commit: d6af3ad271c3893419962059092eea29ffb4f507
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 25 04:57:17 2013 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Feb 25 04:57:17 2013 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=d6af3ad2
sandbox: do not resolve target of stderr
The recent e12fee192ac8b0343a468e5a8f7811a7b029ff9a commit does not
handle things when stderr is connected to a real file (e.g. a pipe
or a socket or fifo or ...). It also does not play well to have
multiple things writing to the same file through different fds.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
src/sandbox.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index 51f2d95..3783bca 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -82,15 +82,18 @@ static int setup_sandbox(struct sandbox_info_t
*sandbox_info, bool interactive)
}
/* Generate sandbox message path -- this process's stderr */
- char path[SB_PATH_MAX];
- sprintf(path, "%s/2", sb_get_fd_dir());
- if (realpath(path, sandbox_info->sandbox_message_path) == NULL) {
- sb_pwarn("could not read stderr path: %s", path);
+ const char *fdpath = sb_get_fd_dir();
+ if (realpath(fdpath, sandbox_info->sandbox_message_path) == NULL) {
+ sb_pwarn("could not read fd path: %s", fdpath);
if (realpath(sbio_fallback_path,
sandbox_info->sandbox_message_path)) {
sb_pwarn("could not read stderr path: %s",
sbio_fallback_path);
/* fuck it */
strcpy(sandbox_info->sandbox_message_path,
sbio_fallback_path);
}
+ } else {
+ /* Do not resolve the target of stderr because it could be
something
+ * that doesn't exist on the fs. Like a pipe (`tee` and such).
*/
+ strcat(sandbox_info->sandbox_message_path, "/2");
}
return 0;
