add a new message env var

This is used whenever sandbox wants to display an informational message.
For example, early notification of a path violation, or debugging output.

We can't just pop open an fd and pass that around as apps consider that
leakage and will often break assumptions in terms of free fds.  Or apps
that start up and cleanse all of their open fds.

So instead, we just pass around an env var that holds the full path to
the file we want will write to.  Since these messages are infrequent
(compared to overall runtime), opening/writing/closing the path every
time is fine.

This also avoids all the problems associated with using external portage
helpers for writing messages.

A follow up commit will take care of the situation where apps (such as
scons) attempt to also cleanse the env before forking.

URL: http://bugs.gentoo.org/278761
URL: http://bugs.gentoo.org/431638
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

3 files changed, 17 insertions, 2 deletions

diff --git a/src/environ.c b/src/environ.c
index 727f10b..5f22829 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -254,6 +254,7 @@ char **setup_environ(struct sandbox_info_t *sandbox_info)
 	unsetenv(ENV_SANDBOX_BASHRC);
 	unsetenv(ENV_SANDBOX_LOG);
 	unsetenv(ENV_SANDBOX_DEBUG_LOG);
+	unsetenv(ENV_SANDBOX_MESSAGE_PATH);
 	unsetenv(ENV_SANDBOX_WORKDIR);
 	unsetenv(ENV_SANDBOX_ACTIVE);
 	unsetenv(ENV_BASH_ENV);
@@ -285,8 +286,8 @@ char **setup_environ(struct sandbox_info_t *sandbox_info)
 	sb_setenv(&new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib);
 	sb_setenv(&new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc);
 	sb_setenv(&new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log);
-	sb_setenv(&new_environ, ENV_SANDBOX_DEBUG_LOG,
-			sandbox_info->sandbox_debug_log);
+	sb_setenv(&new_environ, ENV_SANDBOX_DEBUG_LOG, sandbox_info->sandbox_debug_log);
+	sb_setenv(&new_environ, ENV_SANDBOX_MESSAGE_PATH, sandbox_info->sandbox_message_path);
 	/* Just set the these if not already set so that is_env_on() work */
 	if (!getenv(ENV_SANDBOX_VERBOSE))
 		sb_setenv(&new_environ, ENV_SANDBOX_VERBOSE, "1");
diff --git a/src/sandbox.c b/src/sandbox.c
index aa957f6..51f2d95 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -26,6 +26,7 @@ volatile static pid_t child_pid = 0;
 
 static const char sandbox_banner[] = "============================= Gentoo path sandbox ==============================";
 static const char sandbox_footer[] = "--------------------------------------------------------------------------------";
+const char *sbio_message_path;
 const char sbio_fallback_path[] = "/dev/stderr";
 
 static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)
@@ -80,6 +81,18 @@ static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)
 		}
 	}
 
+	/* Generate sandbox message path -- this process's stderr */
+	char path[SB_PATH_MAX];
+	sprintf(path, "%s/2", sb_get_fd_dir());
+	if (realpath(path, sandbox_info->sandbox_message_path) == NULL) {
+		sb_pwarn("could not read stderr path: %s", path);
+		if (realpath(sbio_fallback_path, sandbox_info->sandbox_message_path)) {
+			sb_pwarn("could not read stderr path: %s", sbio_fallback_path);
+			/* fuck it */
+			strcpy(sandbox_info->sandbox_message_path, sbio_fallback_path);
+		}
+	}
+
 	return 0;
 }
 
diff --git a/src/sandbox.h b/src/sandbox.h
index cc67753..c0c4315 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -16,6 +16,7 @@
 struct sandbox_info_t {
 	char sandbox_log[SB_PATH_MAX];
 	char sandbox_debug_log[SB_PATH_MAX];
+	char sandbox_message_path[SB_PATH_MAX];
 	char sandbox_lib[SB_PATH_MAX];
 	char sandbox_rc[SB_PATH_MAX];
 	char work_dir[SB_PATH_MAX];