mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-08 18:25:29 +00:00
727 lines
26 KiB
Python
727 lines
26 KiB
Python
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2011-2013 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
from apparmor.common import AppArmorException, debug, error, msg, cmd
|
|
import apparmor.easyprof
|
|
import optparse
|
|
import os
|
|
import pwd
|
|
import re
|
|
import signal
|
|
import socket
|
|
import sys
|
|
import tempfile
|
|
import time
|
|
|
|
def check_requirements(binary):
|
|
'''Verify necessary software is installed'''
|
|
exes = ['xset', # for detecting free X display
|
|
'aa-easyprof', # for templates
|
|
'aa-exec', # for changing profile
|
|
'sudo', # eventually get rid of this
|
|
'pkexec', # eventually get rid of this
|
|
binary]
|
|
|
|
for e in exes:
|
|
debug("Searching for '%s'" % e)
|
|
rc, report = cmd(['which', e])
|
|
if rc != 0:
|
|
error("Could not find '%s'" % e, do_exit=False)
|
|
return False
|
|
|
|
return True
|
|
|
|
def parse_args(args=None, parser=None):
|
|
'''Parse arguments'''
|
|
if parser == None:
|
|
parser = optparse.OptionParser()
|
|
|
|
parser.add_option('-X', '--with-x',
|
|
dest='withx',
|
|
default=False,
|
|
help='Run in isolated X server',
|
|
action='store_true')
|
|
parser.add_option('--with-xserver',
|
|
dest='xserver',
|
|
default='xpra',
|
|
help='Nested X server to use: xpra (default), xpra3d, xephyr')
|
|
parser.add_option('--with-clipboard',
|
|
dest='with_clipboard',
|
|
default=False,
|
|
help='Allow clipboard access',
|
|
action='store_true')
|
|
parser.add_option('--with-xauthority',
|
|
dest='xauthority',
|
|
default=None,
|
|
help='Specify Xauthority file to use')
|
|
parser.add_option('-d', '--debug',
|
|
dest='debug',
|
|
default=False,
|
|
help='Show debug messages',
|
|
action='store_true')
|
|
parser.add_option('--with-xephyr-geometry',
|
|
dest='xephyr_geometry',
|
|
default=None,
|
|
help='Geometry for Xephyr window')
|
|
parser.add_option('--profile',
|
|
dest='profile',
|
|
default=None,
|
|
help='Specify an existing profile (see aa-status)')
|
|
|
|
(my_opt, my_args) = parser.parse_args()
|
|
if my_opt.debug:
|
|
apparmor.common.DEBUGGING = True
|
|
|
|
valid_xservers = ['xpra', 'xpra3d', 'xephyr']
|
|
if my_opt.withx and my_opt.xserver.lower() not in valid_xservers:
|
|
error("Invalid server '%s'. Use one of: %s" % (my_opt.xserver, \
|
|
", ".join(valid_xservers)))
|
|
|
|
if my_opt.withx:
|
|
if my_opt.xephyr_geometry and my_opt.xserver.lower() != "xephyr":
|
|
error("Invalid option --with-xephyr-geometry with '%s'" % my_opt.xserver)
|
|
elif my_opt.with_clipboard and my_opt.xserver.lower() == "xephyr":
|
|
error("Clipboard not supported with '%s'" % my_opt.xserver)
|
|
|
|
if my_opt.template == "default":
|
|
if my_opt.withx:
|
|
my_opt.template = "sandbox-x"
|
|
else:
|
|
my_opt.template = "sandbox"
|
|
|
|
return (my_opt, my_args)
|
|
|
|
def gen_policy_name(binary):
|
|
'''Generate a temporary policy based on the binary name'''
|
|
return "sandbox-%s%s" % (pwd.getpwuid(os.geteuid())[0],
|
|
re.sub(r'/', '_', binary))
|
|
|
|
def set_environ(env):
|
|
keys = env.keys()
|
|
keys.sort()
|
|
for k in keys:
|
|
msg("Using: %s=%s" % (k, env[k]))
|
|
os.environ[k] = env[k]
|
|
|
|
def aa_exec(command, opt, environ={}, verify_rules=[]):
|
|
'''Execute binary under specified policy'''
|
|
if opt.profile != None:
|
|
policy_name = opt.profile
|
|
else:
|
|
opt.ensure_value("template_var", None)
|
|
opt.ensure_value("name", None)
|
|
opt.ensure_value("comment", None)
|
|
opt.ensure_value("author", None)
|
|
opt.ensure_value("copyright", None)
|
|
|
|
binary = command[0]
|
|
policy_name = gen_policy_name(binary)
|
|
easyp = apparmor.easyprof.AppArmorEasyProfile(binary, opt)
|
|
params = apparmor.easyprof.gen_policy_params(policy_name, opt)
|
|
policy = easyp.gen_policy(**params)
|
|
debug("\n%s" % policy)
|
|
|
|
tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name)
|
|
if sys.version_info[0] >= 3:
|
|
tmp.write(bytes(policy, 'utf-8'))
|
|
else:
|
|
tmp.write(policy)
|
|
tmp.flush()
|
|
|
|
debug("using '%s' template" % opt.template)
|
|
# TODO: get rid of this
|
|
if opt.withx:
|
|
rc, report = cmd(['pkexec', 'apparmor_parser', '-r', '%s' % tmp.name])
|
|
else:
|
|
rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not load policy")
|
|
|
|
rc, report = cmd(['sudo', 'apparmor_parser', '-p', tmp.name])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not dump policy")
|
|
|
|
# Make sure the dynamic profile has the appropriate line for X
|
|
for r in verify_rules:
|
|
found = False
|
|
for line in report.splitlines():
|
|
line = line.strip()
|
|
if r == line:
|
|
found = True
|
|
break
|
|
if not found:
|
|
raise AppArmorException("Could not find required rule: %s" % r)
|
|
|
|
set_environ(environ)
|
|
args = ['aa-exec', '-p', policy_name, '--'] + command
|
|
rc, report = cmd(args)
|
|
return rc, report
|
|
|
|
def run_sandbox(command, opt):
|
|
'''Run application'''
|
|
# aa-exec
|
|
rc, report = aa_exec(command, opt)
|
|
return rc, report
|
|
|
|
class SandboxXserver():
|
|
def __init__(self, title, geometry=None,
|
|
driver=None,
|
|
xauth=None,
|
|
clipboard=False):
|
|
self.geometry = geometry
|
|
self.title = title
|
|
self.pids = []
|
|
self.driver = driver
|
|
self.clipboard = clipboard
|
|
self.tempfiles = []
|
|
self.timeout = 5 # used by xauth and for server starts
|
|
|
|
# preserve our environment
|
|
self.old_environ = dict()
|
|
for env in ['DISPLAY', 'XAUTHORITY', 'UBUNTU_MENUPROXY',
|
|
'QT_X11_NO_NATIVE_MENUBAR', 'LIBOVERLAY_SCROLLBAR']:
|
|
if env in os.environ:
|
|
self.old_environ[env] = os.environ[env]
|
|
|
|
# prepare the new environment
|
|
self.display, self.xauth = self.find_free_x_display()
|
|
if xauth:
|
|
abs_xauth = os.path.expanduser(xauth)
|
|
if os.path.expanduser("~/.Xauthority") == abs_xauth:
|
|
raise AppArmorException("Trusted Xauthority file specified. Aborting")
|
|
self.xauth = abs_xauth
|
|
self.new_environ = dict()
|
|
self.new_environ['DISPLAY'] = self.display
|
|
self.new_environ['XAUTHORITY'] = self.xauth
|
|
# Disable the global menu for now
|
|
self.new_environ["UBUNTU_MENUPROXY"] = ""
|
|
self.new_environ["QT_X11_NO_NATIVE_MENUBAR"] = "1"
|
|
# Disable the overlay scrollbar for now-- they don't track correctly
|
|
self.new_environ["LIBOVERLAY_SCROLLBAR"] = "0"
|
|
|
|
def cleanup(self):
|
|
'''Cleanup our forked pids, reset the environment, etc'''
|
|
self.pids.reverse()
|
|
debug(self.pids)
|
|
for pid in self.pids:
|
|
# Kill server with TERM
|
|
debug("kill %d" % pid)
|
|
os.kill(pid, signal.SIGTERM)
|
|
|
|
for pid in self.pids:
|
|
# Shoot the server dead
|
|
debug("kill -9 %d" % pid)
|
|
os.kill(pid, signal.SIGKILL)
|
|
|
|
for t in self.tempfiles:
|
|
if os.path.exists(t):
|
|
os.unlink(t)
|
|
|
|
if os.path.exists(self.xauth):
|
|
os.unlink(self.xauth)
|
|
|
|
# Reset our environment
|
|
set_environ(self.old_environ)
|
|
|
|
def find_free_x_display(self):
|
|
'''Find a free X display'''
|
|
old_lang = None
|
|
if 'LANG' in os.environ:
|
|
old_lang = os.environ['LANG']
|
|
os.environ['LANG'] = 'C'
|
|
|
|
display = ""
|
|
current = self.old_environ["DISPLAY"]
|
|
for i in range(1,257): # TODO: this puts an artificial limit of 256
|
|
# sandboxed applications
|
|
tmp = ":%d" % i
|
|
os.environ["DISPLAY"] = tmp
|
|
rc, report = cmd(['xset', '-q'])
|
|
if rc != 0 and 'Invalid MIT-MAGIC-COOKIE-1' not in report:
|
|
display = tmp
|
|
break
|
|
|
|
if old_lang:
|
|
os.environ['LANG'] = old_lang
|
|
|
|
os.environ["DISPLAY"] = current
|
|
if display == "":
|
|
raise AppArmorException("Could not find available X display")
|
|
|
|
# Use dedicated .Xauthority file
|
|
xauth = os.path.join(os.path.expanduser('~'), \
|
|
'.Xauthority-sandbox%s' % display.split(':')[1])
|
|
|
|
return display, xauth
|
|
|
|
def generate_title(self):
|
|
return "(Sandbox%s) %s" % (self.display, self.title)
|
|
|
|
def verify_host_setup(self):
|
|
'''Make sure we have everything we need'''
|
|
old_lang = None
|
|
if 'LANG' in os.environ:
|
|
old_lang = os.environ['LANG']
|
|
|
|
os.environ['LANG'] = 'C'
|
|
rc, report = cmd(['xhost'])
|
|
|
|
if old_lang:
|
|
os.environ['LANG'] = old_lang
|
|
|
|
if rc != 0:
|
|
raise AppArmorException("'xhost' exited with error")
|
|
if 'access control enabled' not in report:
|
|
raise AppArmorException("Access control currently disabled. Please enable with 'xhost -'")
|
|
username = pwd.getpwuid(os.geteuid())[0]
|
|
if ':localuser:%s' % username in report:
|
|
raise AppArmorException("Access control allows '%s' full access. Please see 'man aa-sandbox' for details" % username)
|
|
|
|
def start(self):
|
|
'''Start a nested X server (need to override)'''
|
|
# clean up the old one
|
|
if os.path.exists(self.xauth):
|
|
os.unlink(self.xauth)
|
|
rc, cookie = cmd(['mcookie'])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not generate magic cookie")
|
|
|
|
rc, out = cmd(['xauth', '-f', self.xauth, \
|
|
'add', \
|
|
self.display, \
|
|
'MIT-MAGIC-COOKIE-1', \
|
|
cookie.strip()])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not generate '%s'" % self.display)
|
|
|
|
|
|
class SandboxXephyr(SandboxXserver):
|
|
def start(self):
|
|
for e in ['Xephyr', 'matchbox-window-manager']:
|
|
debug("Searching for '%s'" % e)
|
|
rc, report = cmd(['which', e])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not find '%s'" % e)
|
|
|
|
'''Run any setup code'''
|
|
SandboxXserver.start(self)
|
|
|
|
'''Start a Xephyr server'''
|
|
listener_x = os.fork()
|
|
if listener_x == 0:
|
|
# TODO: break into config file? Which are needed?
|
|
x_exts = ['-extension', 'GLX',
|
|
'-extension', 'MIT-SHM',
|
|
'-extension', 'RENDER',
|
|
'-extension', 'SECURITY',
|
|
'-extension', 'DAMAGE'
|
|
]
|
|
# verify_these
|
|
x_extra_args = ['-host-cursor', # less secure?
|
|
'-fakexa', # for games? seems not needed
|
|
'-nodri', # more secure?
|
|
]
|
|
|
|
if not self.geometry:
|
|
self.geometry = "640x480"
|
|
x_args = ['-nolisten', 'tcp',
|
|
'-screen', self.geometry,
|
|
'-br', # black background
|
|
'-reset', # reset after last client exists
|
|
'-terminate', # terminate at server reset
|
|
'-title', self.generate_title(),
|
|
] + x_exts + x_extra_args
|
|
|
|
args = ['/usr/bin/Xephyr'] + x_args + [self.display]
|
|
debug(" ".join(args))
|
|
os.execv(args[0], args)
|
|
sys.exit(0)
|
|
self.pids.append(listener_x)
|
|
|
|
time.sleep(1) # FIXME: detect if running
|
|
|
|
# Next, start the window manager
|
|
sys.stdout.flush()
|
|
os.chdir(os.environ["HOME"])
|
|
listener_wm = os.fork()
|
|
if listener_wm == 0:
|
|
# update environment
|
|
set_environ(self.new_environ)
|
|
|
|
args = ['/usr/bin/matchbox-window-manager', '-use_titlebar', 'no']
|
|
debug(" ".join(args))
|
|
cmd(args)
|
|
sys.exit(0)
|
|
|
|
self.pids.append(listener_wm)
|
|
time.sleep(1) # FIXME: detect if running
|
|
|
|
|
|
class SandboxXpra(SandboxXserver):
|
|
def cleanup(self):
|
|
sys.stderr.flush()
|
|
listener = os.fork()
|
|
if listener == 0:
|
|
args = ['/usr/bin/xpra', 'stop', self.display]
|
|
debug(" ".join(args))
|
|
os.execv(args[0], args)
|
|
sys.exit(0)
|
|
time.sleep(2)
|
|
|
|
# Annoyingly, xpra doesn't clean up itself well if the application
|
|
# failed for some reason. Try to account for that.
|
|
rc, report = cmd(['ps', 'auxww'])
|
|
for line in report.splitlines():
|
|
if '-for-Xpra-%s' % self.display in line:
|
|
self.pids.append(int(line.split()[1]))
|
|
|
|
SandboxXserver.cleanup(self)
|
|
|
|
def _get_xvfb_args(self):
|
|
'''Setup xvfb arguments'''
|
|
# Debugging tip (can also use glxinfo):
|
|
# $ xdpyinfo > /tmp/native
|
|
# $ aa-sandbox -X -t sandbox-x /usr/bin/xdpyinfo > /tmp/nested
|
|
# $ diff -Naur /tmp/native /tmp/nested
|
|
|
|
xvfb_args = []
|
|
|
|
if self.driver == None:
|
|
# The default from the man page, but be explicit in what we enable
|
|
xvfb_args.append('--xvfb=Xvfb')
|
|
xvfb_args.append('-screen 0 3840x2560x24+32')
|
|
xvfb_args.append('-nolisten tcp')
|
|
xvfb_args.append('-noreset')
|
|
xvfb_args.append('-auth %s' % self.new_environ['XAUTHORITY'])
|
|
xvfb_args.append('+extension Composite')
|
|
xvfb_args.append('+extension SECURITY')
|
|
xvfb_args.append('-extension GLX')
|
|
elif self.driver == 'xdummy':
|
|
# The dummy driver allows us to use GLX, etc. See:
|
|
# http://xpra.org/Xdummy.html
|
|
conf = '''# /usr/share/doc/xpra/examples/dummy.xorg.conf.gz
|
|
# http://xpra.org/Xdummy.html
|
|
##Xdummy:##
|
|
Section "ServerFlags"
|
|
Option "DontVTSwitch" "true"
|
|
Option "AllowMouseOpenFail" "true"
|
|
Option "PciForceNone" "true"
|
|
Option "AutoEnableDevices" "false"
|
|
Option "AutoAddDevices" "false"
|
|
EndSection
|
|
|
|
|
|
##Xdummy:##
|
|
Section "InputDevice"
|
|
Identifier "NoMouse"
|
|
Option "CorePointer" "true"
|
|
Driver "void"
|
|
EndSection
|
|
|
|
Section "InputDevice"
|
|
Identifier "NoKeyboard"
|
|
Option "CoreKeyboard" "true"
|
|
Driver "void"
|
|
EndSection
|
|
|
|
##Xdummy:##
|
|
Section "Device"
|
|
Identifier "Videocard0"
|
|
Driver "dummy"
|
|
# In kByte
|
|
#VideoRam 4096000
|
|
#VideoRam 256000
|
|
# This should be good for 3840*2560*32bpp: http://winswitch.org/trac/ticket/140
|
|
VideoRam 64000
|
|
EndSection
|
|
|
|
##Xdummy:##
|
|
Section "Monitor"
|
|
Identifier "Monitor0"
|
|
HorizSync 10.0 - 300.0
|
|
VertRefresh 10.0 - 200.0
|
|
DisplaySize 4335 1084
|
|
#The following modeline is invalid (calculator overflowed):
|
|
#Modeline "32000x32000@0" -38917.43 32000 32032 -115848 -115816 32000 32775 32826 33601
|
|
Modeline "16384x8192@10" 2101.93 16384 16416 24400 24432 8192 8390 8403 8602
|
|
Modeline "8192x4096@10" 424.46 8192 8224 9832 9864 4096 4195 4202 4301
|
|
Modeline "5120x3200@10" 199.75 5120 5152 5904 5936 3200 3277 3283 3361
|
|
Modeline "3840x2880@10" 133.43 3840 3872 4376 4408 2880 2950 2955 3025
|
|
Modeline "3840x2560@10" 116.93 3840 3872 4312 4344 2560 2622 2627 2689
|
|
Modeline "3840x2048@10" 91.45 3840 3872 4216 4248 2048 2097 2101 2151
|
|
Modeline "2048x2048@10" 49.47 2048 2080 2264 2296 2048 2097 2101 2151
|
|
Modeline "2560x1600@10" 47.12 2560 2592 2768 2800 1600 1639 1642 1681
|
|
Modeline "1920x1200@10" 26.28 1920 1952 2048 2080 1200 1229 1231 1261
|
|
Modeline "1920x1080@10" 23.53 1920 1952 2040 2072 1080 1106 1108 1135
|
|
Modeline "1680x1050@10" 20.08 1680 1712 1784 1816 1050 1075 1077 1103
|
|
Modeline "1600x900@20" 33.92 1600 1632 1760 1792 900 921 924 946
|
|
Modeline "1440x900@20" 30.66 1440 1472 1584 1616 900 921 924 946
|
|
Modeline "1360x768@20" 24.49 1360 1392 1480 1512 768 786 789 807
|
|
#common resolutions for android devices (both orientations):
|
|
Modeline "800x1280@20" 25.89 800 832 928 960 1280 1310 1315 1345
|
|
Modeline "1280x800@20" 24.15 1280 1312 1400 1432 800 819 822 841
|
|
Modeline "720x1280@25" 30.22 720 752 864 896 1280 1309 1315 1345
|
|
Modeline "1280x720@25" 27.41 1280 1312 1416 1448 720 737 740 757
|
|
Modeline "768x1024@25" 24.93 768 800 888 920 1024 1047 1052 1076
|
|
Modeline "1024x768@25" 23.77 1024 1056 1144 1176 768 785 789 807
|
|
Modeline "600x1024@25" 19.90 600 632 704 736 1024 1047 1052 1076
|
|
Modeline "1024x600@25" 18.26 1024 1056 1120 1152 600 614 617 631
|
|
Modeline "536x960@25" 16.74 536 568 624 656 960 982 986 1009
|
|
Modeline "960x536@25" 15.23 960 992 1048 1080 536 548 551 563
|
|
Modeline "600x800@25" 15.17 600 632 688 720 800 818 822 841
|
|
Modeline "800x600@25" 14.50 800 832 880 912 600 614 617 631
|
|
Modeline "480x854@25" 13.34 480 512 560 592 854 873 877 897
|
|
Modeline "848x480@25" 12.09 848 880 920 952 480 491 493 505
|
|
Modeline "480x800@25" 12.43 480 512 552 584 800 818 822 841
|
|
Modeline "800x480@25" 11.46 800 832 872 904 480 491 493 505
|
|
Modeline "320x480@50" 10.73 320 352 392 424 480 490 494 505
|
|
Modeline "480x320@50" 9.79 480 512 544 576 320 327 330 337
|
|
Modeline "240x400@50" 6.96 240 272 296 328 400 408 412 421
|
|
Modeline "400x240@50" 6.17 400 432 448 480 240 245 247 253
|
|
Modeline "240x320@50" 5.47 240 272 288 320 320 327 330 337
|
|
Modeline "320x240@50" 5.10 320 352 368 400 240 245 247 253
|
|
#resolutions for android devices (both orientations)
|
|
#minus the status bar
|
|
#38px status bar (and width rounded up)
|
|
Modeline "800x1242@20" 25.03 800 832 920 952 1242 1271 1275 1305
|
|
Modeline "1280x762@20" 22.93 1280 1312 1392 1424 762 780 783 801
|
|
Modeline "720x1242@25" 29.20 720 752 856 888 1242 1271 1276 1305
|
|
Modeline "1280x682@25" 25.85 1280 1312 1408 1440 682 698 701 717
|
|
Modeline "768x986@25" 23.90 768 800 888 920 986 1009 1013 1036
|
|
Modeline "1024x730@25" 22.50 1024 1056 1136 1168 730 747 750 767
|
|
Modeline "600x986@25" 19.07 600 632 704 736 986 1009 1013 1036
|
|
Modeline "1024x562@25" 17.03 1024 1056 1120 1152 562 575 578 591
|
|
Modeline "536x922@25" 16.01 536 568 624 656 922 943 947 969
|
|
Modeline "960x498@25" 14.09 960 992 1040 1072 498 509 511 523
|
|
Modeline "600x762@25" 14.39 600 632 680 712 762 779 783 801
|
|
Modeline "800x562@25" 13.52 800 832 880 912 562 575 578 591
|
|
Modeline "480x810@25" 12.59 480 512 552 584 810 828 832 851
|
|
Modeline "848x442@25" 11.09 848 880 920 952 442 452 454 465
|
|
Modeline "480x762@25" 11.79 480 512 552 584 762 779 783 801
|
|
Modeline "800x442@25" 10.51 800 832 864 896 442 452 454 465
|
|
#32px status bar (no need for rounding):
|
|
Modeline "320x448@50" 9.93 320 352 384 416 448 457 461 471
|
|
Modeline "480x288@50" 8.75 480 512 544 576 288 294 297 303
|
|
#24px status bar:
|
|
Modeline "240x376@50" 6.49 240 272 296 328 376 384 387 395
|
|
Modeline "400x216@50" 5.50 400 432 448 480 216 220 222 227
|
|
Modeline "240x296@50" 5.02 240 272 288 320 296 302 305 311
|
|
Modeline "320x216@50" 4.55 320 352 368 400 216 220 222 227
|
|
EndSection
|
|
|
|
##Xdummy:##
|
|
Section "Screen"
|
|
Identifier "Screen0"
|
|
Device "Videocard0"
|
|
Monitor "Monitor0"
|
|
DefaultDepth 24
|
|
SubSection "Display"
|
|
Viewport 0 0
|
|
Depth 24
|
|
Modes "32000x32000" "16384x8192" "8192x4096" "5120x3200" "3840x2880" "3840x2560" "3840x2048" "2048x2048" "2560x1600" "1920x1440" "1920x1200" "1920x1080" "1600x1200" "1680x1050" "1600x900" "1400x1050" "1440x900" "1280x1024" "1366x768" "1280x800" "1024x768" "1024x600" "800x600" "320x200"
|
|
#Virtual 32000 32000
|
|
#Virtual 16384 8192
|
|
#Virtual 8192 4096
|
|
# http://winswitch.org/trac/ticket/140
|
|
Virtual 3840 2560
|
|
EndSubSection
|
|
EndSection
|
|
|
|
Section "ServerLayout"
|
|
Identifier "dummy_layout"
|
|
Screen "screen0"
|
|
InputDevice "NoMouse"
|
|
InputDevice "NoKeyboard"
|
|
EndSection
|
|
'''
|
|
|
|
tmp, xorg_conf = tempfile.mkstemp(prefix='aa-sandbox-xorg.conf-')
|
|
self.tempfiles.append(xorg_conf)
|
|
if sys.version_info[0] >= 3:
|
|
os.write(tmp, bytes(conf, 'utf-8'))
|
|
else:
|
|
os.write(tmp, conf)
|
|
os.close(tmp)
|
|
|
|
xvfb_args.append('--xvfb=Xorg')
|
|
xvfb_args.append('-dpi 96') # https://www.xpra.org/trac/ticket/163
|
|
xvfb_args.append('-nolisten tcp')
|
|
xvfb_args.append('-noreset')
|
|
xvfb_args.append('-logfile %s' % os.path.expanduser('~/.xpra/%s.log' % self.display))
|
|
xvfb_args.append('-auth %s' % self.new_environ['XAUTHORITY'])
|
|
xvfb_args.append('-config %s' % xorg_conf)
|
|
extensions = ['Composite', 'GLX', 'RANDR', 'RENDER', 'SECURITY']
|
|
for i in extensions:
|
|
xvfb_args.append('+extension %s' % i)
|
|
else:
|
|
raise AppArmorException("Unsupported X driver '%s'" % self.driver)
|
|
|
|
return xvfb_args
|
|
|
|
def start(self):
|
|
debug("Searching for '%s'" % 'xpra')
|
|
rc, report = cmd(['which', 'xpra'])
|
|
if rc != 0:
|
|
raise AppArmorException("Could not find '%s'" % 'xpra')
|
|
|
|
if self.driver == "xdummy":
|
|
# FIXME: is there a better way we can detect this?
|
|
drv = "/usr/lib/xorg/modules/drivers/dummy_drv.so"
|
|
debug("Searching for '%s'" % drv)
|
|
if not os.path.exists(drv):
|
|
raise AppArmorException("Could not find '%s'" % drv)
|
|
|
|
'''Run any setup code'''
|
|
SandboxXserver.start(self)
|
|
|
|
xvfb_args = self._get_xvfb_args()
|
|
listener_x = os.fork()
|
|
if listener_x == 0:
|
|
os.environ['XAUTHORITY'] = self.xauth
|
|
|
|
# This will clean out any dead sessions
|
|
cmd(['xpra', 'list'])
|
|
|
|
x_args = ['--no-daemon',
|
|
#'--no-mmap', # for security?
|
|
'--no-pulseaudio']
|
|
if not self.clipboard:
|
|
x_args.append('--no-clipboard')
|
|
|
|
if xvfb_args != '':
|
|
x_args.append(" ".join(xvfb_args))
|
|
|
|
args = ['/usr/bin/xpra', 'start', self.display] + x_args
|
|
debug(" ".join(args))
|
|
sys.stderr.flush()
|
|
os.execv(args[0], args)
|
|
sys.exit(0)
|
|
self.pids.append(listener_x)
|
|
|
|
started = False
|
|
|
|
# We need to wait for the xpra socket to exist before attaching
|
|
fn = os.path.join(os.environ['HOME'], '.xpra', '%s-%s' % \
|
|
(socket.gethostname(), self.display.split(':')[1]))
|
|
for i in range(self.timeout * 2): # up to self.timeout seconds to start
|
|
if os.path.exists(fn):
|
|
debug("Found '%s'! Proceeding to attach" % fn)
|
|
break
|
|
debug("'%s' doesn't exist yet, waiting" % fn)
|
|
time.sleep(0.5)
|
|
|
|
if not os.path.exists(fn):
|
|
sys.stdout.flush()
|
|
self.cleanup()
|
|
raise AppArmorException("Could not start xpra (try again with -d)")
|
|
|
|
for i in range(self.timeout): # Up to self.timeout seconds to start
|
|
rc, out = cmd(['xpra', 'list'])
|
|
|
|
if 'DEAD session at %s' % self.display in out:
|
|
error("xpra session at '%s' died" % self.display, do_exit=False)
|
|
break
|
|
|
|
search = 'LIVE session at %s' % self.display
|
|
if search in out:
|
|
started = True
|
|
break
|
|
time.sleep(0.5)
|
|
debug("Could not find '%s' in:\n" % search)
|
|
debug(out)
|
|
|
|
if not started:
|
|
sys.stdout.flush()
|
|
self.cleanup()
|
|
raise AppArmorException("Could not start xpra (try again with -d)")
|
|
|
|
# Next, attach to xpra
|
|
sys.stdout.flush()
|
|
os.chdir(os.environ["HOME"])
|
|
listener_attach = os.fork()
|
|
if listener_attach == 0:
|
|
args = ['/usr/bin/xpra', 'attach', self.display,
|
|
'--title=%s' % self.generate_title(),
|
|
#'--no-mmap', # for security?
|
|
'--no-tray',
|
|
'--no-pulseaudio']
|
|
if not self.clipboard:
|
|
args.append('--no-clipboard')
|
|
|
|
debug(" ".join(args))
|
|
sys.stderr.flush()
|
|
os.execv(args[0], args)
|
|
sys.exit(0)
|
|
|
|
self.pids.append(listener_attach)
|
|
|
|
# Make sure that a client has attached
|
|
for i in range(self.timeout): # up to self.timeout seconds to attach
|
|
time.sleep(1)
|
|
rc, out = cmd (['xpra', 'info', self.display])
|
|
search = 'clients=1'
|
|
if search in out:
|
|
debug("Client successfully attached!")
|
|
break
|
|
debug("Could not find '%s' in:\n" % search)
|
|
debug(out)
|
|
|
|
msg("TODO: filter '~/.xpra/run-xpra'")
|
|
|
|
|
|
def run_xsandbox(command, opt):
|
|
'''Run X application in a sandbox'''
|
|
old_cwd = os.getcwd()
|
|
|
|
# first, start X
|
|
if opt.xserver.lower() == "xephyr":
|
|
x = SandboxXephyr(command[0], geometry=opt.xephyr_geometry,
|
|
xauth=opt.xauthority)
|
|
elif opt.xserver.lower() == "xpra3d":
|
|
x = SandboxXpra(command[0], geometry=None,
|
|
driver="xdummy",
|
|
xauth=opt.xauthority,
|
|
clipboard=opt.with_clipboard)
|
|
else:
|
|
x = SandboxXpra(command[0], geometry=None,
|
|
xauth=opt.xauthority,
|
|
clipboard=opt.with_clipboard)
|
|
|
|
x.verify_host_setup()
|
|
|
|
# Debug: show old environment
|
|
keys = x.old_environ.keys()
|
|
keys.sort()
|
|
for k in keys:
|
|
debug ("Old: %s=%s" % (k, x.old_environ[k]))
|
|
|
|
try:
|
|
x.start()
|
|
except Exception as e:
|
|
error(e)
|
|
os.chdir(old_cwd)
|
|
|
|
if not opt.read_path:
|
|
opt.read_path = []
|
|
opt.read_path.append(x.xauth)
|
|
|
|
# Only used with dynamic profiles
|
|
required_rules = ['audit deny @{HOME}/.Xauthority mrwlk,']
|
|
|
|
# aa-exec
|
|
try:
|
|
rc, report = aa_exec(command, opt, x.new_environ, required_rules)
|
|
except Exception:
|
|
x.cleanup()
|
|
raise
|
|
x.cleanup()
|
|
|
|
return rc, report
|