StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Migrate forkserver.proto to proto3 syntax

Browse Source 
PiperOrigin-RevId: 434458725
Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea
This commit is contained in:
Oliver Kunz 2022-03-14 07:27:57 -07:00 committed by Copybara-Service
parent 68eaa815ce
commit 206547591b
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sandboxed_api/sandbox2/forkserver.cc
View File

@ -274,6 +274,9 @@ void ForkServer::LaunchChild(const ForkRequest& request, int execve_fd,
int client_fd, uid_t uid, gid_t gid, int client_fd, uid_t uid, gid_t gid,
int user_ns_fd, int signaling_fd, int user_ns_fd, int signaling_fd,
bool avoid_pivot_root) const { bool avoid_pivot_root) const {
SAPI_RAW_CHECK(request.mode() != FORKSERVER_FORK_UNSPECIFIED,
"Forkserver mode is unspecified");
bool will_execve = (request.mode() == FORKSERVER_FORK_EXECVE || bool will_execve = (request.mode() == FORKSERVER_FORK_EXECVE ||
request.mode() == FORKSERVER_FORK_EXECVE_SANDBOX); request.mode() == FORKSERVER_FORK_EXECVE_SANDBOX);
@ -389,6 +392,9 @@ pid_t ForkServer::ServeRequest() {
int comms_fd; int comms_fd;
SAPI_RAW_CHECK(comms_->RecvFD(&comms_fd), "Failed to receive Comms FD"); SAPI_RAW_CHECK(comms_->RecvFD(&comms_fd), "Failed to receive Comms FD");
SAPI_RAW_CHECK(fork_request.mode() != FORKSERVER_FORK_UNSPECIFIED,
"Forkserver mode is unspecified");
int exec_fd = -1; int exec_fd = -1;
if (fork_request.mode() == FORKSERVER_FORK_EXECVE || if (fork_request.mode() == FORKSERVER_FORK_EXECVE ||
fork_request.mode() == FORKSERVER_FORK_EXECVE_SANDBOX) { fork_request.mode() == FORKSERVER_FORK_EXECVE_SANDBOX) {

8
sandboxed_api/sandbox2/forkserver.proto
View File

@ -14,13 +14,15 @@
// A proto for the sandbox2::Forkserver class // A proto for the sandbox2::Forkserver class
syntax = "proto2"; syntax = "proto3";
package sandbox2; package sandbox2;
import "sandboxed_api/sandbox2/mount_tree.proto"; import "sandboxed_api/sandbox2/mount_tree.proto";
enum Mode { enum Mode {
// Default value
FORKSERVER_FORK_UNSPECIFIED = 0;
// Fork, execve and sandbox // Fork, execve and sandbox
FORKSERVER_FORK_EXECVE_SANDBOX = 1; FORKSERVER_FORK_EXECVE_SANDBOX = 1;
// Fork and execve, but no sandboxing // Fork and execve, but no sandboxing
@ -38,10 +40,10 @@ message ForkRequest {
repeated bytes envs = 2; repeated bytes envs = 2;
// How to interpret the request // How to interpret the request
required Mode mode = 3; optional Mode mode = 3;
// Clone flags for the new process // Clone flags for the new process
optional int32 clone_flags = 4 [default = 0]; optional int32 clone_flags = 4;
// Capabilities to keep when starting the sandboxee // Capabilities to keep when starting the sandboxee
repeated int32 capabilities = 5; repeated int32 capabilities = 5;