-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5Ws2cACgkQrlYvE4MpobPiIQCfQ7Jpp+X0KSgBq9z9V2fvDOKR
0xUAoNO2xMDMZ9tsz+rUKH8cY9TdxinO
=RuEY
-----END PGP SIGNATURE-----
>From 1dc806347dd1f1901fe776723b66803b641d82a6 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Wed, 10 Aug 2011 17:22:41 -0400
Subject: [PATCH 49/77] policycoreutils: sandbox: allow users specify sandbox
window size
This allows users to create sandbox windows of a specified size on the
command line.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/sandbox/sandbox | 11 ++++++++---
policycoreutils/sandbox/sandbox.8 | 15 ++++++++++++---
policycoreutils/sandbox/sandboxX.sh | 10 +++++++---
3 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index 2015e65..f721021 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -43,6 +43,7 @@ except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
+DEFAULT_WINDOWSIZE = "1000x700"
DEFAULT_TYPE = "sandbox_t"
DEFAULT_X_TYPE = "sandbox_x_t"
SAVE_FILES = {}
@@ -241,9 +242,9 @@ kill -TERM $WM_PID 2> /dev/null
def __parse_options(self):
from optparse import OptionParser
usage = _("""
-sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
-sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
+sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
""")
parser = OptionParser(version=self.VERSION, usage=usage)
@@ -279,6 +280,10 @@ sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
+ parser.add_option("-w", "--windowsize", dest="windowsize",
+ type="string", default=DEFAULT_WINDOWSIZE,
+ help="size of the sandbox window")
+
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
@@ -374,7 +379,7 @@ sandbox [-h] [-[X|M] [-c] [-l level ] [-H homedir] [-T tempdir]] [-I includefile
self.__setup_sandboxrc(self.__options.wm)
- cmds = [ SEUNSHARE, "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, SANDBOXSH ]
+ cmds = [ SEUNSHARE, "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, SANDBOXSH, self.__options.windowsize ]
rc = subprocess.Popen(cmds).wait()
return rc
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
index 9d1fe3c..63ec905 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
@@ -1,10 +1,13 @@
-.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
.SH NAME
sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS
.B sandbox
-[-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
-[-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+[-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+
+.br
+.B sandbox
+[-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br
.SH DESCRIPTION
.PP
@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
\fB\-T\ tmpdir
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
.TP
+\fB\-S
+Run a full desktop session, Requires level, and home and tmpdir.
+.TP
+\fB\-w windowsize\fR
+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
+.TP
\fB\-W windowmanager\fR
Select alternative window manager to run within
.B sandbox -X.
diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
index 8338203..e501b03 100644
--- a/policycoreutils/sandbox/sandboxX.sh
+++ b/policycoreutils/sandbox/sandboxX.sh
@@ -1,13 +1,17 @@
#!/bin/bash
context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
-export SCREENSIZE="1000x700"
-#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
trap "exit 0" HUP
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
+ cat > ~/seremote << __EOF
+#!/bin/sh
+DISPLAY=$DISPLAY "\$@"
+__EOF
+ chmod +x ~/seremote
+ /usr/share/sandbox/start $HOME/.sandboxrc
export EXITCODE=$?
kill -HUP 0
break
--
1.7.6
