diff options
-rw-r--r-- | bin/systrace/policy.c | 27 | ||||
-rw-r--r-- | bin/systrace/systrace.1 | 6 | ||||
-rw-r--r-- | bin/systrace/systrace.c | 12 | ||||
-rw-r--r-- | bin/systrace/systrace.h | 5 |
4 files changed, 31 insertions, 19 deletions
diff --git a/bin/systrace/policy.c b/bin/systrace/policy.c index a4aab6bf3d9..e976cf8501a 100644 --- a/bin/systrace/policy.c +++ b/bin/systrace/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.13 2002/07/19 14:38:58 itojun Exp $ */ +/* $OpenBSD: policy.c,v 1.14 2002/08/05 23:27:53 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -49,7 +49,6 @@ static int psccompare(struct policy_syscall *, struct policy_syscall *); static int policycompare(struct policy *, struct policy *); static int polnrcompare(struct policy *, struct policy *); -static void systrace_setupdir(void); static char *systrace_policyfilename(char *, const char *); static int systrace_predicatematch(char *); static int systrace_writepolicy(struct policy *); @@ -101,21 +100,25 @@ static char *groupnames[NGROUPS_MAX]; static int ngroups; void -systrace_setupdir(void) +systrace_setupdir(char *path) { char *home; struct stat sb; - home = getenv("HOME"); + if (path == NULL) { + home = getenv("HOME"); - if (home == NULL) - errx(1, "No HOME environment set"); + if (home == NULL) + errx(1, "No HOME environment set"); - if (strlcpy(policydir, home, sizeof(policydir)) >= sizeof(policydir)) - errx(1, "HOME too long"); + if (strlcpy(policydir, home, sizeof(policydir)) >= sizeof(policydir)) + errx(1, "HOME too long"); - if (strlcat(policydir, "/.systrace", sizeof(policydir)) >= sizeof(policydir)) - errx(1, "HOME too long"); + if (strlcat(policydir, "/.systrace", sizeof(policydir)) >= sizeof(policydir)) + errx(1, "HOME too long"); + } else if (strlcpy(policydir, path, sizeof(policydir)) >= sizeof(policydir)) + errx(1, "policy directory too long"); + if (stat(policydir, &sb) != -1) { if (!(sb.st_mode & S_IFDIR)) @@ -125,7 +128,7 @@ systrace_setupdir(void) } int -systrace_initpolicy(char *file) +systrace_initpolicy(char *file, char *path) { gid_t groups[NGROUPS_MAX]; char gidbuf[10]; @@ -153,7 +156,7 @@ systrace_initpolicy(char *file) } if (userpolicy) - systrace_setupdir(); + systrace_setupdir(path); if (file != NULL) return (systrace_readpolicy(file)); diff --git a/bin/systrace/systrace.1 b/bin/systrace/systrace.1 index 32607626b7e..15d940ef9e6 100644 --- a/bin/systrace/systrace.1 +++ b/bin/systrace/systrace.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: systrace.1,v 1.26 2002/08/04 04:15:50 provos Exp $ +.\" $OpenBSD: systrace.1,v 1.27 2002/08/05 23:27:53 provos Exp $ .\" .\" Copyright 2002 Niels Provos <provos@citi.umich.edu> .\" All rights reserved. @@ -39,6 +39,7 @@ .Sh SYNOPSIS .Nm systrace .Op Fl aAituU +.Op Fl d Ar policydir .Op Fl g Ar gui .Op Fl f Ar file .Op Fl p Ar pid @@ -84,6 +85,9 @@ Inherits the policy - child processes inherit policy of the parent binary. Uses text mode to ask for interactive policy generation. .It Fl U Ignore user configured policies and use only global system policies. +.It Fl d Ar policydir +Specifies an alternative location for the user's directory from +which policies are loaded and to which changed policies are stored. .It Fl g Ar gui Specifies an alternative location for the notification user interface. .It Fl f Ar file diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index efe17cb5d5a..f7d0155c984 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.31 2002/08/04 04:15:50 provos Exp $ */ +/* $OpenBSD: systrace.c,v 1.32 2002/08/05 23:27:53 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -360,7 +360,7 @@ static void usage(void) { fprintf(stderr, - "Usage: systrace [-aituU] [-g gui] [-f policy] [-p pid] command ...\n"); + "Usage: systrace [-aituU] [-d poldir] [-g gui] [-f policy] [-p pid] command ...\n"); exit(1); } @@ -417,16 +417,20 @@ main(int argc, char **argv) int i, c; char **args; char *filename = NULL; + char *policypath = NULL; char *guipath = _PATH_XSYSTRACE; pid_t pidattach = 0; int usex11 = 1; int background; - while ((c = getopt(argc, argv, "aAituUg:f:p:")) != -1) { + while ((c = getopt(argc, argv, "aAituUd:g:f:p:")) != -1) { switch (c) { case 'a': automatic = 1; break; + case 'd': + policypath = optarg; + break; case 'A': allow = 1; break; @@ -474,7 +478,7 @@ main(int argc, char **argv) /* Local initalization */ systrace_initalias(); - systrace_initpolicy(filename); + systrace_initpolicy(filename, policypath); systrace_initcb(); if ((trfd = intercept_open()) == -1) diff --git a/bin/systrace/systrace.h b/bin/systrace/systrace.h index ae1db702c31..13c7593621e 100644 --- a/bin/systrace/systrace.h +++ b/bin/systrace/systrace.h @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.h,v 1.13 2002/08/04 04:15:50 provos Exp $ */ +/* $OpenBSD: systrace.h,v 1.14 2002/08/05 23:27:53 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -100,7 +100,8 @@ struct policy { #define PROCESS_DETACH 0x02 /* Process gets detached */ #define SYSCALL_LOG 0x04 /* Log this system call */ -int systrace_initpolicy(char *); +int systrace_initpolicy(char *, char *); +void systrace_setupdir(char *); void systrace_initcb(void); struct policy *systrace_newpolicy(const char *, const char *); int systrace_newpolicynr(int, struct policy *); |