loolwsd/LOOLBroker.cpp | 218 +++------------------------------------ loolwsd/LOOLKit.cpp | 188 +++++++++++++++++++++++++++++++++ loolwsd/LOOLWSD.cpp | 7 - loolwsd/LOOLWSD.hpp | 11 - loolwsd/Makefile.am | 2 loolwsd/MasterProcessSession.cpp | 12 +- loolwsd/MasterProcessSession.hpp | 4 7 files changed, 224 insertions(+), 218 deletions(-)
New commits: commit 9e3d5c0337f9cd1439d4b6b648eb6ac795ff792e Author: Henry Castro <hcas...@collabora.com> Date: Sat Feb 13 10:15:28 2016 -0400 loolwsd: ensure chroot jail every lokit process diff --git a/loolwsd/LOOLBroker.cpp b/loolwsd/LOOLBroker.cpp index 970882e..0b3ab32 100644 --- a/loolwsd/LOOLBroker.cpp +++ b/loolwsd/LOOLBroker.cpp @@ -7,31 +7,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <sys/types.h> #include <sys/wait.h> -#include <utime.h> -#include <ftw.h> -#include <unistd.h> -#include <dlfcn.h> - -#include <atomic> -#include <mutex> -#include <cstring> -#include <cassert> -#include <iostream> -#include <fstream> -#include <deque> - -#include <Poco/Types.h> -#include <Poco/Random.h> -#include <Poco/Path.h> -#include <Poco/File.h> -#include <Poco/ThreadLocal.h> -#include <Poco/Process.h> -#include <Poco/Thread.h> -#include <Poco/NamedMutex.h> - #include "Common.hpp" #include "Capabilities.hpp" #include "Util.hpp" @@ -45,15 +22,9 @@ #define LIB_SOFFICEAPP "lib" "sofficeapp" ".so" #define LIB_MERGED "lib" "mergedlo" ".so" -#define JAILED_LOOLKIT_PATH "/usr/bin/loolkit" typedef int (LokHookPreInit) ( const char *install_path, const char *user_profile_path ); -using Poco::Path; -using Poco::File; -using Poco::ThreadLocal; -using Poco::Process; -using Poco::Thread; using Poco::ProcessHandle; const std::string FIFO_FILE = "/tmp/loolwsdfifo"; @@ -64,6 +35,7 @@ const std::string BROKER_PREFIX = "/tmp/lokit"; static int readerChild = -1; static int readerBroker = -1; +static std::string loolkitPath; static std::atomic<unsigned> forkCounter; static std::chrono::steady_clock::time_point lastMaintenanceTime = std::chrono::steady_clock::now(); static unsigned int childCounter = 0; @@ -196,82 +168,6 @@ namespace _childProcesses.erase(it); } } - - ThreadLocal<std::string> sourceForLinkOrCopy; - ThreadLocal<Path> destinationForLinkOrCopy; - - int linkOrCopyFunction(const char *fpath, - const struct stat* /*sb*/, - int typeflag, - struct FTW* /*ftwbuf*/) - { - if (strcmp(fpath, sourceForLinkOrCopy->c_str()) == 0) - return 0; - - assert(fpath[strlen(sourceForLinkOrCopy->c_str())] == '/'); - const char *relativeOldPath = fpath + strlen(sourceForLinkOrCopy->c_str()) + 1; - -#ifdef __APPLE__ - if (strcmp(relativeOldPath, "PkgInfo") == 0) - return 0; -#endif - - Path newPath(*destinationForLinkOrCopy, Path(relativeOldPath)); - - switch (typeflag) - { - case FTW_F: - File(newPath.parent()).createDirectories(); - if (link(fpath, newPath.toString().c_str()) == -1) - { - Log::error("Error: link(\"" + std::string(fpath) + "\",\"" + newPath.toString() + - "\") failed. Exiting."); - exit(Application::EXIT_SOFTWARE); - } - break; - case FTW_DP: - { - struct stat st; - if (stat(fpath, &st) == -1) - { - Log::error("Error: stat(\"" + std::string(fpath) + "\") failed."); - return 1; - } - File(newPath).createDirectories(); - struct utimbuf ut; - ut.actime = st.st_atime; - ut.modtime = st.st_mtime; - if (utime(newPath.toString().c_str(), &ut) == -1) - { - Log::error("Error: utime(\"" + newPath.toString() + "\", &ut) failed."); - return 1; - } - } - break; - case FTW_DNR: - Log::error("Cannot read directory '" + std::string(fpath) + "'"); - return 1; - case FTW_NS: - Log::error("nftw: stat failed for '" + std::string(fpath) + "'"); - return 1; - case FTW_SLN: - Log::error("nftw: symlink to nonexistent file: '" + std::string(fpath) + "', ignored."); - break; - default: - assert(false); - } - return 0; - } - - void linkOrCopy(const std::string& source, const Path& destination) - { - *sourceForLinkOrCopy = source; - if (sourceForLinkOrCopy->back() == '/') - sourceForLinkOrCopy->pop_back(); - *destinationForLinkOrCopy = destination; - if (nftw(source.c_str(), linkOrCopyFunction, 10, FTW_DEPTH) == -1) - Log::error("linkOrCopy: nftw() failed for '" + source + "'"); - } } class PipeRunnable: public Runnable @@ -567,18 +463,21 @@ static bool globalPreinit(const std::string &loSubPath) } static int createLibreOfficeKit(const bool sharePages, - const std::string& loSubPath, - const std::string& jailId) + const std::string& childRoot, + const std::string& sysTemplate, + const std::string& loTemplate, + const std::string& loSubPath) { Poco::UInt64 childPID; int nFIFOWriter = -1; int nFlags = O_WRONLY | O_NONBLOCK; const std::string pipe = BROKER_PREFIX + std::to_string(childCounter++) + BROKER_SUFIX; + const std::string jailId = Util::createRandomDir(childRoot); - if (mkfifo(pipe.c_str(), 0666) < 0) + if (!File(pipe).exists() && mkfifo(pipe.c_str(), 0666) < 0) { - Log::error("Error: mkfifo failed."); + Log::error("Error: Failed to create pipe FIFO [" + pipe + "]."); return -1; } @@ -590,7 +489,7 @@ static int createLibreOfficeKit(const bool sharePages, if (!(pid = fork())) { // child - lokit_main(loSubPath, jailId, pipe); + lokit_main(childRoot, sysTemplate, loTemplate, loSubPath, jailId, pipe); _exit(Application::EXIT_OK); } else @@ -603,16 +502,19 @@ static int createLibreOfficeKit(const bool sharePages, else { Process::Args args; + args.push_back("--childroot=" + childRoot); + args.push_back("--systemplate=" + sysTemplate); + args.push_back("--lotemplate=" + loTemplate); args.push_back("--losubpath=" + loSubPath); args.push_back("--jailid=" + jailId); args.push_back("--pipe=" + pipe); args.push_back("--clientport=" + std::to_string(ClientPortNumber)); Log::info("Launching LibreOfficeKit #" + std::to_string(childCounter) + - ": " + JAILED_LOOLKIT_PATH + " " + + ": " + loolkitPath + " " + Poco::cat(std::string(" "), args.begin(), args.end())); - ProcessHandle procChild = Process::launch(JAILED_LOOLKIT_PATH, args); + ProcessHandle procChild = Process::launch(loolkitPath, args); childPID = procChild.id(); Log::info("Spawned kit [" + std::to_string(childPID) + "]."); @@ -748,12 +650,6 @@ int main(int argc, char** argv) if (*eq) childRoot = std::string(++eq); } - else if (strstr(cmd, "--jailid=") == cmd) - { - eq = strchrnul(cmd, '='); - if (*eq) - jailId = std::string(++eq); - } else if (strstr(cmd, "--numprespawns=") == cmd) { eq = strchrnul(cmd, '='); @@ -768,6 +664,8 @@ int main(int argc, char** argv) } } + loolkitPath = Poco::Path(argv[0]).parent().toString() + "loolkit"; + if (loSubPath.empty()) { Log::error("Error: --losubpath is empty"); @@ -776,7 +674,7 @@ int main(int argc, char** argv) if (sysTemplate.empty()) { - Log::error("Error: --losubpath is empty"); + Log::error("Error: --systemplate is empty"); exit(Application::EXIT_SOFTWARE); } @@ -822,82 +720,8 @@ int main(int argc, char** argv) Log::warn("Note: LOK_VIEW_CALLBACK is not set."); } - // The loolkit binary must be in our directory. - const std::string loolkitPath = Poco::Path(argv[0]).parent().toString() + "loolkit"; - if (!File(loolkitPath).exists()) - { - Log::error("Error: loolkit does not exists at [" + loolkitPath + "]."); - exit(Application::EXIT_SOFTWARE); - } - - const Path jailPath = Path::forDirectory(childRoot + Path::separator() + jailId); - Log::info("Jail path: " + jailPath.toString()); - - File(jailPath).createDirectories(); - - Path jailLOInstallation(jailPath, loSubPath); - jailLOInstallation.makeDirectory(); - File(jailLOInstallation).createDirectory(); - - // Copy (link) LO installation and other necessary files into it from the template. - linkOrCopy(sysTemplate, jailPath); - linkOrCopy(loTemplate, jailLOInstallation); - - // It is necessary to deploy loolkit process to chroot jail. - File(loolkitPath).copyTo(Path(jailPath, JAILED_LOOLKIT_PATH).toString()); - - // We need this because sometimes the hostname is not resolved - const std::vector<std::string> networkFiles = {"/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"}; - for (const auto& filename : networkFiles) - { - const File networkFile(filename); - if (networkFile.exists()) - { - networkFile.copyTo(Path(jailPath, "/etc").toString()); - } - } - -#ifdef __linux - // Create the urandom and random devices - File(Path(jailPath, "/dev")).createDirectory(); - if (mknod((jailPath.toString() + "/dev/random").c_str(), - S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, - makedev(1, 8)) != 0) - { - Log::error("Error: mknod(" + jailPath.toString() + "/dev/random) failed."); - - } - if (mknod((jailPath.toString() + "/dev/urandom").c_str(), - S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, - makedev(1, 9)) != 0) - { - Log::error("Error: mknod(" + jailPath.toString() + "/dev/urandom) failed."); - } -#endif - - Log::info("loolbroker -> chroot(\"" + jailPath.toString() + "\")"); - if (chroot(jailPath.toString().c_str()) == -1) - { - Log::error("Error: chroot(\"" + jailPath.toString() + "\") failed."); - exit(Application::EXIT_SOFTWARE); - } - - if (chdir("/") == -1) - { - Log::error("Error: chdir(\"/\") in jail failed."); - exit(Application::EXIT_SOFTWARE); - } - -#ifdef __linux - dropCapability(CAP_SYS_CHROOT); - dropCapability(CAP_MKNOD); - dropCapability(CAP_FOWNER); -#else - dropCapability(); -#endif - int nFlags = O_RDONLY | O_NONBLOCK; - if (mkfifo(FIFO_BROKER.c_str(), 0666) == -1) + if (!File(FIFO_BROKER).exists() && mkfifo(FIFO_BROKER.c_str(), 0666) == -1) { Log::error("Error: Failed to create pipe FIFO [" + FIFO_BROKER + "]."); exit(Application::EXIT_SOFTWARE); @@ -926,7 +750,8 @@ int main(int argc, char** argv) const bool sharePages = globalPreinit(loSubPath); // We must have at least one child, more is created dynamically. - if (createLibreOfficeKit(sharePages, loSubPath, jailId) < 0) + if (createLibreOfficeKit(sharePages, childRoot, sysTemplate, + loTemplate, loSubPath) < 0) { Log::error("Error: failed to create children."); exit(Application::EXIT_SOFTWARE); @@ -1021,7 +846,8 @@ int main(int argc, char** argv) << total << ", Empty: " << empty << Log::end; do { - if (createLibreOfficeKit(sharePages, loSubPath, jailId) < 0) + if (createLibreOfficeKit(sharePages, childRoot, sysTemplate, + loTemplate, loSubPath) < 0) Log::error("Error: fork failed."); } while (--spawn > 0); diff --git a/loolwsd/LOOLKit.cpp b/loolwsd/LOOLKit.cpp index 3ed6b3e..eb2c2ab 100644 --- a/loolwsd/LOOLKit.cpp +++ b/loolwsd/LOOLKit.cpp @@ -15,6 +15,10 @@ #include <sys/poll.h> #include <sys/syscall.h> #include <signal.h> +#include <ftw.h> +#include <utime.h> +#include <unistd.h> +#include <dlfcn.h> #include <atomic> #include <memory> @@ -26,6 +30,7 @@ #include <Poco/Net/HTTPResponse.h> #include <Poco/Thread.h> #include <Poco/ThreadPool.h> +#include <Poco/ThreadLocal.h> #include <Poco/Runnable.h> #include <Poco/StringTokenizer.h> #include <Poco/Exception.h> @@ -44,6 +49,7 @@ #include "Util.hpp" #include "ChildProcessSession.hpp" #include "LOOLProtocol.hpp" +#include "Capabilities.hpp" using namespace LOOLProtocol; using Poco::Net::WebSocket; @@ -59,10 +65,92 @@ using Poco::Notification; using Poco::NotificationQueue; using Poco::FastMutex; using Poco::Util::Application; +using Poco::File; +using Poco::Path; +using Poco::ThreadLocal; const std::string CHILD_URI = "/loolws/child/"; const std::string LOKIT_BROKER = "/tmp/loolbroker.fifo"; +namespace +{ + ThreadLocal<std::string> sourceForLinkOrCopy; + ThreadLocal<Path> destinationForLinkOrCopy; + + int linkOrCopyFunction(const char *fpath, + const struct stat* /*sb*/, + int typeflag, + struct FTW* /*ftwbuf*/) + { + if (strcmp(fpath, sourceForLinkOrCopy->c_str()) == 0) + return 0; + + assert(fpath[strlen(sourceForLinkOrCopy->c_str())] == '/'); + const char *relativeOldPath = fpath + strlen(sourceForLinkOrCopy->c_str()) + 1; + +#ifdef __APPLE__ + if (strcmp(relativeOldPath, "PkgInfo") == 0) + return 0; +#endif + + Path newPath(*destinationForLinkOrCopy, Path(relativeOldPath)); + + switch (typeflag) + { + case FTW_F: + File(newPath.parent()).createDirectories(); + if (link(fpath, newPath.toString().c_str()) == -1) + { + Log::error("Error: link(\"" + std::string(fpath) + "\",\"" + newPath.toString() + + "\") failed. Exiting."); + exit(Application::EXIT_SOFTWARE); + } + break; + case FTW_DP: + { + struct stat st; + if (stat(fpath, &st) == -1) + { + Log::error("Error: stat(\"" + std::string(fpath) + "\") failed."); + return 1; + } + File(newPath).createDirectories(); + struct utimbuf ut; + ut.actime = st.st_atime; + ut.modtime = st.st_mtime; + if (utime(newPath.toString().c_str(), &ut) == -1) + { + Log::error("Error: utime(\"" + newPath.toString() + "\", &ut) failed."); + return 1; + } + } + break; + case FTW_DNR: + Log::error("Cannot read directory '" + std::string(fpath) + "'"); + return 1; + case FTW_NS: + Log::error("nftw: stat failed for '" + std::string(fpath) + "'"); + return 1; + case FTW_SLN: + Log::error("nftw: symlink to nonexistent file: '" + std::string(fpath) + "', ignored."); + break; + default: + assert(false); + } + return 0; + } + + void linkOrCopy(const std::string& source, const Path& destination) + { + *sourceForLinkOrCopy = source; + if (sourceForLinkOrCopy->back() == '/') + sourceForLinkOrCopy->pop_back(); + *destinationForLinkOrCopy = destination; + if (nftw(source.c_str(), linkOrCopyFunction, 10, FTW_DEPTH) == -1) + Log::error("linkOrCopy: nftw() failed for '" + source + "'"); + } +} + class Connection: public Runnable { public: @@ -497,7 +585,12 @@ private: std::atomic<unsigned> _clientViews; }; -void lokit_main(const std::string &loSubPath, const std::string& jailId, const std::string& pipe) +void lokit_main(const std::string& childRoot, + const std::string& sysTemplate, + const std::string& loTemplate, + const std::string& loSubPath, + const std::string& jailId, + const std::string& pipe) { #ifdef LOOLKIT_NO_MAIN // Reinitialize logging when forked. @@ -510,8 +603,12 @@ void lokit_main(const std::string &loSubPath, const std::string& jailId, const s char* pStart = nullptr; char* pEnd = nullptr; + assert(!childRoot.empty()); + assert(!sysTemplate.empty()); + assert(!loTemplate.empty()); assert(!jailId.empty()); assert(!loSubPath.empty()); + assert(!pipe.empty()); std::map<std::string, std::shared_ptr<Document>> _documents; @@ -549,6 +646,69 @@ void lokit_main(const std::string &loSubPath, const std::string& jailId, const s exit(Application::EXIT_SOFTWARE); } + const Path jailPath = Path::forDirectory(childRoot + Path::separator() + jailId); + Log::info("Jail path: " + jailPath.toString()); + + File(jailPath).createDirectories(); + + Path jailLOInstallation(jailPath, loSubPath); + jailLOInstallation.makeDirectory(); + File(jailLOInstallation).createDirectory(); + + // Copy (link) LO installation and other necessary files into it from the template. + linkOrCopy(sysTemplate, jailPath); + linkOrCopy(loTemplate, jailLOInstallation); + + // We need this because sometimes the hostname is not resolved + const std::vector<std::string> networkFiles = {"/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"}; + for (const auto& filename : networkFiles) + { + const File networkFile(filename); + if (networkFile.exists()) + { + networkFile.copyTo(Path(jailPath, "/etc").toString()); + } + } + +#ifdef __linux + // Create the urandom and random devices + File(Path(jailPath, "/dev")).createDirectory(); + if (mknod((jailPath.toString() + "/dev/random").c_str(), + S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, + makedev(1, 8)) != 0) + { + Log::error("Error: mknod(" + jailPath.toString() + "/dev/random) failed."); + + } + if (mknod((jailPath.toString() + "/dev/urandom").c_str(), + S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, + makedev(1, 9)) != 0) + { + Log::error("Error: mknod(" + jailPath.toString() + "/dev/urandom) failed."); + } +#endif + + Log::info("loolbroker -> chroot(\"" + jailPath.toString() + "\")"); + if (chroot(jailPath.toString().c_str()) == -1) + { + Log::error("Error: chroot(\"" + jailPath.toString() + "\") failed."); + exit(Application::EXIT_SOFTWARE); + } + + if (chdir("/") == -1) + { + Log::error("Error: chdir(\"/\") in jail failed."); + exit(Application::EXIT_SOFTWARE); + } + +#ifdef __linux + dropCapability(CAP_SYS_CHROOT); + dropCapability(CAP_MKNOD); + dropCapability(CAP_FOWNER); +#else + dropCapability(); +#endif + loKit = lok_init_2(instdir_path.c_str(), "file:///user"); if (loKit == nullptr) { @@ -699,6 +859,9 @@ int main(int argc, char** argv) Log::initialize("kit"); + std::string childRoot; + std::string sysTemplate; + std::string loTemplate; std::string loSubPath; std::string jailId; std::string pipe; @@ -707,7 +870,26 @@ int main(int argc, char** argv) { char *cmd = argv[i]; char *eq = nullptr; - if (strstr(cmd, "--losubpath=") == cmd) + + if (strstr(cmd, "--childroot=") == cmd) + { + eq = strchrnul(cmd, '='); + if (*eq) + childRoot = std::string(++eq); + } + else if (strstr(cmd, "--systemplate=") == cmd) + { + eq = strchrnul(cmd, '='); + if (*eq) + sysTemplate = std::string(++eq); + } + else if (strstr(cmd, "--lotemplate=") == cmd) + { + eq = strchrnul(cmd, '='); + if (*eq) + loTemplate = std::string(++eq); + } + else if (strstr(cmd, "--losubpath=") == cmd) { eq = strchrnul(cmd, '='); if (*eq) @@ -769,7 +951,7 @@ int main(int argc, char** argv) Log::warn("Note: LOK_VIEW_CALLBACK is not set."); } - lokit_main(loSubPath, jailId, pipe); + lokit_main(childRoot, sysTemplate, loTemplate, loSubPath, jailId, pipe); return Application::EXIT_OK; } diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 02482d9..ffa047f 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -723,7 +723,6 @@ std::string LOOLWSD::Cache = LOOLWSD_CACHEDIR; std::string LOOLWSD::SysTemplate; std::string LOOLWSD::LoTemplate; std::string LOOLWSD::ChildRoot; -std::string LOOLWSD::JailId; std::string LOOLWSD::LoSubPath = "lo"; int LOOLWSD::NumPreSpawnedChildren = 10; @@ -861,7 +860,7 @@ void LOOLWSD::displayVersion() std::cout << LOOLWSD_VERSION << std::endl; } -Poco::Process::PID LOOLWSD::createBroker(const std::string& rJailId) +Poco::Process::PID LOOLWSD::createBroker() { Process::Args args; @@ -869,7 +868,6 @@ Poco::Process::PID LOOLWSD::createBroker(const std::string& rJailId) args.push_back("--systemplate=" + SysTemplate); args.push_back("--lotemplate=" + LoTemplate); args.push_back("--childroot=" + ChildRoot); - args.push_back("--jailid=" + rJailId); args.push_back("--numprespawns=" + std::to_string(NumPreSpawnedChildren)); args.push_back("--clientport=" + std::to_string(ClientPortNumber)); @@ -939,8 +937,7 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/) return Application::EXIT_SOFTWARE; } - JailId = Util::createRandomDir(ChildRoot); - const Poco::Process::PID pidBroker = createBroker(JailId); + const Poco::Process::PID pidBroker = createBroker(); if (pidBroker < 0) { Log::error("Failed to spawn loolBroker."); diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp index 5c42a31..e145288 100644 --- a/loolwsd/LOOLWSD.hpp +++ b/loolwsd/LOOLWSD.hpp @@ -119,15 +119,15 @@ public: Poco::URI getPublicUri() const { return _uriPublic; } Poco::URI getJailedUri() const { return _uriJailed; } - std::string getChildId() const { return _childId; } + std::string getJailId() const { return _jailId; } private: DocumentURI(const Poco::URI& uriPublic, const Poco::URI& uriJailed, - const std::string& childId) : + const std::string& jailId) : _uriPublic(uriPublic), _uriJailed(uriJailed), - _childId(childId) + _jailId(jailId) { } @@ -140,7 +140,7 @@ private: private: const Poco::URI _uriPublic; const Poco::URI _uriJailed; - const std::string _childId; + const std::string _jailId; }; class LOOLWSD: public Poco::Util::ServerApplication @@ -159,7 +159,6 @@ public: static std::string SysTemplate; static std::string LoTemplate; static std::string ChildRoot; - static std::string JailId; static std::string LoSubPath; static const std::string CHILD_URI; @@ -183,7 +182,7 @@ protected: private: void displayHelp(); void displayVersion(); - Poco::Process::PID createBroker(const std::string& jailId); + Poco::Process::PID createBroker(); }; #endif diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am index 0da19e6..d4e7c01 100644 --- a/loolwsd/Makefile.am +++ b/loolwsd/Makefile.am @@ -47,9 +47,11 @@ all-local: loolwsd loolbroker if test `uname -s` = Linux; then \ sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolwsd; \ sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolbroker; \ + sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolkit; \ else \ sudo chown root loolwsd && sudo chmod u+s loolwsd; \ sudo chown root loolbroker && sudo chmod u+s loolbroker; \ + sudo chown root loolbroker && sudo chmod u+s loolkit; \ fi; \ fi diff --git a/loolwsd/MasterProcessSession.cpp b/loolwsd/MasterProcessSession.cpp index cbe7f76..91bfb89 100644 --- a/loolwsd/MasterProcessSession.cpp +++ b/loolwsd/MasterProcessSession.cpp @@ -148,7 +148,7 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length) if (url.find(filePrefix) == 0) { // Rewrite file:// URLs, as they are visible to the outside world. - Path path(MasterProcessSession::getJailPath(_childId), url.substr(filePrefix.length())); + Path path(MasterProcessSession::getJailPath(_jailId), url.substr(filePrefix.length())); url = filePrefix + path.toString().substr(1); } peer->_saveAsQueue.put(url); @@ -251,17 +251,17 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length) return false; } - const auto childId = tokens[1]; + const auto jailId = tokens[1]; setId(tokens[2]); const Process::PID pidChild = std::stoull(tokens[3]); std::unique_lock<std::mutex> lock(AvailableChildSessionMutex); AvailableChildSessions.emplace(getId(), shared_from_this()); - Log::info() << getName() << " mapped " << this << " childId=" << childId << ", id=" << getId() + Log::info() << getName() << " mapped " << this << " jailId=" << jailId << ", id=" << getId() << " into _availableChildSessions, size=" << AvailableChildSessions.size() << Log::end; - _childId = childId; + _jailId = jailId; _pidChild = pidChild; lock.unlock(); AvailableChildSessionCV.notify_one(); @@ -384,7 +384,7 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length) bool MasterProcessSession::haveSeparateProcess() { - return !_childId.empty(); + return !_jailId.empty(); } Poco::Path MasterProcessSession::getJailPath(const std::string& childId) @@ -766,7 +766,7 @@ void MasterProcessSession::dispatchChild() return; } - const auto jailRoot = Poco::Path(LOOLWSD::ChildRoot, LOOLWSD::JailId); + const auto jailRoot = Poco::Path(LOOLWSD::ChildRoot, childSession->_jailId); const auto childId = std::to_string(childSession->_pidChild); auto document = DocumentURI::create(_docURL, jailRoot.toString(), childId); diff --git a/loolwsd/MasterProcessSession.hpp b/loolwsd/MasterProcessSession.hpp index 5b73717..901b523 100644 --- a/loolwsd/MasterProcessSession.hpp +++ b/loolwsd/MasterProcessSession.hpp @@ -80,8 +80,8 @@ private: virtual bool _handleInput(const char *buffer, int length) override; private: - // The id of the child process - std::string _childId; + // The jail id of the child process + std::string _jailId; // The pid of the child process Poco::Process::PID _pidChild; int _curPart; _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits