1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-28 06:27:45 +00:00

Kernel+Userland: Remove chroot functionality

We are not using this for anything and it's just been sitting there
gathering dust for well over a year, so let's stop carrying all this
complexity around for no good reason.
This commit is contained in:
Andreas Kling 2021-08-15 01:29:44 +02:00
parent 96d5d017b7
commit 1b739a72c2
19 changed files with 3 additions and 289 deletions

View file

@ -1,7 +1,7 @@
file(GLOB CMD_SOURCES CONFIGURE_DEPENDS "*.cpp")
list(APPEND SPECIAL_TARGETS test install)
list(APPEND REQUIRED_TARGETS
arp base64 basename cat chmod chown chroot clear comm cp cut date dd df dirname dmesg du echo env expr false fgrep
arp base64 basename cat chmod chown clear comm cp cut date dd df dirname dmesg du echo env expr false fgrep
file find grep groups head host hostname id ifconfig kill killall ln ls mkdir mount mv nproc
pgrep pidof ping pmap ps readlink realpath reboot rm rmdir seq shutdown sleep sort stat stty su tail test
touch tr true umount uname uniq uptime w wc which whoami xargs yes less

View file

@ -1,107 +0,0 @@
/*
* Copyright (c) 2020, Sergey Bugaev <bugaevc@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/StringView.h>
#include <LibCore/ArgsParser.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char** argv)
{
int flags = -1;
uid_t chroot_user = 0;
gid_t chroot_group = 0;
const char* path = nullptr;
const char* program = "/bin/Shell";
const char* userspec = "0:0";
Core::ArgsParser args_parser;
args_parser.set_general_help(
"Run a program in a chroot sandbox. During execution, the program "
"sees the given path as '/', and cannot access files outside of it.");
args_parser.add_positional_argument(path, "New root directory", "path");
args_parser.add_positional_argument(program, "Program to run", "program", Core::ArgsParser::Required::No);
Core::ArgsParser::Option userspec_option {
true,
"The uid:gid to use",
"userspec",
'u',
"userpec",
[&userspec](const char* s) {
Vector<StringView> parts = StringView(s).split_view(':', true);
if (parts.size() != 2)
return false;
userspec = s;
return true;
}
};
args_parser.add_option(move(userspec_option));
Core::ArgsParser::Option mount_options {
true,
"Mount options",
"options",
'o',
"options",
[&flags](const char* s) {
flags = 0;
Vector<StringView> parts = StringView(s).split_view(',');
for (auto& part : parts) {
if (part == "defaults")
continue;
else if (part == "nodev")
flags |= MS_NODEV;
else if (part == "noexec")
flags |= MS_NOEXEC;
else if (part == "nosuid")
flags |= MS_NOSUID;
else if (part == "ro")
flags |= MS_RDONLY;
else if (part == "remount")
flags |= MS_REMOUNT;
else if (part == "bind")
warnln("Ignoring -o bind, as it doesn't make sense for chroot");
else
return false;
}
return true;
}
};
args_parser.add_option(move(mount_options));
args_parser.parse(argc, argv);
if (chroot_with_mount_flags(path, flags) < 0) {
perror("chroot");
return 1;
}
if (chdir("/") < 0) {
perror("chdir(/)");
return 1;
}
// Failed parsing will silently fail open (uid=0; gid=0);
// 0:0 is also the default when no --userspec argument is provided.
auto parts = String(userspec).split(':', true);
chroot_user = (uid_t)strtol(parts[0].characters(), nullptr, 10);
chroot_group = (uid_t)strtol(parts[1].characters(), nullptr, 10);
if (setresgid(chroot_group, chroot_group, chroot_group)) {
perror("setgid");
return 1;
}
if (setresuid(chroot_user, chroot_user, chroot_user)) {
perror("setuid");
return 1;
}
execl(program, program, nullptr);
perror("execl");
return 1;
}