summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bin/systrace/policy.c27
-rw-r--r--bin/systrace/systrace.16
-rw-r--r--bin/systrace/systrace.c12
-rw-r--r--bin/systrace/systrace.h5
4 files changed, 31 insertions, 19 deletions
diff --git a/bin/systrace/policy.c b/bin/systrace/policy.c
index a4aab6bf3d9..e976cf8501a 100644
--- a/bin/systrace/policy.c
+++ b/bin/systrace/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.13 2002/07/19 14:38:58 itojun Exp $ */
+/* $OpenBSD: policy.c,v 1.14 2002/08/05 23:27:53 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -49,7 +49,6 @@
static int psccompare(struct policy_syscall *, struct policy_syscall *);
static int policycompare(struct policy *, struct policy *);
static int polnrcompare(struct policy *, struct policy *);
-static void systrace_setupdir(void);
static char *systrace_policyfilename(char *, const char *);
static int systrace_predicatematch(char *);
static int systrace_writepolicy(struct policy *);
@@ -101,21 +100,25 @@ static char *groupnames[NGROUPS_MAX];
static int ngroups;
void
-systrace_setupdir(void)
+systrace_setupdir(char *path)
{
char *home;
struct stat sb;
- home = getenv("HOME");
+ if (path == NULL) {
+ home = getenv("HOME");
- if (home == NULL)
- errx(1, "No HOME environment set");
+ if (home == NULL)
+ errx(1, "No HOME environment set");
- if (strlcpy(policydir, home, sizeof(policydir)) >= sizeof(policydir))
- errx(1, "HOME too long");
+ if (strlcpy(policydir, home, sizeof(policydir)) >= sizeof(policydir))
+ errx(1, "HOME too long");
- if (strlcat(policydir, "/.systrace", sizeof(policydir)) >= sizeof(policydir))
- errx(1, "HOME too long");
+ if (strlcat(policydir, "/.systrace", sizeof(policydir)) >= sizeof(policydir))
+ errx(1, "HOME too long");
+ } else if (strlcpy(policydir, path, sizeof(policydir)) >= sizeof(policydir))
+ errx(1, "policy directory too long");
+
if (stat(policydir, &sb) != -1) {
if (!(sb.st_mode & S_IFDIR))
@@ -125,7 +128,7 @@ systrace_setupdir(void)
}
int
-systrace_initpolicy(char *file)
+systrace_initpolicy(char *file, char *path)
{
gid_t groups[NGROUPS_MAX];
char gidbuf[10];
@@ -153,7 +156,7 @@ systrace_initpolicy(char *file)
}
if (userpolicy)
- systrace_setupdir();
+ systrace_setupdir(path);
if (file != NULL)
return (systrace_readpolicy(file));
diff --git a/bin/systrace/systrace.1 b/bin/systrace/systrace.1
index 32607626b7e..15d940ef9e6 100644
--- a/bin/systrace/systrace.1
+++ b/bin/systrace/systrace.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: systrace.1,v 1.26 2002/08/04 04:15:50 provos Exp $
+.\" $OpenBSD: systrace.1,v 1.27 2002/08/05 23:27:53 provos Exp $
.\"
.\" Copyright 2002 Niels Provos <provos@citi.umich.edu>
.\" All rights reserved.
@@ -39,6 +39,7 @@
.Sh SYNOPSIS
.Nm systrace
.Op Fl aAituU
+.Op Fl d Ar policydir
.Op Fl g Ar gui
.Op Fl f Ar file
.Op Fl p Ar pid
@@ -84,6 +85,9 @@ Inherits the policy - child processes inherit policy of the parent binary.
Uses text mode to ask for interactive policy generation.
.It Fl U
Ignore user configured policies and use only global system policies.
+.It Fl d Ar policydir
+Specifies an alternative location for the user's directory from
+which policies are loaded and to which changed policies are stored.
.It Fl g Ar gui
Specifies an alternative location for the notification user interface.
.It Fl f Ar file
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c
index efe17cb5d5a..f7d0155c984 100644
--- a/bin/systrace/systrace.c
+++ b/bin/systrace/systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: systrace.c,v 1.31 2002/08/04 04:15:50 provos Exp $ */
+/* $OpenBSD: systrace.c,v 1.32 2002/08/05 23:27:53 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -360,7 +360,7 @@ static void
usage(void)
{
fprintf(stderr,
- "Usage: systrace [-aituU] [-g gui] [-f policy] [-p pid] command ...\n");
+ "Usage: systrace [-aituU] [-d poldir] [-g gui] [-f policy] [-p pid] command ...\n");
exit(1);
}
@@ -417,16 +417,20 @@ main(int argc, char **argv)
int i, c;
char **args;
char *filename = NULL;
+ char *policypath = NULL;
char *guipath = _PATH_XSYSTRACE;
pid_t pidattach = 0;
int usex11 = 1;
int background;
- while ((c = getopt(argc, argv, "aAituUg:f:p:")) != -1) {
+ while ((c = getopt(argc, argv, "aAituUd:g:f:p:")) != -1) {
switch (c) {
case 'a':
automatic = 1;
break;
+ case 'd':
+ policypath = optarg;
+ break;
case 'A':
allow = 1;
break;
@@ -474,7 +478,7 @@ main(int argc, char **argv)
/* Local initalization */
systrace_initalias();
- systrace_initpolicy(filename);
+ systrace_initpolicy(filename, policypath);
systrace_initcb();
if ((trfd = intercept_open()) == -1)
diff --git a/bin/systrace/systrace.h b/bin/systrace/systrace.h
index ae1db702c31..13c7593621e 100644
--- a/bin/systrace/systrace.h
+++ b/bin/systrace/systrace.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: systrace.h,v 1.13 2002/08/04 04:15:50 provos Exp $ */
+/* $OpenBSD: systrace.h,v 1.14 2002/08/05 23:27:53 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -100,7 +100,8 @@ struct policy {
#define PROCESS_DETACH 0x02 /* Process gets detached */
#define SYSCALL_LOG 0x04 /* Log this system call */
-int systrace_initpolicy(char *);
+int systrace_initpolicy(char *, char *);
+void systrace_setupdir(char *);
void systrace_initcb(void);
struct policy *systrace_newpolicy(const char *, const char *);
int systrace_newpolicynr(int, struct policy *);