chroot: enforce writeable policy decision

The writeable decision given in the policy will always override the
decision made by the client.

Fixes #2643
This commit is contained in:
Josef Söntgen 2018-02-15 10:56:52 +01:00 committed by Norman Feske
parent 7bee21a4fd
commit 2e9a19d5b0
2 changed files with 22 additions and 0 deletions

View File

@ -31,3 +31,7 @@ file system session from "X" would be rooted to the directory
! </route> ! </route>
! ... ! ...
! </start> ! </start>
In addition, the 'chroot' component will intercept the 'writeable' session
argument and only if its own policy allows it (i.e. the 'writeable' attribute
is to 'yes') the child is permitted to create a writeable connection.

View File

@ -170,6 +170,24 @@ struct Chroot::Main
/* sacrifice the label to make space for the root argument */ /* sacrifice the label to make space for the root argument */
Arg_string::remove_arg(new_args, "label"); Arg_string::remove_arg(new_args, "label");
/* enforce writeable policy decision */
{
enum { WRITEABLE_ARG_MAX_LEN = 4, };
char tmp[WRITEABLE_ARG_MAX_LEN];
Arg_string::find_arg(new_args, "writeable").string(tmp, sizeof(tmp), "no");
/* session argument */
bool const writeable_arg =
Arg_string::find_arg(new_args, "writeable").bool_value(false);
/* label-based session policy */
bool const writeable_policy =
policy.attribute_value("writeable", false);
bool const writeable = writeable_arg && writeable_policy;
Arg_string::set_arg(new_args, ARGS_MAX_LEN, "writeable", writeable);
}
Arg_string::set_arg_string(new_args, ARGS_MAX_LEN, "root", new_root); Arg_string::set_arg_string(new_args, ARGS_MAX_LEN, "root", new_root);
Affinity affinity; Affinity affinity;