diff options
| author | Alexander Larsson <alexl@redhat.com> | 2018-12-15 00:16:06 +0100 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-04-09 09:18:15 +0000 |
| commit | 80249b5f4dc1ab3f8a4d46915ae7350ae4960812 (patch) | |
| tree | 09fa8ea2c9c21e005168dbbd3d74c30e7bb00a34 | |
| parent | aeecbb7d2b41a3d2857ad970b3b557dc1be269c3 (diff) | |
| download | flatpak-80249b5f4dc1ab3f8a4d46915ae7350ae4960812.tar.gz | |
revokefs: Add demo to show how to revoke permissions
The demo starts two instances by the same users so
the revoke doesn't really enforce any separation, but
it demos how you would do it.
Closes: #2657
Approved by: alexlarsson
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | revokefs/Makefile.am.inc | 6 | ||||
| -rw-r--r-- | revokefs/demo.c | 80 |
3 files changed, 87 insertions, 0 deletions
@@ -59,6 +59,7 @@ common/flatpak-enum-types.h test-libflatpak httpcache revokefs-fuse +revokefs-demo Flatpak-1.0.* /app/parse-datetime.c /doc/reference/gtkdoc-check.log diff --git a/revokefs/Makefile.am.inc b/revokefs/Makefile.am.inc index d1be5e96..77cb5398 100644 --- a/revokefs/Makefile.am.inc +++ b/revokefs/Makefile.am.inc @@ -20,7 +20,13 @@ libexec_PROGRAMS += revokefs-fuse +noinst_PROGRAMS += revokefs-demo + revokefs_fuse_SOURCES = revokefs/main.c revokefs/writer.c revokefs/writer.h revokefs_fuse_CFLAGS = $(BASE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(FUSE_CFLAGS) -I$(srcdir)/libglnx revokefs_fuse_LDADD = libglnx.la $(BASE_LIBS) $(FUSE_LIBS) + +revokefs_demo_SOURCES = revokefs/demo.c +revokefs_demo_CFLAGS = $(BASE_CFLAGS) +revokefs_demo_LDADD = $(BASE_LIBS) diff --git a/revokefs/demo.c b/revokefs/demo.c new file mode 100644 index 00000000..6608b52f --- /dev/null +++ b/revokefs/demo.c @@ -0,0 +1,80 @@ +#include <glib.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/socket.h> +#include <unistd.h> +#include <fcntl.h> + +int +main (int argc, char *argv[]) +{ + int sockets[2]; + g_autofree char *socket_0 = NULL; + g_autofree char *socket_1 = NULL; + GError *error = NULL; + char buf[20]; + GPid backend_pid, fuse_pid; + + if (argc != 3) + { + g_printerr ("Usage: revokefs-demo basepath targetpath\n"); + exit (EXIT_FAILURE); + } + + if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sockets)) + { + perror ("Failed to create socket pair"); + exit (EXIT_FAILURE); + } + + socket_0 = g_strdup_printf ("--socket=%d", sockets[0]); + socket_1 = g_strdup_printf ("--socket=%d", sockets[1]); + + char *backend_argv[] = + { + "./revokefs-fuse", + "--backend", + socket_0, + argv[1], + NULL + }; + + /* Don't inherit fuse socket in backend */ + fcntl (sockets[1], F_SETFD, FD_CLOEXEC); + if (!g_spawn_async (NULL, + backend_argv, + NULL, + G_SPAWN_LEAVE_DESCRIPTORS_OPEN, + NULL, NULL, + &backend_pid, &error)) + { + g_printerr ("Failed to launch backend: %s", error->message); + exit (EXIT_FAILURE); + } + close (sockets[0]); /* Close backend side now so it doesn't get into the fuse child */ + + char *fuse_argv[] = + { + "./revokefs-fuse", + socket_1, + argv[1], + argv[2], + NULL + }; + + if (!g_spawn_async (NULL, + fuse_argv, + NULL, + G_SPAWN_LEAVE_DESCRIPTORS_OPEN, + NULL, NULL, + &fuse_pid, &error)) + { + g_printerr ("Failed to launch backend: %s", error->message); + exit (EXIT_FAILURE); + } + + g_print ("Started revokefs, press enter to revoke"); + fgets(buf, sizeof(buf), stdin); + g_print ("Revoking write permissions"); + shutdown (sockets[1], SHUT_RDWR); +} |