[klibc] [PATCH] run-init: add drop_capabilities support
Mike Waychison
mikew at google.com
Tue May 15 23:26:42 PDT 2012
On Thu, May 3, 2012 at 7:04 PM, Kees Cook <keescook at chromium.org> wrote:
> Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336,
> this moves the capability code down into the run-init library, so that
> run-init can use it as well, via the new "-d" flag.
>
> Signed-off-by: Kees Cook <kees at outflux.net>
Acked-by: Mike Waychison <mikew at google.com>
Sorry I missed this Kees, it missed my inbox.
> ---
> usr/kinit/Kbuild | 3 +--
> usr/kinit/capabilities.h | 10 ++++++++++
> usr/kinit/kinit.c | 6 +++---
> usr/kinit/run-init/Kbuild | 9 +++++++--
> usr/kinit/run-init/run-init.c | 12 ++++++++----
> usr/kinit/run-init/run-init.h | 2 +-
> usr/kinit/run-init/runinitlib.c | 11 +++++++++--
> 7 files changed, 39 insertions(+), 14 deletions(-)
> create mode 100644 usr/kinit/capabilities.h
>
> diff --git a/usr/kinit/Kbuild b/usr/kinit/Kbuild
> index 8f6d08e..5320127 100644
> --- a/usr/kinit/Kbuild
> +++ b/usr/kinit/Kbuild
> @@ -3,14 +3,13 @@
> #
>
> # library part of kinit. Is used by programs in sub-directories (resume et al)
> -lib-y := name_to_dev.o devname.o getarg.o
> +lib-y := name_to_dev.o devname.o getarg.o capabilities.o
> # use lib for kinit
> kinit-y := lib.a
>
> kinit-y += kinit.o do_mounts.o ramdisk_load.o initrd.o
> kinit-y += getintfile.o readfile.o xpio.o
> kinit-y += do_mounts_md.o do_mounts_mtd.o nfsroot.o
> -kinit-y += capabilities.o
>
> kinit-y += ipconfig/
> kinit-y += nfsmount/
> diff --git a/usr/kinit/capabilities.h b/usr/kinit/capabilities.h
> new file mode 100644
> index 0000000..a32a66a
> --- /dev/null
> +++ b/usr/kinit/capabilities.h
> @@ -0,0 +1,10 @@
> +/*
> + * capabilities.h
> + */
> +
> +#ifndef KINIT_CAPABILITIES_H
> +#define KINIT_CAPABILITIES_H
> +
> +int drop_capabilities(const char *caps);
> +
> +#endif /* KINIT_CAPABILITIES_H */
> diff --git a/usr/kinit/kinit.c b/usr/kinit/kinit.c
> index 8ea0da5..523c92b 100644
> --- a/usr/kinit/kinit.c
> +++ b/usr/kinit/kinit.c
> @@ -284,8 +284,6 @@ int main(int argc, char *argv[])
> check_path("/root");
> do_mounts(cmdc, cmdv);
>
> - drop_capabilities(get_arg(cmdc, cmdv, "drop_capabilities="));
> -
> if (mnt_procfs) {
> umount2("/proc", 0);
> mnt_procfs = 0;
> @@ -305,7 +303,9 @@ int main(int argc, char *argv[])
>
> init_argv[0] = strrchr(init_path, '/') + 1;
>
> - errmsg = run_init("/root", "/dev/console", init_path, init_argv);
> + errmsg = run_init("/root", "/dev/console",
> + get_arg(cmdc, cmdv, "drop_capabilities="),
> + init_path, init_argv);
>
> /* If run_init returned, something went bad */
> fprintf(stderr, "%s: %s: %s\n", progname, errmsg, strerror(errno));
> diff --git a/usr/kinit/run-init/Kbuild b/usr/kinit/run-init/Kbuild
> index bf6e140..f7832b7 100644
> --- a/usr/kinit/run-init/Kbuild
> +++ b/usr/kinit/run-init/Kbuild
> @@ -18,9 +18,14 @@ lib-y := $(objs)
> # personality(2) flag from getting set and passed to init).
> EXTRA_KLIBCLDFLAGS += -z noexecstack
>
> +# Additional include paths files
> +KLIBCCFLAGS += -I$(srctree)/$(src)/..
> +
> # .o files used to built executables
> -static/run-init-y := $(objs)
> -shared/run-init-y := $(objs)
> +static/run-init-y := $(objs)
> +static/run-init-lib := ../lib.a
> +shared/run-init-y := $(objs)
> +shared/run-init-lib := ../lib.a
>
> # Cleaning
> clean-dirs := static shared
> diff --git a/usr/kinit/run-init/run-init.c b/usr/kinit/run-init/run-init.c
> index 0f150dd..2147d06 100644
> --- a/usr/kinit/run-init/run-init.c
> +++ b/usr/kinit/run-init/run-init.c
> @@ -26,13 +26,14 @@
> * ----------------------------------------------------------------------- */
>
> /*
> - * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@"
> + * Usage: exec run-init [-d caps] [-c /dev/console] /real-root /sbin/init "$@"
> *
> * This program should be called as the last thing in a shell script
> * acting as /init in an initramfs; it does the following:
> *
> * - Delete all files in the initramfs;
> * - Remounts /real-root onto the root filesystem;
> + * - Drops comma-separated list of capabilities;
> * - Chroots;
> * - Opens /dev/console;
> * - Spawns the specified init program (with arguments.)
> @@ -50,7 +51,7 @@ static const char *program;
> static void __attribute__ ((noreturn)) usage(void)
> {
> fprintf(stderr,
> - "Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n",
> + "Usage: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n",
> program);
> exit(1);
> }
> @@ -62,6 +63,7 @@ int main(int argc, char *argv[])
> const char *realroot;
> const char *init;
> const char *error;
> + const char *drop_caps = NULL;
> char **initargs;
>
> /* Variables... */
> @@ -70,9 +72,11 @@ int main(int argc, char *argv[])
> /* Parse the command line */
> program = argv[0];
>
> - while ((o = getopt(argc, argv, "c:")) != -1) {
> + while ((o = getopt(argc, argv, "c:d:")) != -1) {
> if (o == 'c') {
> console = optarg;
> + } else if (o == 'd') {
> + drop_caps = optarg;
> } else {
> usage();
> }
> @@ -85,7 +89,7 @@ int main(int argc, char *argv[])
> init = argv[optind + 1];
> initargs = argv + optind + 1;
>
> - error = run_init(realroot, console, init, initargs);
> + error = run_init(realroot, console, drop_caps, init, initargs);
>
> /* If run_init returns, something went wrong */
> fprintf(stderr, "%s: %s: %s\n", program, error, strerror(errno));
> diff --git a/usr/kinit/run-init/run-init.h b/usr/kinit/run-init/run-init.h
> index a95328e..da3136a 100644
> --- a/usr/kinit/run-init/run-init.h
> +++ b/usr/kinit/run-init/run-init.h
> @@ -29,6 +29,6 @@
> #define RUN_INIT_H
>
> const char *run_init(const char *realroot, const char *console,
> - const char *init, char **initargs);
> + const char *drop_caps, const char *init, char **initargs);
>
> #endif
> diff --git a/usr/kinit/run-init/runinitlib.c b/usr/kinit/run-init/runinitlib.c
> index 8f1562f..fe856bd 100644
> --- a/usr/kinit/run-init/runinitlib.c
> +++ b/usr/kinit/run-init/runinitlib.c
> @@ -26,7 +26,7 @@
> * ----------------------------------------------------------------------- */
>
> /*
> - * run_init(consoledev, realroot, init, initargs)
> + * run_init(realroot, consoledev, drop_caps, init, initargs)
> *
> * This function should be called as the last thing in kinit,
> * from initramfs, it does the following:
> @@ -34,6 +34,7 @@
> * - Delete all files in the initramfs;
> * - Remounts /real-root onto the root filesystem;
> * - Chroots;
> + * - Drops comma-separated list of capabilities;
> * - Opens /dev/console;
> * - Spawns the specified init program (with arguments.)
> *
> @@ -53,6 +54,7 @@
> #include <sys/types.h>
> #include <sys/vfs.h>
> #include "run-init.h"
> +#include "capabilities.h"
>
> /* Make it possible to compile on glibc by including constants that the
> always-behind shipped glibc headers may not include. Classic example
> @@ -154,7 +156,8 @@ static int nuke(const char *what)
> }
>
> const char *run_init(const char *realroot, const char *console,
> - const char *init, char **initargs)
> + const char *drop_caps, const char *init,
> + char **initargs)
> {
> struct stat rst, cst;
> struct statfs sfs;
> @@ -195,6 +198,10 @@ const char *run_init(const char *realroot, const char *console,
> if (chroot(".") || chdir("/"))
> return "chroot";
>
> + /* Drop capabilities */
> + if (drop_capabilities(drop_caps) < 0)
> + return "dropping capabilities";
> +
> /* Open /dev/console */
> if ((confd = open(console, O_RDWR)) < 0)
> return "opening console";
> --
> 1.7.9.5
>
>
> --
> Kees Cook @outflux.net
More information about the klibc
mailing list