diff options
author | Stephen Barber <smbarber@chromium.org> | 2017-07-25 17:21:38 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-26 16:46:53 -0700 |
commit | 5ad8bc5e08c3fc681affa8a57d01a39a1735d26d (patch) | |
tree | 4334719fcb2d355e90f04998e90f8c502831c6ef /io_jail | |
parent | ce3a3e8f00e2895e61dbbf2a240ac4e4e5f2fea0 (diff) | |
download | crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar.gz crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar.bz2 crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar.lz crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar.xz crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.tar.zst crosvm-5ad8bc5e08c3fc681affa8a57d01a39a1735d26d.zip |
io_jail: Add InvalidPath error
parse_seccomp_filters in libminijail will unhelpfully abort() if the path doesn't exist. Check that the policy file exists so that there's a semi-useful error message. BUG=none TEST=crosvm run without seccomp policy in current directory; no abort Change-Id: Ie1123e8cae3f6a27bbd5a3128161364401e8d4b2 Signed-off-by: Stephen Barber <smbarber@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/585829 Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'io_jail')
-rw-r--r-- | io_jail/src/lib.rs | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs index d225e85..b71cd7c 100644 --- a/io_jail/src/lib.rs +++ b/io_jail/src/lib.rs @@ -22,6 +22,8 @@ pub enum Error { BindMount(i32), /// minjail_new failed, this is an allocation failure. CreatingMinijail, + /// The path doesn't exist. + InvalidPath, /// The path or name string passed in didn't parse to a valid CString. InvalidCString, /// Failed to call dup2 to set stdin, stdout, or stderr to /dev/null. @@ -129,6 +131,10 @@ impl Minijail { unsafe { libminijail::minijail_set_seccomp_filter_tsync(self.jail); } } pub fn parse_seccomp_filters(&mut self, path: &Path) -> Result<()> { + if !path.is_file() { + return Err(Error::InvalidPath); + } + let pathstring = path.as_os_str().to_str().ok_or(Error::InvalidCString)?; let filename = CString::new(pathstring).map_err(|_| Error::InvalidCString)?; unsafe { |