[klibc] run-init: add drop_capabilities support

Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336, this moves the capability code down into the run-init library, so that run-init can use it as well, via the new "-d" flag. Signed-off-by: Kees Cook <kees@outflux.net> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
author: Kees Cook <keescook@chromium.org> 2012-05-03 19:04:51 -0700
committer: H. Peter Anvin <hpa@linux.intel.com> 2012-05-15 15:31:06 -0700
commit: e6ed5f9eb80d5df417f538e27270fe9b61db35e4 (patch)
tree: 11c946bfe41d58efc2060c4f1c03814d439e731a
parent: a7c9df59f35bfe745ecd8177a609642b927add35 (diff)
download: klibc-e6ed5f9eb80d5df417f538e27270fe9b61db35e4.tar.gz
7 files changed, 39 insertions, 14 deletions
diff --git a/usr/kinit/Kbuild b/usr/kinit/Kbuild
index 8f6d08e00ed382..53201279b16172 100644
--- a/usr/kinit/Kbuild
+++ b/usr/kinit/Kbuild
@@ -3,14 +3,13 @@
 #
 
 # library part of kinit. Is used by programs in sub-directories (resume et al)
-lib-y   := name_to_dev.o devname.o getarg.o
+lib-y   := name_to_dev.o devname.o getarg.o capabilities.o
 # use lib for kinit
 kinit-y  := lib.a
 
 kinit-y  += kinit.o do_mounts.o ramdisk_load.o initrd.o
 kinit-y  += getintfile.o readfile.o xpio.o
 kinit-y  += do_mounts_md.o do_mounts_mtd.o nfsroot.o
-kinit-y  += capabilities.o
 
 kinit-y  += ipconfig/
 kinit-y  += nfsmount/
diff --git a/usr/kinit/capabilities.h b/usr/kinit/capabilities.h
new file mode 100644
index 00000000000000..a32a66a77948a1
--- /dev/null
+++ b/usr/kinit/capabilities.h
@@ -0,0 +1,10 @@
+/*
+ * capabilities.h
+ */
+
+#ifndef KINIT_CAPABILITIES_H
+#define KINIT_CAPABILITIES_H
+
+int drop_capabilities(const char *caps);
+
+#endif						/* KINIT_CAPABILITIES_H */
diff --git a/usr/kinit/kinit.c b/usr/kinit/kinit.c
index 8ea0da551a14d6..523c92bfe2ba5b 100644
--- a/usr/kinit/kinit.c
+++ b/usr/kinit/kinit.c
@@ -284,8 +284,6 @@ int main(int argc, char *argv[])
 	check_path("/root");
 	do_mounts(cmdc, cmdv);
 
-	drop_capabilities(get_arg(cmdc, cmdv, "drop_capabilities="));
-
 	if (mnt_procfs) {
 		umount2("/proc", 0);
 		mnt_procfs = 0;
@@ -305,7 +303,9 @@ int main(int argc, char *argv[])
 
 	init_argv[0] = strrchr(init_path, '/') + 1;
 
-	errmsg = run_init("/root", "/dev/console", init_path, init_argv);
+	errmsg = run_init("/root", "/dev/console",
+			  get_arg(cmdc, cmdv, "drop_capabilities="),
+			  init_path, init_argv);
 
 	/* If run_init returned, something went bad */
 	fprintf(stderr, "%s: %s: %s\n", progname, errmsg, strerror(errno));
diff --git a/usr/kinit/run-init/Kbuild b/usr/kinit/run-init/Kbuild
index bf6e140bc37eb3..f7832b7d0bee67 100644
--- a/usr/kinit/run-init/Kbuild
+++ b/usr/kinit/run-init/Kbuild
@@ -18,9 +18,14 @@ lib-y := $(objs)
 # personality(2) flag from getting set and passed to init).
 EXTRA_KLIBCLDFLAGS += -z noexecstack
 
+# Additional include paths files
+KLIBCCFLAGS += -I$(srctree)/$(src)/..
+
 # .o files used to built executables
-static/run-init-y := $(objs)
-shared/run-init-y := $(objs)
+static/run-init-y   := $(objs)
+static/run-init-lib := ../lib.a
+shared/run-init-y   := $(objs)
+shared/run-init-lib := ../lib.a
 
 # Cleaning
 clean-dirs := static shared
diff --git a/usr/kinit/run-init/run-init.c b/usr/kinit/run-init/run-init.c
index 0f150ddae23211..2147d06dfa1e09 100644
--- a/usr/kinit/run-init/run-init.c
+++ b/usr/kinit/run-init/run-init.c
@@ -26,13 +26,14 @@
  * ----------------------------------------------------------------------- */
 
 /*
- * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@"
+ * Usage: exec run-init [-d caps] [-c /dev/console] /real-root /sbin/init "$@"
  *
  * This program should be called as the last thing in a shell script
  * acting as /init in an initramfs; it does the following:
  *
  * - Delete all files in the initramfs;
  * - Remounts /real-root onto the root filesystem;
+ * - Drops comma-separated list of capabilities;
  * - Chroots;
  * - Opens /dev/console;
  * - Spawns the specified init program (with arguments.)
@@ -50,7 +51,7 @@ static const char *program;
 static void __attribute__ ((noreturn)) usage(void)
 {
 	fprintf(stderr,
-		"Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n",
+		"Usage: exec %s [-d caps] [-c consoledev] /real-root /sbin/init [args]\n",
 		program);
 	exit(1);
 }
@@ -62,6 +63,7 @@ int main(int argc, char *argv[])
 	const char *realroot;
 	const char *init;
 	const char *error;
+	const char *drop_caps = NULL;
 	char **initargs;
 
 	/* Variables... */
@@ -70,9 +72,11 @@ int main(int argc, char *argv[])
 	/* Parse the command line */
 	program = argv[0];
 
-	while ((o = getopt(argc, argv, "c:")) != -1) {
+	while ((o = getopt(argc, argv, "c:d:")) != -1) {
 		if (o == 'c') {
 			console = optarg;
+		} else if (o == 'd') {
+			drop_caps = optarg;
 		} else {
 			usage();
 		}
@@ -85,7 +89,7 @@ int main(int argc, char *argv[])
 	init = argv[optind + 1];
 	initargs = argv + optind + 1;
 
-	error = run_init(realroot, console, init, initargs);
+	error = run_init(realroot, console, drop_caps, init, initargs);
 
 	/* If run_init returns, something went wrong */
 	fprintf(stderr, "%s: %s: %s\n", program, error, strerror(errno));
diff --git a/usr/kinit/run-init/run-init.h b/usr/kinit/run-init/run-init.h
index a95328ed4b6da9..da3136a76a7efe 100644
--- a/usr/kinit/run-init/run-init.h
+++ b/usr/kinit/run-init/run-init.h
@@ -29,6 +29,6 @@
 #define RUN_INIT_H
 
 const char *run_init(const char *realroot, const char *console,
-		     const char *init, char **initargs);
+		     const char *drop_caps, const char *init, char **initargs);
 
 #endif
diff --git a/usr/kinit/run-init/runinitlib.c b/usr/kinit/run-init/runinitlib.c
index 8f1562fba7ff00..fe856bd64a5a1b 100644
--- a/usr/kinit/run-init/runinitlib.c
+++ b/usr/kinit/run-init/runinitlib.c
@@ -26,7 +26,7 @@
  * ----------------------------------------------------------------------- */
 
 /*
- * run_init(consoledev, realroot, init, initargs)
+ * run_init(realroot, consoledev, drop_caps, init, initargs)
  *
  * This function should be called as the last thing in kinit,
  * from initramfs, it does the following:
@@ -34,6 +34,7 @@
  * - Delete all files in the initramfs;
  * - Remounts /real-root onto the root filesystem;
  * - Chroots;
+ * - Drops comma-separated list of capabilities;
  * - Opens /dev/console;
  * - Spawns the specified init program (with arguments.)
  *
@@ -53,6 +54,7 @@
 #include <sys/types.h>
 #include <sys/vfs.h>
 #include "run-init.h"
+#include "capabilities.h"
 
 /* Make it possible to compile on glibc by including constants that the
    always-behind shipped glibc headers may not include.  Classic example
@@ -154,7 +156,8 @@ static int nuke(const char *what)
 }
 
 const char *run_init(const char *realroot, const char *console,
-		     const char *init, char **initargs)
+		     const char *drop_caps, const char *init,
+		     char **initargs)
 {
 	struct stat rst, cst;
 	struct statfs sfs;
@@ -195,6 +198,10 @@ const char *run_init(const char *realroot, const char *console,
 	if (chroot(".") || chdir("/"))
 		return "chroot";
 
+	/* Drop capabilities */
+	if (drop_capabilities(drop_caps) < 0)
+		return "dropping capabilities";
+
 	/* Open /dev/console */
 	if ((confd = open(console, O_RDWR)) < 0)
 		return "opening console";
author	Kees Cook <keescook@chromium.org>	2012-05-03 19:04:51 -0700
committer	H. Peter Anvin <hpa@linux.intel.com>	2012-05-15 15:31:06 -0700
commit	e6ed5f9eb80d5df417f538e27270fe9b61db35e4 (patch)
tree	11c946bfe41d58efc2060c4f1c03814d439e731a
parent	a7c9df59f35bfe745ecd8177a609642b927add35 (diff)
download	klibc-e6ed5f9eb80d5df417f538e27270fe9b61db35e4.tar.gz