;
} }
@ -98,10 +101,16 @@ static int unveil_init(void) {
const struct landlock_ruleset_attr attr = { const struct landlock_ruleset_attr attr = {
.handled_access_fs = State.fs_mask, .handled_access_fs = State.fs_mask,
}; };
// [undocumented] landlock_create_ruleset() always returns o_cloexec
// assert(__sys_fcntl(rc, F_GETFD, 0) == FD_CLOEXEC);
if ((rc = landlock_create_ruleset(&attr, sizeof(attr), 0)) < 0) return -1; if ((rc = landlock_create_ruleset(&attr, sizeof(attr), 0)) < 0) return -1;
// grant file descriptor a higher number that's less likely to interfere // grant file descriptor a higher number that's less likely to interfere
if ((fd = __sys_fcntl(rc, F_DUPFD, 100)) == -1) return err_close(-1, rc); if ((fd = __sys_fcntl(rc, F_DUPFD_CLOEXEC, 100)) == -1) {
if (sys_close(rc) == -1) return err_close(-1, fd); return err_close(-1, rc);
}
if (sys_close(rc) == -1) {
return err_close(-1, fd);
}
State.fd = fd; State.fd = fd;
return 0; return 0;
} }

2
libc/sysv/consts.sh
View file

@ -355,7 +355,7 @@ syscon fcntl2 F_GETOWN 9 5 5 5 5 0 # bsd consensus
syscon fcntl2 F_FULLFSYNC 0 51 0 0 0 0 # syscon fcntl2 F_FULLFSYNC 0 51 0 0 0 0 #
syscon fcntl2 F_NOCACHE 0 48 0 0 0 0 # syscon fcntl2 F_NOCACHE 0 48 0 0 0 0 #
syscon fcntl3 FD_CLOEXEC 1 1 1 1 1 1 # unix consensus & faked nt syscon fcntl3 FD_CLOEXEC 1 1 1 1 1 1 # unix consensus & faked nt
syscon fcntl F_DUPFD_CLOEXEC 0x0406 67 17 10 12 0x0406 # faked nt syscon fcntl F_DUPFD_CLOEXEC 0x0406 67 17 10 12 0x0406 # Linux 2.6.24+; faked nt
syscon fcntl F_MAXFD 0 0 0 0 11 0 # syscon fcntl F_MAXFD 0 0 0 0 11 0 #
syscon fcntl FREAD 0 1 1 1 1 0 # syscon fcntl FREAD 0 1 1 1 1 0 #
syscon fcntl FWRITE 0 2 2 2 2 0 # syscon fcntl FWRITE 0 2 2 2 2 0 #