Added flag to allow passing files passed as arguments

master
xSmurf 10 years ago
parent 2135084b86
commit 201037c26d

@ -161,14 +161,16 @@ func (d *daemonState) launch(p *oz.Profile, pwd string, args, env []string, uid,
} }
func (sbox *Sandbox) launchProgram(pwd string, args []string, log *logging.Logger) { func (sbox *Sandbox) launchProgram(pwd string, args []string, log *logging.Logger) {
for _, fpath := range args { if sbox.profile.AllowFiles {
if _, err := os.Stat(fpath); err == nil { for _, fpath := range args {
if filepath.IsAbs(fpath) == false { if _, err := os.Stat(fpath); err == nil {
fpath = path.Join(pwd, fpath) if filepath.IsAbs(fpath) == false {
} fpath = path.Join(pwd, fpath)
log.Info("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name) }
if err := sbox.fs.AddBindWhitelist(fpath, fpath, false); err != nil { log.Info("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name)
log.Warning("Error adding file `%s`!", fpath) if err := sbox.fs.AddBindWhitelist(fpath, fpath, false); err != nil {
log.Warning("Error adding file `%s`!", fpath)
}
} }
} }
} }

@ -26,6 +26,8 @@ type Profile struct {
// Also disables default blacklist items (/sbin, /usr/sbin, /usr/bin/sudo) // Also disables default blacklist items (/sbin, /usr/sbin, /usr/bin/sudo)
// Normally not used // Normally not used
NoDefaults bool NoDefaults bool
// Allow bind mounting of files passed as arguments inside the container
AllowFiles bool `json:"allow_files"`
// List of paths to bind mount inside jail // List of paths to bind mount inside jail
Whitelist []WhitelistItem Whitelist []WhitelistItem
// List of paths to blacklist inside jail // List of paths to blacklist inside jail

@ -1,5 +1,6 @@
{ {
"path": "/usr/bin/evince" "path": "/usr/bin/evince"
, "allow_files": true
, "xserver": { , "xserver": {
"enabled": true "enabled": true
, "enable_tray": true , "enable_tray": true

Loading…
Cancel
Save