From 38db6ab5be80b255fe40df715adc3b5852875cdd Mon Sep 17 00:00:00 2001 From: bptato Date: Thu, 18 Apr 2024 18:30:53 +0200 Subject: sandbox: seccomp support on Linux We use libseccomp, which is now a semi-mandatory dependency on Linux. (You can still build without it, but only if you pass a scary long flag to make.) For this to work I had to disable getTimezoneOffset, which would otherwise call localtime_r which in turn reads in some files from /usr/share/zoneinfo. To allow this we would have to give unrestricted openat(2) access to buffer processes, which is unacceptable. (Giving websites access to the local timezone is a fingerprinting vector so if this ever gets fixed then it should be an opt-in config setting.) This patch also includes misc fixes to buffer cloning, and fixes the LIBEXECDIR override in the makefile so that it is actually useful. --- src/local/client.nim | 4 ++++ src/local/container.nim | 26 +++++++++++++++++++++----- src/local/pager.nim | 2 +- 3 files changed, 26 insertions(+), 6 deletions(-) (limited to 'src/local') diff --git a/src/local/client.nim b/src/local/client.nim index 92fa4660..73b17c99 100644 --- a/src/local/client.nim +++ b/src/local/client.nim @@ -24,6 +24,7 @@ import io/dynstream import io/filestream import io/posixstream import io/promise +import io/serversocket import io/socketstream import js/base64 import js/console @@ -407,6 +408,9 @@ proc acceptBuffers(client: Client) = let container = item.container let stream = connectSocketStream(client.config.external.tmpdir, client.loader.sockDirFd, container.process) + # unlink here; on Linux we can't unlink from the buffer :/ + discard tryRemoveFile(getSocketPath(client.config.external.tmpdir, + container.process)) if stream == nil: pager.alert("Error: failed to set up buffer") continue diff --git a/src/local/container.nim b/src/local/container.nim index e93bf610..b88161b8 100644 --- a/src/local/container.nim +++ b/src/local/container.nim @@ -1,14 +1,15 @@ import std/deques +import std/net import std/options +import std/os +import std/posix import std/unicode -when defined(posix): - import std/posix - import config/config import config/mimetypes import io/dynstream import io/promise +import io/serversocket import io/socketstream import js/javascript import js/jstypes @@ -184,14 +185,29 @@ proc newContainer*(config: BufferConfig; loaderConfig: LoaderClientConfig; func location(container: Container): URL {.jsfget.} = return container.url -proc clone*(container: Container; newurl: URL): Promise[Container] = +proc clone*(container: Container; newurl: URL; loader: FileLoader): + Promise[Container] = + if container.iface == nil: + return nil let url = if newurl != nil: newurl else: container.url - return container.iface.clone(url).then(proc(pid: int): Container = + let p = container.iface.clone(url) + # create a server socket, pass it on to the buffer, then move it to + # the expected path after the buffer forked itself + #TODO this is very ugly + let ssock = initServerSocket(loader.sockDir, loader.sockDirFd, + loader.clientPid) + SocketStream(container.iface.stream.source) + .sendFileHandle(FileHandle(ssock.sock.getFd())) + ssock.sock.close() + return p.then(proc(pid: int): Container = if pid == -1: return nil + let newPath = getSocketPath(loader.sockDir, pid) + let oldPath = getSocketPath(loader.sockDir, loader.clientPid) + moveFile(oldPath, newPath) let nc = Container() nc[] = container[] nc.url = url diff --git a/src/local/pager.nim b/src/local/pager.nim index 99a1ba1c..28c1face 100644 --- a/src/local/pager.nim +++ b/src/local/pager.nim @@ -571,7 +571,7 @@ func findProcMapItem*(pager: Pager; pid: int): int = -1 proc dupeBuffer(pager: Pager; container: Container; url: URL) = - container.clone(url).then(proc(container: Container) = + container.clone(url, pager.loader).then(proc(container: Container) = if container == nil: pager.alert("Failed to duplicate buffer.") else: -- cgit 1.4.1-2-gfad0