#include <dirent.h>
#include "server-CaptiveIOChannel.h"
#include <errno.h>
+#include "../client/giochannel-blind.h" /* for captive_giochannel_blind_new() */
/* CONFIG: */
static void sandbox_parent(const gchar *Vfs_IOR,const gchar *child_chroot_pid_hashkey_dir,
struct captive_options *options_captive,Captive_Vfs *corba_Vfs_object_return,
- Captive_GLogFunc *corba_GLogFunc_object_return,Captive_CaptiveIOChannel *corba_CaptiveIOChannel_object_return)
+ Captive_GLogFunc *corba_GLogFunc_object_return,Captive_CaptiveIOChannel *corba_CaptiveIOChannel_object_return,
+ GIOChannel **corba_parent_giochanel_blind_ptr)
{
Captive_Vfs Vfs_object;
Captive_GLogFunc GLogFunc_object;
g_assert(validate_CORBA_Environment(&captive_corba_ev));
/* Init 'CaptiveIOChannel_object' */
+ if (!*corba_parent_giochanel_blind_ptr)
+ *corba_parent_giochanel_blind_ptr=(GIOChannel *)captive_giochannel_blind_new(options_captive->image_iochannel);
CaptiveIOChannel_object=impl_Captive_CaptiveIOChannel__create(captive_corba_poa,
- options_captive->image_iochannel,&captive_corba_ev);
+ *corba_parent_giochanel_blind_ptr,&captive_corba_ev);
g_assert(validate_CORBA_Environment(&captive_corba_ev));
/* Create the socket needed for 'sandbox_parent_own_orbit_socket' below
CORBA_free(GLogFunc_IOR);
}
- if (!sandbox_parent_own_orbit_socket) {
+ if (sandbox_parent_own_orbit_dir && !sandbox_parent_own_orbit_socket) {
DIR *dir;
struct dirent *dirent;
- g_assert(sandbox_parent_own_orbit_dir!=NULL);
-
dir=opendir(sandbox_parent_own_orbit_dir);
g_assert(dir!=NULL);
g_assert(sandbox_parent_own_orbit_socket!=NULL);
}
- child_chroot_parent_own_orbit_dir=captive_printf_alloca("%s/%s",child_chroot_pid_hashkey_dir,sandbox_parent_own_orbit_dir);
- errint=mkdir(child_chroot_parent_own_orbit_dir,0777);
- g_assert(errint==0);
- child_chroot_parent_own_orbit_socket=captive_printf_alloca("%s/%s",
- child_chroot_pid_hashkey_dir,sandbox_parent_own_orbit_socket);
- errint=link(sandbox_parent_own_orbit_socket,child_chroot_parent_own_orbit_socket);
- g_assert(errint==0);
- /* chmod(2)s also our orig. one (!) but this one is protected by its 0777 directory. */
- errint=chmod(child_chroot_parent_own_orbit_socket,0666);
- g_assert(errint==0);
+ if (child_chroot_pid_hashkey_dir) {
+ child_chroot_parent_own_orbit_dir=captive_printf_alloca("%s/%s",child_chroot_pid_hashkey_dir,sandbox_parent_own_orbit_dir);
+ errint=mkdir(child_chroot_parent_own_orbit_dir,0777);
+ g_assert(errint==0);
+ child_chroot_parent_own_orbit_socket=captive_printf_alloca("%s/%s",
+ child_chroot_pid_hashkey_dir,sandbox_parent_own_orbit_socket);
+ errint=link(sandbox_parent_own_orbit_socket,child_chroot_parent_own_orbit_socket);
+ g_assert(errint==0);
+ /* chmod(2)s also our orig. one (!) but this one is protected by its 0777 directory. */
+ errint=chmod(child_chroot_parent_own_orbit_socket,0666);
+ g_assert(errint==0);
+ }
options_corba.g_log_func=GLogFunc_object;
options_module_captive_to_options_module_corba(&options_corba.filesystem,&options_captive->filesystem);
- options_corba.rwmode =options_captive->rwmode;
+ /* Prevent secondary captive_giochannel_blind inside of our sandbox child
+ * as we already have one captive_giochannel_blind in the parent.
+ */
+ options_corba.rwmode =(options_captive->rwmode == CAPTIVE_OPTION_RWMODE_BLIND ? CAPTIVE_OPTION_RWMODE_RW
+ : options_captive->rwmode);
options_corba.media =options_captive->media;
options_corba.debug_messages=options_captive->debug_messages;
options_corba.image_iochannel=CaptiveIOChannel_object;
gboolean captive_sandbox_spawn(CaptiveVfsObject *child_captive_vfs_object,
Captive_Vfs *corba_Vfs_object_return,Captive_GLogFunc *corba_GLogFunc_object_return,
- Captive_CaptiveIOChannel *corba_CaptiveIOChannel_object_return,int *parentheart_fds_1_return,
- pid_t *child_pid_return)
+ Captive_CaptiveIOChannel *corba_CaptiveIOChannel_object_return,GIOChannel **corba_parent_giochanel_blind_ptr,
+ int *parentheart_fds_1_return,pid_t *child_pid_return)
{
/* Vfs_IOR_fds[0] for reading by sandbox_parent() - client,
* Vfs_IOR_fds[1] for writing by sandbox_child() - server
*/
int Vfs_IOR_fds[2],parentheart_fds[2];
int errint;
+gboolean errbool;
g_return_val_if_fail(child_captive_vfs_object!=NULL,FALSE);
g_return_val_if_fail(corba_Vfs_object_return!=NULL,FALSE);
if (child_captive_vfs_object->options.sandbox_server_ior) {
g_assert(child_captive_vfs_object->options.sandbox_server_argv==NULL);
+
+ errbool=corba_init("captive-sandbox-parent",&captive_corba_ev,&captive_corba_orb,&captive_corba_poa);
+ g_assert(errbool==TRUE);
+
*parentheart_fds_1_return=-1;
*child_pid_return=-1;
sandbox_parent(
&child_captive_vfs_object->options, /* options_captive */
corba_Vfs_object_return, /* corba_Vfs_object_return */
corba_GLogFunc_object_return, /* corba_GLogFunc_object_return */
- corba_CaptiveIOChannel_object_return); /* corba_CaptiveIOChannel_object_return */
+ corba_CaptiveIOChannel_object_return, /* corba_CaptiveIOChannel_object_return */
+ corba_parent_giochanel_blind_ptr); /* corba_parent_giochanel_blind_ptr */
return TRUE;
}
&child_captive_vfs_object->options, /* options_captive */
corba_Vfs_object_return, /* corba_Vfs_object_return */
corba_GLogFunc_object_return, /* corba_GLogFunc_object_return */
- corba_CaptiveIOChannel_object_return); /* corba_CaptiveIOChannel_object_return */
+ corba_CaptiveIOChannel_object_return, /* corba_CaptiveIOChannel_object_return */
+ corba_parent_giochanel_blind_ptr); /* corba_parent_giochanel_blind_ptr */
g_free(Vfs_IOR);
g_free(child_chroot_pid_hashkey_dir);
git://git.jankratochvil.net / captive.git / commitdiff