-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsandbox_linux.go
98 lines (85 loc) · 1.74 KB
/
sandbox_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
//go:build linux
package sandbox
import (
"syscall"
"unsafe"
)
const (
// OpenBSD syscalls, mapped to unused syscall numbers in Linux
nanos_sys_pledge = 335
nanos_sys_unveil = 336
// uname -s
nanos_sysname = "Nanos"
)
var (
noop = true
)
func init() {
var uts syscall.Utsname
if err := syscall.Uname(&uts); err != nil {
return
}
int8ToString := func(s []int8) string {
b := make([]byte, 0, len(s))
for _, v := range s {
if v == 0x00 {
break
}
b = append(b, byte(v))
}
return string(b)
}
noop = int8ToString(uts.Sysname[:]) != nanos_sysname
}
func pledge(promises, execpromises string) error {
return pledgePromises(promises)
}
func pledgePromises(promises string) error {
if noop {
return nil
}
// This variable holds the execpromises and is always nil.
var exptr unsafe.Pointer
pptr, err := syscall.BytePtrFromString(promises)
if err != nil {
return err
}
_, _, e := syscall.Syscall(nanos_sys_pledge, uintptr(unsafe.Pointer(pptr)), uintptr(exptr), 0)
if e != 0 {
return e
}
return nil
}
func pledgeExecpromises(execpromises string) error {
return nil
}
func unveil(path string, flags string) error {
if noop {
return nil
}
pathPtr, err := syscall.BytePtrFromString(path)
if err != nil {
return err
}
flagsPtr, err := syscall.BytePtrFromString(flags)
if err != nil {
return err
}
_, _, e := syscall.Syscall(nanos_sys_unveil, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
if e != 0 {
return e
}
return nil
}
func unveilBlock() error {
if noop {
return nil
}
// Both pointers must be nil.
var pathUnsafe, flagsUnsafe unsafe.Pointer
_, _, e := syscall.Syscall(nanos_sys_unveil, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
if e != 0 {
return e
}
return nil
}