[PATCH 59/77] policycoreutils: sandbox: seunshare: introduce helper

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 25 Aug 2011 16:47:08 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5WtMsACgkQrlYvE4MpobPf/wCfUZQ8VgANwj6R2PuIWhE2iw6B
So8An372T26LXqBwkV8fdyJLCfWCPYKi
=r6zf
-----END PGP SIGNATURE-----
>From e417db5bd6ac9841a7920eb5af0a9ca6697181a5 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Fri, 5 Aug 2011 14:06:34 -0400
Subject: [PATCH 59/77] policycoreutils: sandbox: seunshare: introduce helper
 spawn_command

Introduce a helper which will spawn children and wait for them to exit
so we don't have to keep writing that code over and over.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/sandbox/seunshare.c |   41 +++++++++++++++++++++++++++++++++++
 1 files changed, 41 insertions(+), 0 deletions(-)

diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index 69ae111..5f529a0 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -108,6 +108,47 @@ static int set_signal_handles(void)
 	return 0;
 }
 
+#define status_to_retval(status,retval) do { \
+	if ((status) == -1) \
+		retval = -1; \
+	else if (WIFEXITED((status))) \
+		retval = WEXITSTATUS((status)); \
+	else if (WIFSIGNALED((status))) \
+		retval = 128 + WTERMSIG((status)); \
+	else \
+		retval = -1; \
+	} while(0)
+
+/**
+ * Spawn external command using system() with dropped privileges.
+ * TODO: avoid system() and use exec*() instead
+ */
+static int spawn_command(const char *cmd, uid_t uid){
+	int child;
+	int status = -1;
+
+	if (verbose > 1)
+		printf("spawn_command: %s\n", cmd);
+
+	child = fork();
+	if (child == -1) {
+		perror(_("Unable to fork"));
+		return status;
+	}
+
+	if (child == 0) {
+		if (drop_privs(uid) != 0) exit(-1);
+
+		status = system(cmd);
+		status_to_retval(status, status);
+		exit(status);
+	}
+
+	waitpid(child, &status, 0);
+	status_to_retval(status, status);
+	return status;
+}
+
 /**
  * This function makes sure the mounted directory is owned by the user executing
  * seunshare.
-- 
1.7.6





