auth/box: don't bother switching to none

Changing the user to none doesn't do much for us
here. For kernel drivers that check the user of the
current proc we'll be none, but anything from devmnt
will still be accessed using creds from the original
attachment. Instead, running with none can be done
by chaining with auth/none:

auth/none auth/box ...
This commit is contained in:
Jacob Moody 2022-06-10 04:10:54 +00:00
parent 1b5ea51ee1
commit 13065e16b3
2 changed files with 17 additions and 25 deletions

View file

@ -279,27 +279,24 @@ It's an easy way to run a command as
.IR none . .IR none .
.PP .PP
.I Box .I Box
sets up a restricted namespace and executes its arguments in a minimal namespace.
.IR exec's This namespace is derived by binding in the specified
its arguments as the user program to the same name within a new hierarchy.
.IR none . The same is done with the paths
Components of the current namespace are bound provided as arguments. Paths provided with the
into the child namespace with the
.B -r .B -r
and flag are bound with
.IR MREPL ,
and those provided with the
.B -c .B -c
flags, using either flag are bound with
.I MREPL .IR MCREATE .
or .I Box
.I MCREATE removes access to all kernel drivers from
respectively. The only components the child namespace; the
in the child namespace will be those
defined this way.
By default all further kernel driver
access is blocked. The
.B -e .B -e
flag specifies a string of driver flag specifies a string of driver
characters to keep in the child namespace. characters to keep.
.PP .PP
.I As .I As
executes executes

View file

@ -163,17 +163,12 @@ main(int argc, char **argv)
mflags[nparts++] = MREPL; mflags[nparts++] = MREPL;
argv[0] = b; argv[0] = b;
rfork(RFNAMEG|RFENVG); rfork(RFNAMEG|RFFDG);
dfd = open("/dev/drivers", OWRITE|OCEXEC); dfd = open("/dev/drivers", OWRITE|OCEXEC);
if(dfd < 0) if(dfd < 0)
sysfatal("could not /dev/drivers: %r"); sysfatal("could not /dev/drivers: %r");
resolvenames(parts, nparts); resolvenames(parts, nparts);
if(procsetuser("none") < 0)
sysfatal("cant become none: %r");
putenv("user", "none");
sandbox(parts, mflags, nparts); sandbox(parts, mflags, nparts);
if(debug) if(debug)