vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ability to contain a process in a scheme sandbox

Browse source
This commit is contained in:
Jeremy Soller 2016-11-16 20:54:38 -07:00
parent 6b8a576a21
commit d294d56b52
16 changed files with 186 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

11
kernel/syscall/process.rs
View file

@ -19,7 +19,7 @@ use scheme::{self, FileHandle};
use syscall;
use syscall::data::Stat;
use syscall::error::*;
use syscall::flag::{CLONE_VFORK, CLONE_VM, CLONE_FS, CLONE_FILES, MAP_WRITE, MAP_WRITE_COMBINE, WNOHANG};
use syscall::flag::{CLONE_VFORK, CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_NEWNS, MAP_WRITE, MAP_WRITE_COMBINE, WNOHANG};
use syscall::validate::{validate_slice, validate_slice_mut};
pub fn brk(address: usize) -> Result<usize> {
@ -74,6 +74,7 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<ContextId> {
let mut tls_option = None;
let grants;
let name;
let scheme_ns;
let cwd;
let env;
let files;
@ -222,6 +223,12 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<ContextId> {
name = Arc::new(Mutex::new(context.name.lock().clone()));
}
if flags & CLONE_NEWNS == CLONE_NEWNS {
scheme_ns = scheme::schemes_mut().new_ns();
} else {
scheme_ns = context.scheme_ns;
}
if flags & CLONE_FS == CLONE_FS {
cwd = context.cwd.clone();
} else {
@ -433,6 +440,8 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<ContextId> {
context.name = name;
context.scheme_ns = scheme_ns;
context.cwd = cwd;
context.env = env;