[PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.

The comment in your patch says sandbox will default to -K, this is not
true, the patch is fine though.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yVesACgkQrlYvE4MpobMfuACgynaP1XdCWq1mk5PgZu6KfDQ5
AwMAnjhvqu8K0NUM4cDXBGIIf8bTbbjT
=XMYr
-----END PGP SIGNATURE-----

>From b6dd0d6ee26de999fcac90470db8077f3701f8bb Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 6 Jul 2011 20:22:26 -0400
Subject: [PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill
 option

add kill option to seunshare to kill all processes that are still running
with the execcon MCS label.  Default sandbox to call seunshare with the -k
if it created an mcs level

NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/sandbox/seunshare.8 |    5 ++-
 policycoreutils/sandbox/seunshare.c |   75 ++++++++++++++++++++++++++++++++++-
 2 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
index a1bf3fa..06610c0 100644
--- a/policycoreutils/sandbox/seunshare.8
+++ b/policycoreutils/sandbox/seunshare.8
@@ -3,7 +3,7 @@
 seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
 .SH SYNOPSIS
 .B seunshare
-[ -v ] [ -c ] [ -C ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
+[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
 .br
 .SH DESCRIPTION
 .PP
@@ -24,6 +24,9 @@ Use cgroups to control this copy of seunshare.  Specify parameters in /etc/sysco
 \fB\-C --capabilities\fR
 Allow apps executed within the namespace to use capabilities.  Default is no capabilities.
 .TP
+\fB\-k --kill\fR
+Kill all processes with matching MCS level.
+.TP
 \fB\-Z\ context
 Use alternate SELinux context while runing the executable.
 .TP
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index a4d6cdc..5fa42fe 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -29,6 +29,7 @@
 
 #include <selinux/selinux.h>
 #include <selinux/context.h>	/* for context-mangling functions */
+#include <dirent.h>
 
 #ifdef USE_NLS
 #include <locale.h>		/* for setlocale() */
@@ -52,7 +53,7 @@
 
 #define BUF_SIZE 1024
 #define DEFAULT_PATH "/usr/bin:/bin"
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ")
+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ")
 
 static int verbose = 0;
 
@@ -744,12 +745,77 @@ good:
 	return tmpdir;
 }
 
+#define PROC_BASE "/proc"
+
+static int
+killall (security_context_t execcon)
+{
+	DIR *dir;
+	security_context_t scon;
+	struct dirent *de;
+	pid_t *pid_table, pid, self;
+	int i;
+	int pids, max_pids;
+	int running = 0;
+	self = getpid();
+	if (!(dir = opendir(PROC_BASE))) {
+		return -1;
+	}
+	max_pids = 256;
+	pid_table = malloc(max_pids * sizeof (pid_t));
+	if (!pid_table) {
+		(void)closedir(dir);
+		return -1;
+	}
+	pids = 0;
+	context_t con;
+	con = context_new(execcon);
+	const char *mcs = context_range_get(con);
+	printf("mcs=%s\n", mcs);
+	while ((de = readdir (dir)) != NULL) {
+		if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
+			continue;
+
+		if (pids == max_pids) {
+			if (!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) {
+				(void)closedir(dir);
+				return -1;
+			}
+			max_pids *= 2;
+		}
+		pid_table[pids++] = pid;
+	}
+
+	(void)closedir(dir);
+
+	for (i = 0; i < pids; i++) {
+		pid_t id = pid_table[i];
+
+		if (getpidcon(id, &scon) == 0) {
+
+			context_t pidcon = context_new(scon);
+			/* Attempt to kill remaining processes */
+			if (strcmp(context_range_get(pidcon), mcs) == 0)
+				kill(id, SIGKILL);
+
+			context_free(pidcon);
+			freecon(scon);
+		}
+		running++;
+	}
+
+	context_free(con);
+	free(pid_table);
+	return running;
+}
+
 int main(int argc, char **argv) {
 	int status = -1;
 	security_context_t execcon = NULL;
 
 	int clflag;		/* holds codes for command line flags */
 	int usecgroups = 0;
+	int kill = 0;
 
 	char *homedir_s = NULL;	/* homedir spec'd by user in argv[] */
 	char *tmpdir_s = NULL;	/* tmpdir spec'd by user in argv[] */
@@ -762,6 +828,7 @@ int main(int argc, char **argv) {
 	const struct option long_options[] = {
 		{"homedir", 1, 0, 'h'},
 		{"tmpdir", 1, 0, 't'},
+		{"kill", 1, 0, 'k'},
 		{"verbose", 1, 0, 'v'},
 		{"cgroups", 1, 0, 'c'},
 		{"context", 1, 0, 'Z'},
@@ -803,6 +870,9 @@ int main(int argc, char **argv) {
 		case 't':
 			tmpdir_s = optarg;
 			break;
+		case 'k':
+			kill = 1;
+			break;
 		case 'h':
 			homedir_s = optarg;
 			break;
@@ -941,6 +1011,9 @@ childerr:
 	waitpid(child, &status, 0);
 	status_to_retval(status, status);
 
+	if (execcon && kill_all)
+		killall(execcon);
+
 	if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
 
 err:
-- 
1.7.6.2