diff options
author | Alexander Larsson <alexl@redhat.com> | 2018-05-14 18:03:48 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2018-05-16 14:13:29 +0200 |
commit | ed9e9293d5cdb1e0ef05bbe53e6530b16e1c9dcc (patch) | |
tree | 16db8eb1ab993c430421adb6d3bfe6131e156153 | |
parent | 00100eebe30ea1766e6ff0fbdc7082231b5f6bbc (diff) | |
download | bubblewrap-create-socket.tar.gz |
Add --close-fd argumentcreate-socket
This just closes the fd once the sandbox is setup, and lets you know
that e.g. any sockets are bound and listened.
Flatpak will use this to ensure that all dbus proxy sockets are
bound and listened before spawning the proxy (because its an error
to call accept() on the sockets before its been listen()ed).
-rw-r--r-- | bubblewrap.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index f4d1b1e..4c85f8d 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -71,6 +71,7 @@ bool opt_die_with_parent = FALSE; uid_t opt_sandbox_uid = -1; gid_t opt_sandbox_gid = -1; int opt_sync_fd = -1; +int opt_close_fd = -1; int opt_block_fd = -1; int opt_userns_block_fd = -1; int opt_info_fd = -1; @@ -208,6 +209,7 @@ usage (int ecode, FILE *out) " --unsetenv VAR Unset an environment variable\n" " --lock-file DEST Take a lock on DEST while sandbox is running\n" " --sync-fd FD Keep this fd open while sandbox is running\n" + " --close-fd FD Close this fd when sandbox setup is done\n" " --bind SRC DEST Bind mount the host path SRC on DEST\n" " --dev-bind SRC DEST Bind mount the host path SRC on DEST, allowing device access\n" " --ro-bind SRC DEST Bind mount the host path SRC readonly on DEST\n" @@ -1733,6 +1735,23 @@ parse_args_recurse (int *argcp, argv += 1; argc -= 1; } + else if (strcmp (arg, "--close-fd") == 0) + { + int the_fd; + char *endptr; + + if (argc < 2) + die ("--close-fd takes an argument"); + + the_fd = strtol (argv[1], &endptr, 10); + if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0) + die ("Invalid fd: %s", argv[1]); + + opt_close_fd = the_fd; + + argv += 1; + argc -= 1; + } else if (strcmp (arg, "--block-fd") == 0) { int the_fd; @@ -2229,6 +2248,9 @@ main (int argc, /* Optionally bind our lifecycle to that of the parent */ handle_die_with_parent (); + if (opt_close_fd != -1) + close (opt_close_fd); + if (opt_info_fd != -1) { cleanup_free char *output = xasprintf ("{\n \"child-pid\": %i\n}\n", pid); @@ -2458,6 +2480,9 @@ main (int argc, /* All privileged ops are done now, so drop caps we don't need */ drop_privs (!is_privileged); + if (opt_close_fd != -1) + close (opt_close_fd); + if (opt_block_fd != -1) { char b[1]; |