Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 57154 Details for
Bug 90343
sandbox logging of preinst and postinst file events
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libsandsandbox file event logging support
sandbox-1.2.1.sbnotify.patch (text/plain), 7.29 KB, created by
Zac Medico
on 2005-04-25 02:30:23 UTC
(
hide
)
Description:
libsandsandbox file event logging support
Filename:
MIME Type:
Creator:
Zac Medico
Created:
2005-04-25 02:30:23 UTC
Size:
7.29 KB
patch
obsolete
>diff -Nur --exclude='.*' sandbox-1.2.1.orig/libctest.c sandbox-1.2.1.sbnotify/libctest.c >--- sandbox-1.2.1.orig/libctest.c 2005-04-23 14:01:52.000000000 -0700 >+++ sandbox-1.2.1.sbnotify/libctest.c 1969-12-31 16:00:00.000000000 -0800 >@@ -1 +0,0 @@ >-int main(void) { return 0; } >diff -Nur --exclude='.*' sandbox-1.2.1.orig/libsandbox.c sandbox-1.2.1.sbnotify/libsandbox.c >--- sandbox-1.2.1.orig/libsandbox.c 2005-04-23 13:44:15.000000000 -0700 >+++ sandbox-1.2.1.sbnotify/libsandbox.c 2005-04-25 00:48:14.000000000 -0700 >@@ -81,6 +81,7 @@ > > //#include "localdecls.h" > #include "sandbox.h" >+#include "sbnotify.h" > > /* Macros to check if a function should be executed */ > #define FUNCTION_SANDBOX_SAFE(func, path) \ >@@ -158,6 +159,9 @@ > static char *filter_path(const char *, int follow_link); > static int is_sandbox_on(); > static int is_sandbox_pid(); >+static void sbnotify_event(int event_flags, const char * canonical, const char * func_name, int result); >+static void sbnotify_log(const char * buffer); >+static int get_sbnotify_eventmask(); > > /* Wrapped functions */ > >@@ -375,6 +379,8 @@ > result = true_chmod(path, mode); > } > >+ sbnotify_event(SBN_MODIFY|SBN_ATTRIB, canonic, "chmod", result); >+ > return result; > } > >@@ -391,6 +397,8 @@ > result = true_chown(path, owner, group); > } > >+ sbnotify_event(SBN_MODIFY|SBN_ATTRIB, canonic, "chown", result); >+ > return result; > } > >@@ -408,6 +416,8 @@ > result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); > } > >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "create", result); >+ > return result; > } > >@@ -424,6 +434,11 @@ > result = true_fopen(pathname, mode); > } > >+ if(mode[0]=='w'||mode[0]=='a'||mode[1]=='+') >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "fopen", (int)result); >+ else >+ sbnotify_event(SBN_ACCESS, canonic, "fopen", (int)result); >+ > return result; > } > >@@ -440,6 +455,8 @@ > result = true_lchown(path, owner, group); > } > >+ sbnotify_event(SBN_MODIFY|SBN_ATTRIB, canonic, "lchown", result); >+ > return result; > } > >@@ -457,6 +474,9 @@ > result = true_link(oldpath, newpath); > } > >+ sbnotify_event(SBN_LINK_FROM, old_canonic, "link", result ); >+ sbnotify_event(SBN_MODIFY|SBN_LINK_TO|SBN_CREATE, new_canonic, "link", result ); >+ > return result; > } > >@@ -483,6 +503,8 @@ > result = true_mkdir(pathname, mode); > } > >+ sbnotify_event(SBN_MODIFY|SBN_CREATE, canonic, "mkdir", result ); >+ > return result; > } > >@@ -499,6 +521,8 @@ > result = true_opendir(name); > } > >+ sbnotify_event(SBN_ACCESS, canonic, "opendir", (int)result ); >+ > return result; > } > >@@ -544,6 +568,11 @@ > result = true_open(pathname, flags, mode); > } > >+ if(flags & (O_WRONLY | O_RDWR)) >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "open", result ); >+ else >+ sbnotify_event(SBN_ACCESS, canonic, "open", result ); >+ > return result; > } > >@@ -561,6 +590,9 @@ > result = true_rename(oldpath, newpath); > } > >+ sbnotify_event(SBN_MODIFY|SBN_MOVE_FROM|SBN_DELETE, old_canonic, "rename", result ); >+ sbnotify_event(SBN_MODIFY|SBN_MOVE_TO|SBN_CREATE, new_canonic, "rename", result ); >+ > return result; > } > >@@ -577,6 +609,8 @@ > result = true_rmdir(pathname); > } > >+ sbnotify_event(SBN_MODIFY|SBN_DELETE, canonic, "rmdir", result ); >+ > return result; > } > >@@ -594,6 +628,9 @@ > result = true_symlink(oldpath, newpath); > } > >+ sbnotify_event(SBN_SYMLINK_FROM, old_canonic, "symlink", result ); >+ sbnotify_event(SBN_MODIFY|SBN_SYMLINK_TO|SBN_CREATE, new_canonic, "symlink", result ); >+ > return result; > } > >@@ -610,6 +647,8 @@ > result = true_truncate(path, length); > } > >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "truncate", result ); >+ > return result; > } > >@@ -624,6 +663,7 @@ > * a device node, bug #79836. */ > if (0 == strncmp(canonic, "/dev/", 5)) { > errno = EACCES; >+ sbnotify_event(SBN_MODIFY|SBN_DELETE, canonic, "unlink", result ); > return result; > } > >@@ -633,6 +673,8 @@ > result = true_unlink(pathname); > } > >+ sbnotify_event(SBN_MODIFY|SBN_DELETE, canonic, "unlink", result ); >+ > return result; > } > >@@ -652,6 +694,8 @@ > result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); > } > >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "creat64", result); >+ > return result; > } > >@@ -668,6 +712,11 @@ > result = true_fopen64(pathname, mode); > } > >+ if(mode[0]=='w'||mode[0]=='a'||mode[1]=='+') >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "fopen64", (int)result); >+ else >+ sbnotify_event(SBN_ACCESS, canonic, "fopen64", (int)result); >+ > return result; > } > >@@ -693,6 +742,11 @@ > result = true_open64(pathname, flags, mode); > } > >+ if(flags & (O_WRONLY | O_RDWR)) >+ sbnotify_event(SBN_MODIFY|SBN_WRITE, canonic, "open64", result); >+ else >+ sbnotify_event(SBN_ACCESS, canonic, "open64", result); >+ > return result; > } > >@@ -709,6 +763,8 @@ > result = true_truncate64(path, length); > } > >+ sbnotify_event(SBN_MODIFY, canonic, "truncate64", result); >+ > return result; > } > >@@ -824,6 +880,8 @@ > > errno = old_errno; > >+ sbnotify_event(SBN_EXECUTE, filename, "execve", result ); >+ > return result; > } > >@@ -1496,6 +1554,46 @@ > } > } > >+static void >+sbnotify_event( int event_flags, const char * canonical, const char * func_name, int result ) >+{ >+ event_flags = event_flags | SBN_ACCESS; >+ if (result<0) event_flags = event_flags | SBN_ERROR; >+ if (event_flags & get_sbnotify_eventmask()) >+ { >+ char buffer[512]; >+ sprintf(buffer, "%d\t%s\t%s\t%d\n", event_flags, canonical, func_name, result); >+ sbnotify_log((const char *)&buffer); >+ } >+} >+ >+static void >+sbnotify_log(const char * buffer) >+{ >+ char *log_path = getenv("SBNOTIFY_LOG"); >+ if (log_path == NULL) return; >+ int log_file = true_open(log_path, >+ O_APPEND | O_WRONLY >+ | O_CREAT, >+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); >+ if (log_file >= 0) { >+ write(log_file, buffer, strlen(buffer)); >+ close(log_file); >+ } >+} >+ >+static int >+get_sbnotify_eventmask() >+{ >+ const char * env_var = getenv("SBNOTIFY_EVENTMASK"); >+ if (NULL != env_var) { >+ int value; >+ if (1==sscanf( env_var, "%i", &value)) >+ return value; >+ } >+ return 0; >+} >+ > #include "getcwd.c" > #include "canonicalize.c" > #include "sandbox_futils.c" >diff -Nur --exclude='.*' sandbox-1.2.1.orig/sbnotify.h sandbox-1.2.1.sbnotify/sbnotify.h >--- sandbox-1.2.1.orig/sbnotify.h 1969-12-31 16:00:00.000000000 -0800 >+++ sandbox-1.2.1.sbnotify/sbnotify.h 2005-04-24 23:05:31.000000000 -0700 >@@ -0,0 +1,28 @@ >+/* >+ * Sandbox file event notification. Inspired by Inotify. >+ * >+ * Copyright (C) 2005 Zachary Medico >+ */ >+ >+#ifndef __SBNOTIFY_H__ >+#define __SBNOTIFY_H__ >+ >+#include <sys/types.h> >+ >+/* An attempt to categorize filesystem calls */ >+#define SBN_ACCESS 0x00000001 /* File access */ >+#define SBN_MODIFY 0x00000002 /* File modify (possibly create)*/ >+#define SBN_ATTRIB 0x00000004 /* File change attributes */ >+#define SBN_CREATE 0x00000008 /* File create. move, link, or symlink */ >+#define SBN_DELETE 0x00000010 /* File delete or move */ >+#define SBN_WRITE 0x00000020 /* File open write */ >+#define SBN_EXECUTE 0x00000040 /* File execute */ >+#define SBN_MOVE_FROM 0x00000080 /* File move from X */ >+#define SBN_MOVE_TO 0x00000100 /* File move to Y */ >+#define SBN_LINK_FROM 0x00000200 /* Link create from X */ >+#define SBN_LINK_TO 0x00000400 /* Link create to Y */ >+#define SBN_SYMLINK_FROM 0x00000800 /* Symlink create from X */ >+#define SBN_SYMLINK_TO 0x00001000 /* Symlink create to Y */ >+#define SBN_ERROR 0x00002000 /* Return value is negative */ >+ >+#endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=57154">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 90343
:
57154
|
57155
|
57201
|
57355
|
57443
|
57542
|
57669
|
58219
|
64027
