[Libreoffice-commits] online.git: loolwsd/LOOLBroker.cpp loolwsd/LOOLKit.cpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp loolwsd/Makefile.am loolwsd/MasterProcessSession.cpp loolwsd/MasterProcessSession.hpp
Henry Castro
hcastro at collabora.com
Sat Feb 13 14:16:59 UTC 2016
loolwsd/LOOLBroker.cpp | 218 +++------------------------------------
loolwsd/LOOLKit.cpp | 188 +++++++++++++++++++++++++++++++++
loolwsd/LOOLWSD.cpp | 7 -
loolwsd/LOOLWSD.hpp | 11 -
loolwsd/Makefile.am | 2
loolwsd/MasterProcessSession.cpp | 12 +-
loolwsd/MasterProcessSession.hpp | 4
7 files changed, 224 insertions(+), 218 deletions(-)
New commits:
commit 9e3d5c0337f9cd1439d4b6b648eb6ac795ff792e
Author: Henry Castro <hcastro at collabora.com>
Date: Sat Feb 13 10:15:28 2016 -0400
loolwsd: ensure chroot jail every lokit process
diff --git a/loolwsd/LOOLBroker.cpp b/loolwsd/LOOLBroker.cpp
index 970882e..0b3ab32 100644
--- a/loolwsd/LOOLBroker.cpp
+++ b/loolwsd/LOOLBroker.cpp
@@ -7,31 +7,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
-#include <sys/types.h>
#include <sys/wait.h>
-#include <utime.h>
-#include <ftw.h>
-#include <unistd.h>
-#include <dlfcn.h>
-
-#include <atomic>
-#include <mutex>
-#include <cstring>
-#include <cassert>
-#include <iostream>
-#include <fstream>
-#include <deque>
-
-#include <Poco/Types.h>
-#include <Poco/Random.h>
-#include <Poco/Path.h>
-#include <Poco/File.h>
-#include <Poco/ThreadLocal.h>
-#include <Poco/Process.h>
-#include <Poco/Thread.h>
-#include <Poco/NamedMutex.h>
-
#include "Common.hpp"
#include "Capabilities.hpp"
#include "Util.hpp"
@@ -45,15 +22,9 @@
#define LIB_SOFFICEAPP "lib" "sofficeapp" ".so"
#define LIB_MERGED "lib" "mergedlo" ".so"
-#define JAILED_LOOLKIT_PATH "/usr/bin/loolkit"
typedef int (LokHookPreInit) ( const char *install_path, const char *user_profile_path );
-using Poco::Path;
-using Poco::File;
-using Poco::ThreadLocal;
-using Poco::Process;
-using Poco::Thread;
using Poco::ProcessHandle;
const std::string FIFO_FILE = "/tmp/loolwsdfifo";
@@ -64,6 +35,7 @@ const std::string BROKER_PREFIX = "/tmp/lokit";
static int readerChild = -1;
static int readerBroker = -1;
+static std::string loolkitPath;
static std::atomic<unsigned> forkCounter;
static std::chrono::steady_clock::time_point lastMaintenanceTime = std::chrono::steady_clock::now();
static unsigned int childCounter = 0;
@@ -196,82 +168,6 @@ namespace
_childProcesses.erase(it);
}
}
-
- ThreadLocal<std::string> sourceForLinkOrCopy;
- ThreadLocal<Path> destinationForLinkOrCopy;
-
- int linkOrCopyFunction(const char *fpath,
- const struct stat* /*sb*/,
- int typeflag,
- struct FTW* /*ftwbuf*/)
- {
- if (strcmp(fpath, sourceForLinkOrCopy->c_str()) == 0)
- return 0;
-
- assert(fpath[strlen(sourceForLinkOrCopy->c_str())] == '/');
- const char *relativeOldPath = fpath + strlen(sourceForLinkOrCopy->c_str()) + 1;
-
-#ifdef __APPLE__
- if (strcmp(relativeOldPath, "PkgInfo") == 0)
- return 0;
-#endif
-
- Path newPath(*destinationForLinkOrCopy, Path(relativeOldPath));
-
- switch (typeflag)
- {
- case FTW_F:
- File(newPath.parent()).createDirectories();
- if (link(fpath, newPath.toString().c_str()) == -1)
- {
- Log::error("Error: link(\"" + std::string(fpath) + "\",\"" + newPath.toString() +
- "\") failed. Exiting.");
- exit(Application::EXIT_SOFTWARE);
- }
- break;
- case FTW_DP:
- {
- struct stat st;
- if (stat(fpath, &st) == -1)
- {
- Log::error("Error: stat(\"" + std::string(fpath) + "\") failed.");
- return 1;
- }
- File(newPath).createDirectories();
- struct utimbuf ut;
- ut.actime = st.st_atime;
- ut.modtime = st.st_mtime;
- if (utime(newPath.toString().c_str(), &ut) == -1)
- {
- Log::error("Error: utime(\"" + newPath.toString() + "\", &ut) failed.");
- return 1;
- }
- }
- break;
- case FTW_DNR:
- Log::error("Cannot read directory '" + std::string(fpath) + "'");
- return 1;
- case FTW_NS:
- Log::error("nftw: stat failed for '" + std::string(fpath) + "'");
- return 1;
- case FTW_SLN:
- Log::error("nftw: symlink to nonexistent file: '" + std::string(fpath) + "', ignored.");
- break;
- default:
- assert(false);
- }
- return 0;
- }
-
- void linkOrCopy(const std::string& source, const Path& destination)
- {
- *sourceForLinkOrCopy = source;
- if (sourceForLinkOrCopy->back() == '/')
- sourceForLinkOrCopy->pop_back();
- *destinationForLinkOrCopy = destination;
- if (nftw(source.c_str(), linkOrCopyFunction, 10, FTW_DEPTH) == -1)
- Log::error("linkOrCopy: nftw() failed for '" + source + "'");
- }
}
class PipeRunnable: public Runnable
@@ -567,18 +463,21 @@ static bool globalPreinit(const std::string &loSubPath)
}
static int createLibreOfficeKit(const bool sharePages,
- const std::string& loSubPath,
- const std::string& jailId)
+ const std::string& childRoot,
+ const std::string& sysTemplate,
+ const std::string& loTemplate,
+ const std::string& loSubPath)
{
Poco::UInt64 childPID;
int nFIFOWriter = -1;
int nFlags = O_WRONLY | O_NONBLOCK;
const std::string pipe = BROKER_PREFIX + std::to_string(childCounter++) + BROKER_SUFIX;
+ const std::string jailId = Util::createRandomDir(childRoot);
- if (mkfifo(pipe.c_str(), 0666) < 0)
+ if (!File(pipe).exists() && mkfifo(pipe.c_str(), 0666) < 0)
{
- Log::error("Error: mkfifo failed.");
+ Log::error("Error: Failed to create pipe FIFO [" + pipe + "].");
return -1;
}
@@ -590,7 +489,7 @@ static int createLibreOfficeKit(const bool sharePages,
if (!(pid = fork()))
{
// child
- lokit_main(loSubPath, jailId, pipe);
+ lokit_main(childRoot, sysTemplate, loTemplate, loSubPath, jailId, pipe);
_exit(Application::EXIT_OK);
}
else
@@ -603,16 +502,19 @@ static int createLibreOfficeKit(const bool sharePages,
else
{
Process::Args args;
+ args.push_back("--childroot=" + childRoot);
+ args.push_back("--systemplate=" + sysTemplate);
+ args.push_back("--lotemplate=" + loTemplate);
args.push_back("--losubpath=" + loSubPath);
args.push_back("--jailid=" + jailId);
args.push_back("--pipe=" + pipe);
args.push_back("--clientport=" + std::to_string(ClientPortNumber));
Log::info("Launching LibreOfficeKit #" + std::to_string(childCounter) +
- ": " + JAILED_LOOLKIT_PATH + " " +
+ ": " + loolkitPath + " " +
Poco::cat(std::string(" "), args.begin(), args.end()));
- ProcessHandle procChild = Process::launch(JAILED_LOOLKIT_PATH, args);
+ ProcessHandle procChild = Process::launch(loolkitPath, args);
childPID = procChild.id();
Log::info("Spawned kit [" + std::to_string(childPID) + "].");
@@ -748,12 +650,6 @@ int main(int argc, char** argv)
if (*eq)
childRoot = std::string(++eq);
}
- else if (strstr(cmd, "--jailid=") == cmd)
- {
- eq = strchrnul(cmd, '=');
- if (*eq)
- jailId = std::string(++eq);
- }
else if (strstr(cmd, "--numprespawns=") == cmd)
{
eq = strchrnul(cmd, '=');
@@ -768,6 +664,8 @@ int main(int argc, char** argv)
}
}
+ loolkitPath = Poco::Path(argv[0]).parent().toString() + "loolkit";
+
if (loSubPath.empty())
{
Log::error("Error: --losubpath is empty");
@@ -776,7 +674,7 @@ int main(int argc, char** argv)
if (sysTemplate.empty())
{
- Log::error("Error: --losubpath is empty");
+ Log::error("Error: --systemplate is empty");
exit(Application::EXIT_SOFTWARE);
}
@@ -822,82 +720,8 @@ int main(int argc, char** argv)
Log::warn("Note: LOK_VIEW_CALLBACK is not set.");
}
- // The loolkit binary must be in our directory.
- const std::string loolkitPath = Poco::Path(argv[0]).parent().toString() + "loolkit";
- if (!File(loolkitPath).exists())
- {
- Log::error("Error: loolkit does not exists at [" + loolkitPath + "].");
- exit(Application::EXIT_SOFTWARE);
- }
-
- const Path jailPath = Path::forDirectory(childRoot + Path::separator() + jailId);
- Log::info("Jail path: " + jailPath.toString());
-
- File(jailPath).createDirectories();
-
- Path jailLOInstallation(jailPath, loSubPath);
- jailLOInstallation.makeDirectory();
- File(jailLOInstallation).createDirectory();
-
- // Copy (link) LO installation and other necessary files into it from the template.
- linkOrCopy(sysTemplate, jailPath);
- linkOrCopy(loTemplate, jailLOInstallation);
-
- // It is necessary to deploy loolkit process to chroot jail.
- File(loolkitPath).copyTo(Path(jailPath, JAILED_LOOLKIT_PATH).toString());
-
- // We need this because sometimes the hostname is not resolved
- const std::vector<std::string> networkFiles = {"/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"};
- for (const auto& filename : networkFiles)
- {
- const File networkFile(filename);
- if (networkFile.exists())
- {
- networkFile.copyTo(Path(jailPath, "/etc").toString());
- }
- }
-
-#ifdef __linux
- // Create the urandom and random devices
- File(Path(jailPath, "/dev")).createDirectory();
- if (mknod((jailPath.toString() + "/dev/random").c_str(),
- S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH,
- makedev(1, 8)) != 0)
- {
- Log::error("Error: mknod(" + jailPath.toString() + "/dev/random) failed.");
-
- }
- if (mknod((jailPath.toString() + "/dev/urandom").c_str(),
- S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH,
- makedev(1, 9)) != 0)
- {
- Log::error("Error: mknod(" + jailPath.toString() + "/dev/urandom) failed.");
- }
-#endif
-
- Log::info("loolbroker -> chroot(\"" + jailPath.toString() + "\")");
- if (chroot(jailPath.toString().c_str()) == -1)
- {
- Log::error("Error: chroot(\"" + jailPath.toString() + "\") failed.");
- exit(Application::EXIT_SOFTWARE);
- }
-
- if (chdir("/") == -1)
- {
- Log::error("Error: chdir(\"/\") in jail failed.");
- exit(Application::EXIT_SOFTWARE);
- }
-
-#ifdef __linux
- dropCapability(CAP_SYS_CHROOT);
- dropCapability(CAP_MKNOD);
- dropCapability(CAP_FOWNER);
-#else
- dropCapability();
-#endif
-
int nFlags = O_RDONLY | O_NONBLOCK;
- if (mkfifo(FIFO_BROKER.c_str(), 0666) == -1)
+ if (!File(FIFO_BROKER).exists() && mkfifo(FIFO_BROKER.c_str(), 0666) == -1)
{
Log::error("Error: Failed to create pipe FIFO [" + FIFO_BROKER + "].");
exit(Application::EXIT_SOFTWARE);
@@ -926,7 +750,8 @@ int main(int argc, char** argv)
const bool sharePages = globalPreinit(loSubPath);
// We must have at least one child, more is created dynamically.
- if (createLibreOfficeKit(sharePages, loSubPath, jailId) < 0)
+ if (createLibreOfficeKit(sharePages, childRoot, sysTemplate,
+ loTemplate, loSubPath) < 0)
{
Log::error("Error: failed to create children.");
exit(Application::EXIT_SOFTWARE);
@@ -1021,7 +846,8 @@ int main(int argc, char** argv)
<< total << ", Empty: " << empty << Log::end;
do
{
- if (createLibreOfficeKit(sharePages, loSubPath, jailId) < 0)
+ if (createLibreOfficeKit(sharePages, childRoot, sysTemplate,
+ loTemplate, loSubPath) < 0)
Log::error("Error: fork failed.");
}
while (--spawn > 0);
diff --git a/loolwsd/LOOLKit.cpp b/loolwsd/LOOLKit.cpp
index 3ed6b3e..eb2c2ab 100644
--- a/loolwsd/LOOLKit.cpp
+++ b/loolwsd/LOOLKit.cpp
@@ -15,6 +15,10 @@
#include <sys/poll.h>
#include <sys/syscall.h>
#include <signal.h>
+#include <ftw.h>
+#include <utime.h>
+#include <unistd.h>
+#include <dlfcn.h>
#include <atomic>
#include <memory>
@@ -26,6 +30,7 @@
#include <Poco/Net/HTTPResponse.h>
#include <Poco/Thread.h>
#include <Poco/ThreadPool.h>
+#include <Poco/ThreadLocal.h>
#include <Poco/Runnable.h>
#include <Poco/StringTokenizer.h>
#include <Poco/Exception.h>
@@ -44,6 +49,7 @@
#include "Util.hpp"
#include "ChildProcessSession.hpp"
#include "LOOLProtocol.hpp"
+#include "Capabilities.hpp"
using namespace LOOLProtocol;
using Poco::Net::WebSocket;
@@ -59,10 +65,92 @@ using Poco::Notification;
using Poco::NotificationQueue;
using Poco::FastMutex;
using Poco::Util::Application;
+using Poco::File;
+using Poco::Path;
+using Poco::ThreadLocal;
const std::string CHILD_URI = "/loolws/child/";
const std::string LOKIT_BROKER = "/tmp/loolbroker.fifo";
+namespace
+{
+ ThreadLocal<std::string> sourceForLinkOrCopy;
+ ThreadLocal<Path> destinationForLinkOrCopy;
+
+ int linkOrCopyFunction(const char *fpath,
+ const struct stat* /*sb*/,
+ int typeflag,
+ struct FTW* /*ftwbuf*/)
+ {
+ if (strcmp(fpath, sourceForLinkOrCopy->c_str()) == 0)
+ return 0;
+
+ assert(fpath[strlen(sourceForLinkOrCopy->c_str())] == '/');
+ const char *relativeOldPath = fpath + strlen(sourceForLinkOrCopy->c_str()) + 1;
+
+#ifdef __APPLE__
+ if (strcmp(relativeOldPath, "PkgInfo") == 0)
+ return 0;
+#endif
+
+ Path newPath(*destinationForLinkOrCopy, Path(relativeOldPath));
+
+ switch (typeflag)
+ {
+ case FTW_F:
+ File(newPath.parent()).createDirectories();
+ if (link(fpath, newPath.toString().c_str()) == -1)
+ {
+ Log::error("Error: link(\"" + std::string(fpath) + "\",\"" + newPath.toString() +
+ "\") failed. Exiting.");
+ exit(Application::EXIT_SOFTWARE);
+ }
+ break;
+ case FTW_DP:
+ {
+ struct stat st;
+ if (stat(fpath, &st) == -1)
+ {
+ Log::error("Error: stat(\"" + std::string(fpath) + "\") failed.");
+ return 1;
+ }
+ File(newPath).createDirectories();
+ struct utimbuf ut;
+ ut.actime = st.st_atime;
+ ut.modtime = st.st_mtime;
+ if (utime(newPath.toString().c_str(), &ut) == -1)
+ {
+ Log::error("Error: utime(\"" + newPath.toString() + "\", &ut) failed.");
+ return 1;
+ }
+ }
+ break;
+ case FTW_DNR:
+ Log::error("Cannot read directory '" + std::string(fpath) + "'");
+ return 1;
+ case FTW_NS:
+ Log::error("nftw: stat failed for '" + std::string(fpath) + "'");
+ return 1;
+ case FTW_SLN:
+ Log::error("nftw: symlink to nonexistent file: '" + std::string(fpath) + "', ignored.");
+ break;
+ default:
+ assert(false);
+ }
+ return 0;
+ }
+
+ void linkOrCopy(const std::string& source, const Path& destination)
+ {
+ *sourceForLinkOrCopy = source;
+ if (sourceForLinkOrCopy->back() == '/')
+ sourceForLinkOrCopy->pop_back();
+ *destinationForLinkOrCopy = destination;
+ if (nftw(source.c_str(), linkOrCopyFunction, 10, FTW_DEPTH) == -1)
+ Log::error("linkOrCopy: nftw() failed for '" + source + "'");
+ }
+}
+
class Connection: public Runnable
{
public:
@@ -497,7 +585,12 @@ private:
std::atomic<unsigned> _clientViews;
};
-void lokit_main(const std::string &loSubPath, const std::string& jailId, const std::string& pipe)
+void lokit_main(const std::string& childRoot,
+ const std::string& sysTemplate,
+ const std::string& loTemplate,
+ const std::string& loSubPath,
+ const std::string& jailId,
+ const std::string& pipe)
{
#ifdef LOOLKIT_NO_MAIN
// Reinitialize logging when forked.
@@ -510,8 +603,12 @@ void lokit_main(const std::string &loSubPath, const std::string& jailId, const s
char* pStart = nullptr;
char* pEnd = nullptr;
+ assert(!childRoot.empty());
+ assert(!sysTemplate.empty());
+ assert(!loTemplate.empty());
assert(!jailId.empty());
assert(!loSubPath.empty());
+ assert(!pipe.empty());
std::map<std::string, std::shared_ptr<Document>> _documents;
@@ -549,6 +646,69 @@ void lokit_main(const std::string &loSubPath, const std::string& jailId, const s
exit(Application::EXIT_SOFTWARE);
}
+ const Path jailPath = Path::forDirectory(childRoot + Path::separator() + jailId);
+ Log::info("Jail path: " + jailPath.toString());
+
+ File(jailPath).createDirectories();
+
+ Path jailLOInstallation(jailPath, loSubPath);
+ jailLOInstallation.makeDirectory();
+ File(jailLOInstallation).createDirectory();
+
+ // Copy (link) LO installation and other necessary files into it from the template.
+ linkOrCopy(sysTemplate, jailPath);
+ linkOrCopy(loTemplate, jailLOInstallation);
+
+ // We need this because sometimes the hostname is not resolved
+ const std::vector<std::string> networkFiles = {"/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"};
+ for (const auto& filename : networkFiles)
+ {
+ const File networkFile(filename);
+ if (networkFile.exists())
+ {
+ networkFile.copyTo(Path(jailPath, "/etc").toString());
+ }
+ }
+
+#ifdef __linux
+ // Create the urandom and random devices
+ File(Path(jailPath, "/dev")).createDirectory();
+ if (mknod((jailPath.toString() + "/dev/random").c_str(),
+ S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH,
+ makedev(1, 8)) != 0)
+ {
+ Log::error("Error: mknod(" + jailPath.toString() + "/dev/random) failed.");
+
+ }
+ if (mknod((jailPath.toString() + "/dev/urandom").c_str(),
+ S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH,
+ makedev(1, 9)) != 0)
+ {
+ Log::error("Error: mknod(" + jailPath.toString() + "/dev/urandom) failed.");
+ }
+#endif
+
+ Log::info("loolbroker -> chroot(\"" + jailPath.toString() + "\")");
+ if (chroot(jailPath.toString().c_str()) == -1)
+ {
+ Log::error("Error: chroot(\"" + jailPath.toString() + "\") failed.");
+ exit(Application::EXIT_SOFTWARE);
+ }
+
+ if (chdir("/") == -1)
+ {
+ Log::error("Error: chdir(\"/\") in jail failed.");
+ exit(Application::EXIT_SOFTWARE);
+ }
+
+#ifdef __linux
+ dropCapability(CAP_SYS_CHROOT);
+ dropCapability(CAP_MKNOD);
+ dropCapability(CAP_FOWNER);
+#else
+ dropCapability();
+#endif
+
loKit = lok_init_2(instdir_path.c_str(), "file:///user");
if (loKit == nullptr)
{
@@ -699,6 +859,9 @@ int main(int argc, char** argv)
Log::initialize("kit");
+ std::string childRoot;
+ std::string sysTemplate;
+ std::string loTemplate;
std::string loSubPath;
std::string jailId;
std::string pipe;
@@ -707,7 +870,26 @@ int main(int argc, char** argv)
{
char *cmd = argv[i];
char *eq = nullptr;
- if (strstr(cmd, "--losubpath=") == cmd)
+
+ if (strstr(cmd, "--childroot=") == cmd)
+ {
+ eq = strchrnul(cmd, '=');
+ if (*eq)
+ childRoot = std::string(++eq);
+ }
+ else if (strstr(cmd, "--systemplate=") == cmd)
+ {
+ eq = strchrnul(cmd, '=');
+ if (*eq)
+ sysTemplate = std::string(++eq);
+ }
+ else if (strstr(cmd, "--lotemplate=") == cmd)
+ {
+ eq = strchrnul(cmd, '=');
+ if (*eq)
+ loTemplate = std::string(++eq);
+ }
+ else if (strstr(cmd, "--losubpath=") == cmd)
{
eq = strchrnul(cmd, '=');
if (*eq)
@@ -769,7 +951,7 @@ int main(int argc, char** argv)
Log::warn("Note: LOK_VIEW_CALLBACK is not set.");
}
- lokit_main(loSubPath, jailId, pipe);
+ lokit_main(childRoot, sysTemplate, loTemplate, loSubPath, jailId, pipe);
return Application::EXIT_OK;
}
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 02482d9..ffa047f 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -723,7 +723,6 @@ std::string LOOLWSD::Cache = LOOLWSD_CACHEDIR;
std::string LOOLWSD::SysTemplate;
std::string LOOLWSD::LoTemplate;
std::string LOOLWSD::ChildRoot;
-std::string LOOLWSD::JailId;
std::string LOOLWSD::LoSubPath = "lo";
int LOOLWSD::NumPreSpawnedChildren = 10;
@@ -861,7 +860,7 @@ void LOOLWSD::displayVersion()
std::cout << LOOLWSD_VERSION << std::endl;
}
-Poco::Process::PID LOOLWSD::createBroker(const std::string& rJailId)
+Poco::Process::PID LOOLWSD::createBroker()
{
Process::Args args;
@@ -869,7 +868,6 @@ Poco::Process::PID LOOLWSD::createBroker(const std::string& rJailId)
args.push_back("--systemplate=" + SysTemplate);
args.push_back("--lotemplate=" + LoTemplate);
args.push_back("--childroot=" + ChildRoot);
- args.push_back("--jailid=" + rJailId);
args.push_back("--numprespawns=" + std::to_string(NumPreSpawnedChildren));
args.push_back("--clientport=" + std::to_string(ClientPortNumber));
@@ -939,8 +937,7 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
return Application::EXIT_SOFTWARE;
}
- JailId = Util::createRandomDir(ChildRoot);
- const Poco::Process::PID pidBroker = createBroker(JailId);
+ const Poco::Process::PID pidBroker = createBroker();
if (pidBroker < 0)
{
Log::error("Failed to spawn loolBroker.");
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index 5c42a31..e145288 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -119,15 +119,15 @@ public:
Poco::URI getPublicUri() const { return _uriPublic; }
Poco::URI getJailedUri() const { return _uriJailed; }
- std::string getChildId() const { return _childId; }
+ std::string getJailId() const { return _jailId; }
private:
DocumentURI(const Poco::URI& uriPublic,
const Poco::URI& uriJailed,
- const std::string& childId) :
+ const std::string& jailId) :
_uriPublic(uriPublic),
_uriJailed(uriJailed),
- _childId(childId)
+ _jailId(jailId)
{
}
@@ -140,7 +140,7 @@ private:
private:
const Poco::URI _uriPublic;
const Poco::URI _uriJailed;
- const std::string _childId;
+ const std::string _jailId;
};
class LOOLWSD: public Poco::Util::ServerApplication
@@ -159,7 +159,6 @@ public:
static std::string SysTemplate;
static std::string LoTemplate;
static std::string ChildRoot;
- static std::string JailId;
static std::string LoSubPath;
static const std::string CHILD_URI;
@@ -183,7 +182,7 @@ protected:
private:
void displayHelp();
void displayVersion();
- Poco::Process::PID createBroker(const std::string& jailId);
+ Poco::Process::PID createBroker();
};
#endif
diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am
index 0da19e6..d4e7c01 100644
--- a/loolwsd/Makefile.am
+++ b/loolwsd/Makefile.am
@@ -47,9 +47,11 @@ all-local: loolwsd loolbroker
if test `uname -s` = Linux; then \
sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolwsd; \
sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolbroker; \
+ sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolkit; \
else \
sudo chown root loolwsd && sudo chmod u+s loolwsd; \
sudo chown root loolbroker && sudo chmod u+s loolbroker; \
+ sudo chown root loolbroker && sudo chmod u+s loolkit; \
fi; \
fi
diff --git a/loolwsd/MasterProcessSession.cpp b/loolwsd/MasterProcessSession.cpp
index cbe7f76..91bfb89 100644
--- a/loolwsd/MasterProcessSession.cpp
+++ b/loolwsd/MasterProcessSession.cpp
@@ -148,7 +148,7 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length)
if (url.find(filePrefix) == 0)
{
// Rewrite file:// URLs, as they are visible to the outside world.
- Path path(MasterProcessSession::getJailPath(_childId), url.substr(filePrefix.length()));
+ Path path(MasterProcessSession::getJailPath(_jailId), url.substr(filePrefix.length()));
url = filePrefix + path.toString().substr(1);
}
peer->_saveAsQueue.put(url);
@@ -251,17 +251,17 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length)
return false;
}
- const auto childId = tokens[1];
+ const auto jailId = tokens[1];
setId(tokens[2]);
const Process::PID pidChild = std::stoull(tokens[3]);
std::unique_lock<std::mutex> lock(AvailableChildSessionMutex);
AvailableChildSessions.emplace(getId(), shared_from_this());
- Log::info() << getName() << " mapped " << this << " childId=" << childId << ", id=" << getId()
+ Log::info() << getName() << " mapped " << this << " jailId=" << jailId << ", id=" << getId()
<< " into _availableChildSessions, size=" << AvailableChildSessions.size() << Log::end;
- _childId = childId;
+ _jailId = jailId;
_pidChild = pidChild;
lock.unlock();
AvailableChildSessionCV.notify_one();
@@ -384,7 +384,7 @@ bool MasterProcessSession::_handleInput(const char *buffer, int length)
bool MasterProcessSession::haveSeparateProcess()
{
- return !_childId.empty();
+ return !_jailId.empty();
}
Poco::Path MasterProcessSession::getJailPath(const std::string& childId)
@@ -766,7 +766,7 @@ void MasterProcessSession::dispatchChild()
return;
}
- const auto jailRoot = Poco::Path(LOOLWSD::ChildRoot, LOOLWSD::JailId);
+ const auto jailRoot = Poco::Path(LOOLWSD::ChildRoot, childSession->_jailId);
const auto childId = std::to_string(childSession->_pidChild);
auto document = DocumentURI::create(_docURL, jailRoot.toString(), childId);
diff --git a/loolwsd/MasterProcessSession.hpp b/loolwsd/MasterProcessSession.hpp
index 5b73717..901b523 100644
--- a/loolwsd/MasterProcessSession.hpp
+++ b/loolwsd/MasterProcessSession.hpp
@@ -80,8 +80,8 @@ private:
virtual bool _handleInput(const char *buffer, int length) override;
private:
- // The id of the child process
- std::string _childId;
+ // The jail id of the child process
+ std::string _jailId;
// The pid of the child process
Poco::Process::PID _pidChild;
int _curPart;
More information about the Libreoffice-commits
mailing list