2024-02-15 00:17:20 +01:00
|
|
|
#include "sandbox.h"
|
|
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
#include "utils.h"
|
2024-02-15 00:17:20 +01:00
|
|
|
|
2024-02-17 15:15:40 +01:00
|
|
|
#include <pwd.h>
|
|
|
|
|
#include <unistd.h>
|
2024-02-17 23:59:38 +01:00
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
int main(int argc, char** argv) {
|
|
|
|
|
// Ensure the sandbox user exists
|
2024-02-17 23:59:38 +01:00
|
|
|
struct passwd* pw = getpwnam(SANDBOX_USER);
|
|
|
|
|
if (pw == NULL) {
|
2024-02-18 18:09:53 +01:00
|
|
|
Log(LOG_LEVEL_ERROR, "User '%s' does not exist. Please check that the program is installed correctly.", SANDBOX_USER);
|
2024-02-17 15:15:40 +01:00
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
// Check that the program is either run as root or as the sandbox user
|
|
|
|
|
if (geteuid() != 0 && geteuid() != pw->pw_uid) {
|
|
|
|
|
Log(LOG_LEVEL_ERROR, "This program must be run as root or as the user '%s'.", SANDBOX_USER);
|
2024-02-17 15:15:40 +01:00
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
// If the program is run as root, switch to the sandbox user
|
2024-02-17 15:15:40 +01:00
|
|
|
if (geteuid() == 0) {
|
2024-02-18 18:09:53 +01:00
|
|
|
if (setregid(pw->pw_gid, pw->pw_gid) != 0) {
|
|
|
|
|
Log(LOG_LEVEL_ERROR, "Failed to switch to the group '%s'.", pw->pw_name);
|
2024-02-18 15:23:01 +01:00
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
if (setreuid(pw->pw_uid, pw->pw_uid) != 0) {
|
|
|
|
|
Log(LOG_LEVEL_ERROR, "Failed to switch to the user '%s'.", pw->pw_name);
|
2024-02-18 14:43:38 +01:00
|
|
|
return EXIT_FAILURE;
|
|
|
|
|
}
|
2024-02-18 15:23:01 +01:00
|
|
|
}
|
|
|
|
|
|
2024-02-18 18:09:53 +01:00
|
|
|
// TODO: Parse commands from the command line
|
|
|
|
|
}
|
