StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Improve diagnostics when dynamically linked binary is sandboxed, but can't be exec'd.

Browse Source 
PiperOrigin-RevId: 286391400
Change-Id: I016deb34eb895480131da24bc95a6244d92f3710
This commit is contained in:
Sandboxed API Team 2019-12-19 07:48:09 -08:00 committed by Copybara-Service
parent e969deea33
commit aea1ecd58d
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sandboxed_api/sandbox2/forkserver.cc
View File

@ -635,6 +635,13 @@ void ForkServer::ExecuteProcess(int execve_fd, const char** argv,
"sandbox2::ForkServer: This is likely caused by running" "sandbox2::ForkServer: This is likely caused by running"
" sandbox2 on too old a kernel." " sandbox2 on too old a kernel."
); );
} else if (saved_errno == ENOENT && execve_fd >= 0) {
// Since we know the file exists, it must be that the file is dynamically
// linked and the ELF interpreter is what's actually missing.
SAPI_RAW_LOG(ERROR,
"sandbox2::ForkServer: This is likely caused by running"
" dynamically-linked sandboxee without calling"
" .AddLibrariesForBinary() on the policy builder.");
} }
util::Syscall(__NR_exit_group, EXIT_FAILURE); util::Syscall(__NR_exit_group, EXIT_FAILURE);