|
@@ -99,7 +99,7 @@ static sandbox_cfg_t *filter_dynamic = NULL;
|
|
|
#undef SCMP_CMP
|
|
|
#define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
|
|
|
#define SCMP_CMP_STR(a,b,c) \
|
|
|
- ((struct scmp_arg_cmp){(a),(b),(intptr_t)(void*)(c),0})
|
|
|
+ ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0})
|
|
|
#define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)})
|
|
|
/* We use a wrapper here because these masked comparisons seem to be pretty
|
|
|
* verbose. Also, it's important to cast to scmp_datum_t before negating the
|
|
@@ -1172,28 +1172,6 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-int
|
|
|
-sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
|
|
|
-{
|
|
|
- int rc = 0;
|
|
|
- char *fn = NULL;
|
|
|
-
|
|
|
- va_list ap;
|
|
|
- va_start(ap, cfg);
|
|
|
-
|
|
|
- while ((fn = va_arg(ap, char*)) != NULL) {
|
|
|
- rc = sandbox_cfg_allow_stat_filename(cfg, fn);
|
|
|
- if (rc) {
|
|
|
- log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_stat_filename_array fail");
|
|
|
- goto end;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- end:
|
|
|
- va_end(ap);
|
|
|
- return 0;
|
|
|
-}
|
|
|
-
|
|
|
int
|
|
|
sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
|
|
|
{
|
|
@@ -1229,28 +1207,6 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-int
|
|
|
-sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
|
|
|
-{
|
|
|
- int rc = 0;
|
|
|
- char *fn = NULL;
|
|
|
-
|
|
|
- va_list ap;
|
|
|
- va_start(ap, cfg);
|
|
|
-
|
|
|
- while ((fn = va_arg(ap, char*)) != NULL) {
|
|
|
- rc = sandbox_cfg_allow_open_filename(cfg, fn);
|
|
|
- if (rc) {
|
|
|
- log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_open_filename_array fail");
|
|
|
- goto end;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- end:
|
|
|
- va_end(ap);
|
|
|
- return 0;
|
|
|
-}
|
|
|
-
|
|
|
int
|
|
|
sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
|
|
|
{
|
|
@@ -1268,28 +1224,6 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-int
|
|
|
-sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
|
|
|
-{
|
|
|
- int rc = 0;
|
|
|
- char *fn = NULL;
|
|
|
-
|
|
|
- va_list ap;
|
|
|
- va_start(ap, cfg);
|
|
|
-
|
|
|
- while ((fn = va_arg(ap, char*)) != NULL) {
|
|
|
- rc = sandbox_cfg_allow_openat_filename(cfg, fn);
|
|
|
- if (rc) {
|
|
|
- log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_openat_filename_array fail");
|
|
|
- goto end;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- end:
|
|
|
- va_end(ap);
|
|
|
- return 0;
|
|
|
-}
|
|
|
-
|
|
|
#if 0
|
|
|
int
|
|
|
sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
|
|
@@ -1308,28 +1242,6 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-int
|
|
|
-sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
|
|
|
-{
|
|
|
- int rc = 0;
|
|
|
- char *fn = NULL;
|
|
|
-
|
|
|
- va_list ap;
|
|
|
- va_start(ap, cfg);
|
|
|
-
|
|
|
- while ((fn = va_arg(ap, char*)) != NULL) {
|
|
|
-
|
|
|
- rc = sandbox_cfg_allow_execve(cfg, fn);
|
|
|
- if (rc) {
|
|
|
- log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_execve_array failed");
|
|
|
- goto end;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- end:
|
|
|
- va_end(ap);
|
|
|
- return 0;
|
|
|
-}
|
|
|
#endif
|
|
|
|
|
|
/** Cache entry for getaddrinfo results; used when sandboxing is implemented
|