Added flag to allow passing files passed as arguments

master
xSmurf 10 years ago
parent 2135084b86
commit 201037c26d

@ -161,14 +161,16 @@ func (d *daemonState) launch(p *oz.Profile, pwd string, args, env []string, uid,
}
func (sbox *Sandbox) launchProgram(pwd string, args []string, log *logging.Logger) {
for _, fpath := range args {
if _, err := os.Stat(fpath); err == nil {
if filepath.IsAbs(fpath) == false {
fpath = path.Join(pwd, fpath)
}
log.Info("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name)
if err := sbox.fs.AddBindWhitelist(fpath, fpath, false); err != nil {
log.Warning("Error adding file `%s`!", fpath)
if sbox.profile.AllowFiles {
for _, fpath := range args {
if _, err := os.Stat(fpath); err == nil {
if filepath.IsAbs(fpath) == false {
fpath = path.Join(pwd, fpath)
}
log.Info("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name)
if err := sbox.fs.AddBindWhitelist(fpath, fpath, false); err != nil {
log.Warning("Error adding file `%s`!", fpath)
}
}
}
}

@ -26,6 +26,8 @@ type Profile struct {
// Also disables default blacklist items (/sbin, /usr/sbin, /usr/bin/sudo)
// Normally not used
NoDefaults bool
// Allow bind mounting of files passed as arguments inside the container
AllowFiles bool `json:"allow_files"`
// List of paths to bind mount inside jail
Whitelist []WhitelistItem
// List of paths to blacklist inside jail

@ -1,5 +1,6 @@
{
"path": "/usr/bin/evince"
, "allow_files": true
, "xserver": {
"enabled": true
, "enable_tray": true

Loading…
Cancel
Save