[klibc] [PATCH] run-init: add drop_capabilities support

Mike Waychison mikew at google.com
Tue May 15 23:26:42 PDT 2012


On Thu, May 3, 2012 at 7:04 PM, Kees Cook <keescook at chromium.org> wrote:
> Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336,
> this moves the capability code down into the run-init library, so that
> run-init can use it as well, via the new "-d" flag.
>
> Signed-off-by: Kees Cook <kees at outflux.net>
Acked-by: Mike Waychison <mikew at google.com>

Sorry I missed this Kees, it missed my inbox.

> ---
>  usr/kinit/Kbuild                |    3 +--
>  usr/kinit/capabilities.h        |   10 ++++++++++
>  usr/kinit/kinit.c               |    6 +++---
>  usr/kinit/run-init/Kbuild       |    9 +++++++--
>  usr/kinit/run-init/run-init.c   |   12 ++++++++----
>  usr/kinit/run-init/run-init.h   |    2 +-
>  usr/kinit/run-init/runinitlib.c |   11 +++++++++--
>  7 files changed, 39 insertions(+), 14 deletions(-)
>  create mode 100644 usr/kinit/capabilities.h
>
> diff --git a/usr/kinit/Kbuild b/usr/kinit/Kbuild
> index 8f6d08e..5320127 100644
> --- a/usr/kinit/Kbuild
> +++ b/usr/kinit/Kbuild
> @@ -3,14 +3,13 @@
>  #
>
>  # library part of kinit. Is used by programs in sub-directories (resume et al)
> -lib-y   := name_to_dev.o devname.o getarg.o
> +lib-y   := name_to_dev.o devname.o getarg.o capabilities.o
>  # use lib for kinit
>  kinit-y  := lib.a
>
>  kinit-y  += kinit.o do_mounts.o ramdisk_load.o initrd.o
>  kinit-y  += getintfile.o readfile.o xpio.o
>  kinit-y  += do_mounts_md.o do_mounts_mtd.o nfsroot.o
> -kinit-y  += capabilities.o
>
>  kinit-y  += ipconfig/
>  kinit-y  += nfsmount/
> diff --git a/usr/kinit/capabilities.h b/usr/kinit/capabilities.h
> new file mode 100644
> index 0000000..a32a66a
> --- /dev/null
> +++ b/usr/kinit/capabilities.h
> @@ -0,0 +1,10 @@
> +/*
> + * capabilities.h
> + */
> +
> +#ifndef KINIT_CAPABILITIES_H
> +#define KINIT_CAPABILITIES_H
> +
> +int drop_capabilities(const char *caps);
> +
> +#endif                                         /* KINIT_CAPABILITIES_H */
> diff --git a/usr/kinit/kinit.c b/usr/kinit/kinit.c
> index 8ea0da5..523c92b 100644
> --- a/usr/kinit/kinit.c
> +++ b/usr/kinit/kinit.c
> @@ -284,8 +284,6 @@ int main(int argc, char *argv[])
>        check_path("/root");
>        do_mounts(cmdc, cmdv);
>
> -       drop_capabilities(get_arg(cmdc, cmdv, "drop_capabilities="));
> -
>        if (mnt_procfs) {
>                umount2("/proc", 0);
>                mnt_procfs = 0;
> @@ -305,7 +303,9 @@ int main(int argc, char *argv[])
>
>        init_argv[0] = strrchr(init_path, '/') + 1;
>
> -       errmsg = run_init("/root", "/dev/console", init_path, init_argv);
> +       errmsg = run_init("/root", "/dev/console",
> +                         get_arg(cmdc, cmdv, "drop_capabilities="),
> +                         init_path, init_argv);
>
>        /* If run_init returned, something went bad */
>        fprintf(stderr, "%s: %s: %s\n", progname, errmsg, strerror(errno));
> diff --git a/usr/kinit/run-init/Kbuild b/usr/kinit/run-init/Kbuild
> index bf6e140..f7832b7 100644
> --- a/usr/kinit/run-init/Kbuild
> +++ b/usr/kinit/run-init/Kbuild
> @@ -18,9 +18,14 @@ lib-y := $(objs)
>  # personality(2) flag from getting set and passed to init).
>  EXTRA_KLIBCLDFLAGS += -z noexecstack
>
> +# Additional include paths files
> +KLIBCCFLAGS += -I$(srctree)/$(src)/..
> +
>  # .o files used to built executables
> -static/run-init-y := $(objs)
> -shared/run-init-y := $(objs)
> +static/run-init-y   := $(objs)
> +static/run-init-lib := ../lib.a
> +shared/run-init-y   := $(objs)
> +shared/run-init-lib := ../lib.a
>
>  # Cleaning
>  clean-dirs := static shared
> diff --git a/usr/kinit/run-init/run-init.c b/usr/kinit/run-init/run-init.c
> index 0f150dd..2147d06 100644
> --- a/usr/kinit/run-init/run-init.c
> +++ b/usr/kinit/run-init/run-init.c
> @@ -26,13 +26,14 @@
>  * ----------------------------------------------------------------------- */
>
>  /*
> - * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@"
> + * Usage: exec run-init [-d caps] [-c /dev/console] /real-root /sbin/init "$@"
>  *
>  * This program should be called as the last thing in a shell script
>  * acting as /init in an initramfs; it does the following:
>  *
>  * - Delete all files in the initramfs;
>  * - Remounts /real-root onto the root filesystem;
> + * - Drops comma-separated list of capabilities;
>  * - Chroots;
>  * - Opens /dev/console;
>  * - Spawns the specified init program (with arguments.)
> @@ -50,7 +51,7 @@ static const char *program;
>  static void __attribute__ ((noreturn)) usage(void)
>  {
>        fprintf(stderr,
> -               "Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n",
> +               "Usage: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n",
>                program);
>        exit(1);
>  }
> @@ -62,6 +63,7 @@ int main(int argc, char *argv[])
>        const char *realroot;
>        const char *init;
>        const char *error;
> +       const char *drop_caps = NULL;
>        char **initargs;
>
>        /* Variables... */
> @@ -70,9 +72,11 @@ int main(int argc, char *argv[])
>        /* Parse the command line */
>        program = argv[0];
>
> -       while ((o = getopt(argc, argv, "c:")) != -1) {
> +       while ((o = getopt(argc, argv, "c:d:")) != -1) {
>                if (o == 'c') {
>                        console = optarg;
> +               } else if (o == 'd') {
> +                       drop_caps = optarg;
>                } else {
>                        usage();
>                }
> @@ -85,7 +89,7 @@ int main(int argc, char *argv[])
>        init = argv[optind + 1];
>        initargs = argv + optind + 1;
>
> -       error = run_init(realroot, console, init, initargs);
> +       error = run_init(realroot, console, drop_caps, init, initargs);
>
>        /* If run_init returns, something went wrong */
>        fprintf(stderr, "%s: %s: %s\n", program, error, strerror(errno));
> diff --git a/usr/kinit/run-init/run-init.h b/usr/kinit/run-init/run-init.h
> index a95328e..da3136a 100644
> --- a/usr/kinit/run-init/run-init.h
> +++ b/usr/kinit/run-init/run-init.h
> @@ -29,6 +29,6 @@
>  #define RUN_INIT_H
>
>  const char *run_init(const char *realroot, const char *console,
> -                    const char *init, char **initargs);
> +                    const char *drop_caps, const char *init, char **initargs);
>
>  #endif
> diff --git a/usr/kinit/run-init/runinitlib.c b/usr/kinit/run-init/runinitlib.c
> index 8f1562f..fe856bd 100644
> --- a/usr/kinit/run-init/runinitlib.c
> +++ b/usr/kinit/run-init/runinitlib.c
> @@ -26,7 +26,7 @@
>  * ----------------------------------------------------------------------- */
>
>  /*
> - * run_init(consoledev, realroot, init, initargs)
> + * run_init(realroot, consoledev, drop_caps, init, initargs)
>  *
>  * This function should be called as the last thing in kinit,
>  * from initramfs, it does the following:
> @@ -34,6 +34,7 @@
>  * - Delete all files in the initramfs;
>  * - Remounts /real-root onto the root filesystem;
>  * - Chroots;
> + * - Drops comma-separated list of capabilities;
>  * - Opens /dev/console;
>  * - Spawns the specified init program (with arguments.)
>  *
> @@ -53,6 +54,7 @@
>  #include <sys/types.h>
>  #include <sys/vfs.h>
>  #include "run-init.h"
> +#include "capabilities.h"
>
>  /* Make it possible to compile on glibc by including constants that the
>    always-behind shipped glibc headers may not include.  Classic example
> @@ -154,7 +156,8 @@ static int nuke(const char *what)
>  }
>
>  const char *run_init(const char *realroot, const char *console,
> -                    const char *init, char **initargs)
> +                    const char *drop_caps, const char *init,
> +                    char **initargs)
>  {
>        struct stat rst, cst;
>        struct statfs sfs;
> @@ -195,6 +198,10 @@ const char *run_init(const char *realroot, const char *console,
>        if (chroot(".") || chdir("/"))
>                return "chroot";
>
> +       /* Drop capabilities */
> +       if (drop_capabilities(drop_caps) < 0)
> +               return "dropping capabilities";
> +
>        /* Open /dev/console */
>        if ((confd = open(console, O_RDWR)) < 0)
>                return "opening console";
> --
> 1.7.9.5
>
>
> --
> Kees Cook                                            @outflux.net



More information about the klibc mailing list