Simon McVittie
23
bubblewrap.c
23
bubblewrap.c
@@ -72,6 +72,7 @@ static const char *opt_exec_label = NULL;
|
|||||||
static const char *opt_file_label = NULL;
|
static const char *opt_file_label = NULL;
|
||||||
static bool opt_as_pid_1;
|
static bool opt_as_pid_1;
|
||||||
|
|
||||||
|
static const char *opt_argv0 = NULL;
|
||||||
static const char *opt_chdir_path = NULL;
|
static const char *opt_chdir_path = NULL;
|
||||||
static bool opt_assert_userns_disabled = FALSE;
|
static bool opt_assert_userns_disabled = FALSE;
|
||||||
static bool opt_disable_userns = FALSE;
|
static bool opt_disable_userns = FALSE;
|
||||||
@@ -309,6 +310,7 @@ usage (int ecode, FILE *out)
|
|||||||
" --help Print this help\n"
|
" --help Print this help\n"
|
||||||
" --version Print version\n"
|
" --version Print version\n"
|
||||||
" --args FD Parse NUL-separated args from FD\n"
|
" --args FD Parse NUL-separated args from FD\n"
|
||||||
|
" --argv0 VALUE Set argv[0] to the value VALUE before running the program\n"
|
||||||
" --unshare-all Unshare every namespace we support by default\n"
|
" --unshare-all Unshare every namespace we support by default\n"
|
||||||
" --share-net Retain the network namespace (can only combine with --unshare-all)\n"
|
" --share-net Retain the network namespace (can only combine with --unshare-all)\n"
|
||||||
" --unshare-user Create new user namespace (may be automatically implied if not setuid)\n"
|
" --unshare-user Create new user namespace (may be automatically implied if not setuid)\n"
|
||||||
@@ -1728,6 +1730,18 @@ parse_args_recurse (int *argcp,
|
|||||||
argv += 1;
|
argv += 1;
|
||||||
argc -= 1;
|
argc -= 1;
|
||||||
}
|
}
|
||||||
|
else if (strcmp (arg, "--argv0") == 0)
|
||||||
|
{
|
||||||
|
if (argc < 2)
|
||||||
|
die ("--argv0 takes one argument");
|
||||||
|
|
||||||
|
if (opt_argv0 != NULL)
|
||||||
|
die ("--argv0 used multiple times");
|
||||||
|
|
||||||
|
opt_argv0 = argv[1];
|
||||||
|
argv++;
|
||||||
|
argc--;
|
||||||
|
}
|
||||||
else if (strcmp (arg, "--unshare-all") == 0)
|
else if (strcmp (arg, "--unshare-all") == 0)
|
||||||
{
|
{
|
||||||
/* Keep this in order with the older (legacy) --unshare arguments,
|
/* Keep this in order with the older (legacy) --unshare arguments,
|
||||||
@@ -2641,6 +2655,7 @@ main (int argc,
|
|||||||
int res UNUSED;
|
int res UNUSED;
|
||||||
cleanup_free char *args_data UNUSED = NULL;
|
cleanup_free char *args_data UNUSED = NULL;
|
||||||
int intermediate_pids_sockets[2] = {-1, -1};
|
int intermediate_pids_sockets[2] = {-1, -1};
|
||||||
|
const char *exec_path = NULL;
|
||||||
|
|
||||||
/* Handle --version early on before we try to acquire/drop
|
/* Handle --version early on before we try to acquire/drop
|
||||||
* any capabilities so it works in a build environment;
|
* any capabilities so it works in a build environment;
|
||||||
@@ -3351,7 +3366,11 @@ main (int argc,
|
|||||||
we don't want to error out here */
|
we don't want to error out here */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (execvp (argv[0], argv) == -1)
|
exec_path = argv[0];
|
||||||
|
if (opt_argv0 != NULL)
|
||||||
|
argv[0] = (char *) opt_argv0;
|
||||||
|
|
||||||
|
if (execvp (exec_path, argv) == -1)
|
||||||
{
|
{
|
||||||
if (setup_finished_pipe[1] != -1)
|
if (setup_finished_pipe[1] != -1)
|
||||||
{
|
{
|
||||||
@@ -3362,7 +3381,7 @@ main (int argc,
|
|||||||
/* Ignore res, if e.g. the parent died and closed setup_finished_pipe[0]
|
/* Ignore res, if e.g. the parent died and closed setup_finished_pipe[0]
|
||||||
we don't want to error out here */
|
we don't want to error out here */
|
||||||
}
|
}
|
||||||
die_with_error ("execvp %s", argv[0]);
|
die_with_error ("execvp %s", exec_path);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -92,6 +92,10 @@
|
|||||||
multiple sources.
|
multiple sources.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--argv0 <arg choice="plain">VALUE</arg></option></term>
|
||||||
|
<listitem><para>Set argv[0] to the value <arg choice="plain">VALUE</arg> before running the program</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
<para>Options related to kernel namespaces:</para>
|
<para>Options related to kernel namespaces:</para>
|
||||||
<variablelist>
|
<variablelist>
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ _bwrap() {
|
|||||||
$boolean_optons
|
$boolean_optons
|
||||||
--add-seccomp-fd
|
--add-seccomp-fd
|
||||||
--args
|
--args
|
||||||
|
--argv0
|
||||||
--bind
|
--bind
|
||||||
--bind-data
|
--bind-data
|
||||||
--block-fd
|
--block-fd
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ _bwrap_args=(
|
|||||||
'--add-seccomp-fd[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"'
|
'--add-seccomp-fd[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"'
|
||||||
'--assert-userns-disabled[Fail unless further use of user namespace inside sandbox is disabled]'
|
'--assert-userns-disabled[Fail unless further use of user namespace inside sandbox is disabled]'
|
||||||
'--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"'
|
'--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"'
|
||||||
|
'--argv0[Set argv0 to the value VALUE before running the program]:value:'
|
||||||
'--as-pid-1[Do not install a reaper process with PID=1]'
|
'--as-pid-1[Do not install a reaper process with PID=1]'
|
||||||
'--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files'
|
'--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files'
|
||||||
'--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files'
|
'--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files'
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ srcd=$(cd $(dirname "$0") && pwd)
|
|||||||
|
|
||||||
bn=$(basename "$0")
|
bn=$(basename "$0")
|
||||||
|
|
||||||
echo "1..58"
|
echo "1..59"
|
||||||
|
|
||||||
# Test help
|
# Test help
|
||||||
${BWRAP} --help > help.txt
|
${BWRAP} --help > help.txt
|
||||||
@@ -532,4 +532,12 @@ echo "PWD=$(pwd -P)" > reference
|
|||||||
assert_files_equal stdout reference
|
assert_files_equal stdout reference
|
||||||
echo "ok - environment manipulation"
|
echo "ok - environment manipulation"
|
||||||
|
|
||||||
|
$RUN sh -c 'echo $0' > stdout
|
||||||
|
assert_file_has_content stdout sh
|
||||||
|
$RUN --argv0 sh sh -c 'echo $0' > stdout
|
||||||
|
assert_file_has_content stdout sh
|
||||||
|
$RUN --argv0 right sh -c 'echo $0' > stdout
|
||||||
|
assert_file_has_content stdout right
|
||||||
|
echo "ok - argv0 manipulation"
|
||||||
|
|
||||||
echo "ok - End of test"
|
echo "ok - End of test"
|
||||||
|
|||||||
Reference in New Issue
Block a user