Displaying 1 result from an estimated 1 matches for "child_sock".
Did you mean:
child_docs
2011 Jun 22
3
sandbox pre-auth privsep child
...t;xmalloc.h"
+
+static const int preauth_policy[] = {
+ SYS___sysctl,
+ SYS_close,
+ SYS_exit,
+ SYS_getpid,
+ SYS_gettimeofday,
+ SYS_madvise,
+ SYS_mmap,
+ SYS_mprotect,
+ SYS_poll,
+ SYS_munmap,
+ SYS_read,
+ SYS_select,
+ SYS_sigprocmask,
+ SYS_write,
+ -1
+};
+
+struct ssh_sandbox {
+ int child_sock;
+ int parent_sock;
+ int systrace_fd;
+ pid_t child_pid;
+ struct systrace_policy policy;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+ int s[2];
+
+ debug3("%s: preparing systrace sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ if (socketpa...