commit: e21aab299a512c29bdc3f77781858c7b7471b40e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 8 19:38:12 2025 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar 8 19:38:12 2025 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e21aab29
Replace SB_PATH_MAX with PATH_MAX
Most of the kernel interfaces we use are capped to PATH_MAX anyway.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
libsandbox/libsandbox.c | 24 ++++++++++++------------
libsandbox/libsandbox.h | 2 +-
libsandbox/pre_check_unlinkat.c | 2 +-
libsandbox/realpath.c | 2 +-
libsbutil/get_sandbox_confd.c | 2 +-
libsbutil/get_sandbox_lib.c | 2 +-
libsbutil/get_sandbox_log.c | 4 ++--
libsbutil/get_sandbox_rc.c | 4 ++--
localdecls.h | 13 -------------
src/environ.c | 2 +-
src/sandbox.c | 2 +-
src/sandbox.h | 14 +++++++-------
12 files changed, 30 insertions(+), 43 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 402928a..18b168c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -26,7 +26,7 @@
#define LOG_FMT_RPATH "FORMAT: R - Canonical Path\n"
#define LOG_FMT_CMDLINE "FORMAT: C - Command Line\n"
-char sandbox_lib[SB_PATH_MAX];
+char sandbox_lib[PATH_MAX];
typedef struct {
bool show_access_violation, on, active, testing, verbose, debug;
@@ -43,9 +43,9 @@ typedef struct {
static sbcontext_t sbcontext;
static char *cached_env_vars[MAX_DYN_PREFIXES];
-static char log_path[SB_PATH_MAX];
-static char debug_log_path[SB_PATH_MAX];
-static char message_path[SB_PATH_MAX];
+static char log_path[PATH_MAX];
+static char debug_log_path[PATH_MAX];
+static char message_path[PATH_MAX];
bool sandbox_on = true;
static bool sb_init = false;
static bool sb_env_init = false;
@@ -229,7 +229,7 @@ static void init_env_entries(char **prefixes, const char
*env, const char *prefi
size_t offset = 0;
while (token && strlen(token) > 0) {
- char buf[SB_PATH_MAX];
+ char buf[PATH_MAX];
if (sb_abspathat(AT_FDCWD, token, buf, sizeof(buf))) {
size_t prev_offset = offset;
offset = strv_append(prefixes, offset, buf);
@@ -446,7 +446,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr,
const char *func,
* to be here as for each process, the '/proc/self' symlink
* will differ ...
*/
- char proc_self_fd[SB_PATH_MAX];
+ char proc_self_fd[PATH_MAX];
if (realpath(sb_get_fd_dir(), proc_self_fd) &&
!strncmp(resolv_path, proc_self_fd, strlen(proc_self_fd)))
{
@@ -606,20 +606,20 @@ static int check_syscall(sbcontext_t *sbcontext, int
sb_nr, const char *func,
if (is_symlink_func(sb_nr))
flags |= AT_SYMLINK_NOFOLLOW;
- absolute_path = abuf = malloc(SB_PATH_MAX);
+ absolute_path = abuf = malloc(PATH_MAX);
if (!absolute_path)
- absolute_path = alloca(SB_PATH_MAX);
+ absolute_path = alloca(PATH_MAX);
- if (!sb_abspathat(dirfd, file, absolute_path, SB_PATH_MAX))
+ if (!sb_abspathat(dirfd, file, absolute_path, PATH_MAX))
return 1;
sb_debug_dyn("absolute_path: %s\n", absolute_path);
- resolved_path = rbuf = malloc(SB_PATH_MAX);
+ resolved_path = rbuf = malloc(PATH_MAX);
if (!resolved_path)
- resolved_path = alloca(SB_PATH_MAX);
+ resolved_path = alloca(PATH_MAX);
- if (!sb_realpathat(dirfd, file, resolved_path, SB_PATH_MAX,
+ if (!sb_realpathat(dirfd, file, resolved_path, PATH_MAX,
flags, is_create(sb_nr)))
return 1;
diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 22c5535..8902b41 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -66,7 +66,7 @@ enum sandbox_method_t get_sandbox_method(void);
void *get_dlsym(const char *symname, const char *symver);
-extern char sandbox_lib[SB_PATH_MAX];
+extern char sandbox_lib[PATH_MAX];
extern bool sandbox_on;
struct sb_envp_ctx {
diff --git a/libsandbox/pre_check_unlinkat.c b/libsandbox/pre_check_unlinkat.c
index 887d8bb..7fa143a 100644
--- a/libsandbox/pre_check_unlinkat.c
+++ b/libsandbox/pre_check_unlinkat.c
@@ -14,7 +14,7 @@ bool sb_unlinkat_pre_check(const char *func, const char
*pathname, int dirfd)
{
save_errno();
- char canonic[SB_PATH_MAX];
+ char canonic[PATH_MAX];
if (sb_realpathat(dirfd, pathname, canonic, sizeof(canonic),
AT_SYMLINK_NOFOLLOW, false)) {
if (!strcmp(canonic, "/dev/null") || !strcmp(canonic,
"/dev/zero")) {
errno = EACCES;
diff --git a/libsandbox/realpath.c b/libsandbox/realpath.c
index 9c65033..559ecc1 100644
--- a/libsandbox/realpath.c
+++ b/libsandbox/realpath.c
@@ -89,7 +89,7 @@ static bool chase_linkfd(int linkfd, char *buf, size_t bufsiz)
if (buf[0] != '/')
return true;
- char target[SB_PATH_MAX];
+ char target[PATH_MAX];
ssize_t tlen = zreadlinkat(linkfd, "", target, sizeof(target));
int i;
diff --git a/libsbutil/get_sandbox_confd.c b/libsbutil/get_sandbox_confd.c
index 871af9b..133ded8 100644
--- a/libsbutil/get_sandbox_confd.c
+++ b/libsbutil/get_sandbox_confd.c
@@ -15,7 +15,7 @@ char *get_sandbox_confd(char *path)
save_errno();
char *p;
if (is_env_on(ENV_SANDBOX_TESTING) && (p =
getenv("__SANDBOX_CONFD_DIR")))
- strlcpy(path, p, SB_PATH_MAX);
+ strlcpy(path, p, PATH_MAX);
else
strcpy(path, SANDBOX_CONFD_DIR);
restore_errno();
diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c
index b64a5ac..e767845 100644
--- a/libsbutil/get_sandbox_lib.c
+++ b/libsbutil/get_sandbox_lib.c
@@ -26,7 +26,7 @@ void get_sandbox_lib(char *path)
if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) {
void *hndl = dlopen(path, RTLD_LAZY);
if (!hndl)
- snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH,
LIB_NAME);
+ snprintf(path, PATH_MAX, "%s/%s", LIBSANDBOX_PATH,
LIB_NAME);
else
dlclose(hndl);
}
diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c
index bdb4278..a969341 100644
--- a/libsbutil/get_sandbox_log.c
+++ b/libsbutil/get_sandbox_log.c
@@ -26,7 +26,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const
char *env, const c
* about people breaking the security of the sandbox by
* exporting SANDBOX_LOG=/dev/null.
*/
- strncpy(path, sandbox_log_env, SB_PATH_MAX);
+ strncpy(path, sandbox_log_env, PATH_MAX);
} else {
/* If running as a user w/out write access to /var/log, don't
* shit ourselves.
@@ -35,7 +35,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const
char *env, const c
if (tmpdir && access(sb_log_dir, W_OK))
sb_log_dir = tmpdir;
- snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s",
+ snprintf(path, PATH_MAX, "%s%s%s%s%d%s",
sb_log_dir, prefix,
(sandbox_log_env == NULL ? "" : sandbox_log_env),
(sandbox_log_env == NULL ? "" : "-"),
diff --git a/libsbutil/get_sandbox_rc.c b/libsbutil/get_sandbox_rc.c
index a02f6f0..cb5c6c8 100644
--- a/libsbutil/get_sandbox_rc.c
+++ b/libsbutil/get_sandbox_rc.c
@@ -17,10 +17,10 @@ void get_sandbox_rc(char *path)
{
save_errno();
if (is_env_on(ENV_SANDBOX_TESTING))
- snprintf(path, SB_PATH_MAX, "%s/%s",
+ snprintf(path, PATH_MAX, "%s/%s",
getenv("__SANDBOX_BASHRC_PATH"), BASHRC_NAME);
else
- snprintf(path, SB_PATH_MAX, "%s/%s",
+ snprintf(path, PATH_MAX, "%s/%s",
SANDBOX_BASHRC_PATH, BASHRC_NAME);
restore_errno();
}
diff --git a/localdecls.h b/localdecls.h
index 74e5049..7039814 100644
--- a/localdecls.h
+++ b/localdecls.h
@@ -32,19 +32,6 @@
#endif
-#ifdef PATH_MAX
-# define SB_PATH_MAX PATH_MAX * 2
-# if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX)
-# undef SB_PATH_MAX
-# define SB_PATH_MAX PATH_MAX + 25
-# if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX)
-# error SB_PATH_MAX too big!
-# endif
-# endif
-#else
-# error PATH_MAX not defined!
-#endif
-
#ifndef MAP_ANONYMOUS
# define MAP_ANONYMOUS MAP_ANON
#endif
diff --git a/src/environ.c b/src/environ.c
index 2b28c0b..b09f5aa 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -113,7 +113,7 @@ static int setup_access_var(const char *access_var)
{
rc_dynbuf_t *env_data;
int count = 0;
- char confd_path[SB_PATH_MAX];
+ char confd_path[PATH_MAX];
char *config;
char **confd_files = NULL;
bool use_confd = true;
diff --git a/src/sandbox.c b/src/sandbox.c
index 9c3e0da..81c7ac9 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -39,7 +39,7 @@ static int setup_sandbox(struct sandbox_info_t *sandbox_info,
bool interactive)
/* Portage handle setting SANDBOX_WRITE itself. */
sandbox_info->work_dir[0] = '\0';
} else {
- if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {
+ if (NULL == getcwd(sandbox_info->work_dir, PATH_MAX)) {
sb_pwarn("failed to get current directory");
return -1;
}
diff --git a/src/sandbox.h b/src/sandbox.h
index cdc1b9e..e21dde3 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -14,13 +14,13 @@
#define __SANDBOX_H__
struct sandbox_info_t {
- char sandbox_log[SB_PATH_MAX];
- char sandbox_debug_log[SB_PATH_MAX];
- char sandbox_message_path[SB_PATH_MAX];
- char sandbox_lib[SB_PATH_MAX];
- char sandbox_rc[SB_PATH_MAX];
- char work_dir[SB_PATH_MAX];
- char tmp_dir[SB_PATH_MAX];
+ char sandbox_log[PATH_MAX];
+ char sandbox_debug_log[PATH_MAX];
+ char sandbox_message_path[PATH_MAX];
+ char sandbox_lib[PATH_MAX];
+ char sandbox_rc[PATH_MAX];
+ char work_dir[PATH_MAX];
+ char tmp_dir[PATH_MAX];
char *home_dir;
};
