RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-19 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: sandbox: allow users specify sandbox window size

Browse Source 
This allows users to create sandbox windows of a specified size on the
command line.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Eric Paris 2011-08-10 17:22:41 -04:00
parent 74bb5c01d6
commit d725841239
3 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
policycoreutils/sandbox/sandbox
View File

@ -43,6 +43,7 @@ except IOError:
import __builtin__ import __builtin__
__builtin__.__dict__['_'] = unicode __builtin__.__dict__['_'] = unicode
DEFAULT_WINDOWSIZE = "1000x700"
DEFAULT_TYPE = "sandbox_t" DEFAULT_TYPE = "sandbox_t"
DEFAULT_X_TYPE = "sandbox_x_t" DEFAULT_X_TYPE = "sandbox_x_t"
SAVE_FILES = {} SAVE_FILES = {}
@ -241,9 +242,9 @@ kill -TERM $WM_PID 2> /dev/null
def __parse_options(self): def __parse_options(self):
from optparse import OptionParser from optparse import OptionParser
usage = _(""" usage = _("""
sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
""") """)
parser = OptionParser(version=self.VERSION, usage=usage) parser = OptionParser(version=self.VERSION, usage=usage)
@ -279,6 +280,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
action="callback", callback=self.__validdir, action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting")) help=_("alternate /tmp directory to use for mounting"))
parser.add_option("-w", "--windowsize", dest="windowsize",
type="string", default=DEFAULT_WINDOWSIZE,
help="size of the sandbox window")
parser.add_option("-W", "--windowmanager", dest="wm", parser.add_option("-W", "--windowmanager", dest="wm",
type="string", type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no", default="/usr/bin/matchbox-window-manager -use_titlebar no",
@ -370,7 +375,7 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__setup_sandboxrc(self.__options.wm) self.__setup_sandboxrc(self.__options.wm)
cmds = [ SEUNSHARE, "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, SANDBOXSH ] cmds = [ SEUNSHARE, "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, SANDBOXSH, self.__options.windowsize ]
rc = subprocess.Popen(cmds).wait() rc = subprocess.Popen(cmds).wait()
return rc return rc

15
policycoreutils/sandbox/sandbox.8
View File

@ -1,10 +1,13 @@
.TH SANDBOX "8" "May 2009" "chcat" "User Commands" .TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
.SH NAME .SH NAME
sandbox \- Run cmd under an SELinux sandbox sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS .SH SYNOPSIS
.B sandbox .B sandbox
[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
.br
.B sandbox
[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br .br
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
\fB\-T\ tmpdir \fB\-T\ tmpdir
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M. Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
.TP .TP
\fB\-S
Run a full desktop session, Requires level, and home and tmpdir.
.TP
\fB\-w windowsize\fR
Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
.TP
\fB\-W windowmanager\fR \fB\-W windowmanager\fR
Select alternative window manager to run within Select alternative window manager to run within
.B sandbox -X. .B sandbox -X.

10
policycoreutils/sandbox/sandboxX.sh
View File

@ -1,13 +1,17 @@
#!/bin/bash #!/bin/bash
context=`id -Z | secon -t -l -P` context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
export SCREENSIZE="1000x700" [ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
trap "exit 0" HUP trap "exit 0" HUP
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D export DISPLAY=:$D
python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])' cat > ~/seremote << __EOF
#!/bin/sh
DISPLAY=$DISPLAY "\$@"
__EOF
chmod +x ~/seremote
/usr/share/sandbox/start $HOME/.sandboxrc
export EXITCODE=$? export EXITCODE=$?
kill -HUP 0 kill -HUP 0
break break