aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2012-03-05 16:19:08 -0500
committerMike Frysinger <vapier@gentoo.org>2012-03-05 16:21:47 -0500
commit5498907383c7f1654188b6a0d02d8b03112a28c3 (patch)
tree4d207926c2d4b5c63d36f6108149f170be510bce
parenttests: note that testsuite.list.at is generated (diff)
downloadsandbox-5498907383c7f1654188b6a0d02d8b03112a28c3.tar.gz
sandbox-5498907383c7f1654188b6a0d02d8b03112a28c3.tar.bz2
sandbox-5498907383c7f1654188b6a0d02d8b03112a28c3.zip
libsandbox: push down constructor init
Since every consumer of sb_open gets a copy of the sbio_open data, push the init of this into the .data section of the respective consumers to avoid the runtime overhead. This just leaves sandbox_lib setup in the constructor function, but that is only needed by the execve wrapper, so push down init of that to the existing sb_init logic which happens before our execve wrapper gets used. URL: http://bugs.gentoo.org/404013 Reported-by: Mike Gilbert <floppym@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r--libsandbox/libsandbox.c43
-rw-r--r--libsbutil/sb_open.c11
-rw-r--r--libsbutil/sbutil.h2
-rw-r--r--src/sandbox.c1
4 files changed, 8 insertions, 49 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 0fcbb65..a36e190 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -61,6 +61,7 @@ typedef struct {
static char *cached_env_vars[MAX_DYN_PREFIXES];
bool sandbox_on = true;
static bool sb_init = false;
+int (*sbio_open)(const char *, int, mode_t) = sb_unwrapped_open;
static char *resolve_path(const char *, int);
static int check_prefixes(char **, int, const char *);
@@ -68,50 +69,15 @@ static void clean_env_entries(char ***, int *);
static void init_context(sbcontext_t *);
static void init_env_entries(char ***, int *, const char *, const char *, int);
-
-/*
- * Initialize the shabang
- */
-#if 0
-__attribute__((destructor))
-void libsb_fini(void)
-{
- /* let the kernel reap our resources -- it's faster anyways */
- int x;
-
- sb_init = false;
-
- for (x = 0; x < MAX_DYN_PREFIXES; ++x) {
- if (NULL != cached_env_vars[x]) {
- free(cached_env_vars[x]);
- cached_env_vars[x] = NULL;
- }
- }
-
- for (x = 0; x < MAX_DYN_PREFIXES; ++x)
- clean_env_entries(&(sbcontext.prefixes[x]),
- &(sbcontext.num_prefixes[x]));
-}
-#endif
-
+#ifdef SB_MEM_DEBUG
__attribute__((constructor))
void libsb_init(void)
{
save_errno();
-
-#ifdef SB_MEM_DEBUG
mtrace();
-#endif
-
- sb_set_open(sb_unwrapped_open);
-
- /* Get the path and name to this library */
- get_sandbox_lib(sandbox_lib);
-
-// sb_init = true;
-
restore_errno();
}
+#endif
static const char *sb_get_fd_dir(void)
{
@@ -1084,6 +1050,9 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
sb_lock();
if (!sb_init) {
+ /* Get the path and name to this library */
+ get_sandbox_lib(sandbox_lib);
+
init_context(&sbcontext);
sb_init = true;
}
diff --git a/libsbutil/sb_open.c b/libsbutil/sb_open.c
index 2e405c6..27dda9c 100644
--- a/libsbutil/sb_open.c
+++ b/libsbutil/sb_open.c
@@ -10,17 +10,6 @@
#include "headers.h"
#include "sbutil.h"
-static int (*sbio_open)(const char *, int, mode_t) = (void *)open;
-
-
-void sb_set_open(void *new_open)
-{
- if (!check_ptr(new_open))
- return;
-
- sbio_open = new_open;
-}
-
/* General purpose function to _reliably_ open a file
*
* Returns the file descriptor or -1 on error (and errno set)
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index e232b31..bdff33f 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -91,7 +91,7 @@ bool is_env_on (const char *);
bool is_env_off (const char *);
/* libsandbox need to use a wrapper for open */
-void sb_set_open(void *new_open);
+attribute_hidden extern int (*sbio_open)(const char *, int, mode_t);
/* Convenience functions to reliably open, read and write to a file */
int sb_open(const char *path, int flags, mode_t mode);
size_t sb_read(int fd, void *buf, size_t count);
diff --git a/src/sandbox.c b/src/sandbox.c
index d36126e..a8e28fe 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -18,6 +18,7 @@
static int print_debug = 0;
#define dprintf(fmt, args...) do { if (print_debug) printf(fmt, ## args); } while (0)
#define dputs(str) do { if (print_debug) puts(str); } while (0)
+int (*sbio_open)(const char *, int, mode_t) = (void *)open;
volatile static int stop_called = 0;
volatile static pid_t child_pid = 0;