Skip to content

Commit

Permalink
main: Warn when non-repeatable options are repeated
Browse files Browse the repository at this point in the history 
A user might reasonably expect that `bwrap --seccomp 3 --seccomp 4 ...`
would load seccomp programs from both fds 3 and 4, but in fact it only
loads the program from fd 4.

Helps: #453
Resolves: #454
Signed-off-by: Simon McVittie <[email protected]>
  • Loading branch information
@smcv
smcv committed Oct 10, 2021
1 parent 9d187f0 commit 0d369cd
Showing 1 changed file with 53 additions and 0 deletions.
53 changes: 53 additions & 0 deletions bubblewrap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1536,6 +1536,12 @@ takes_perms (const char *next_option)
return 0;
}

static void
warn_only_last_option (const char *name)
{
warn ("Only the last %s option will take effect", name);
}

static void
parse_args_recurse (int *argcp,
const char ***argvp,
Expand Down Expand Up @@ -1693,6 +1699,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--chdir takes one argument");

if (opt_chdir_path != NULL)
warn_only_last_option ("--chdir");

opt_chdir_path = argv[1];
argv++;
argc--;
Expand Down Expand Up @@ -1768,6 +1777,10 @@ parse_args_recurse (int *argcp,
{
if (argc < 2)
die ("--exec-label takes an argument");

if (opt_exec_label != NULL)
warn_only_last_option ("--exec-label");

opt_exec_label = argv[1];
die_unless_label_valid (opt_exec_label);

Expand All @@ -1778,6 +1791,10 @@ parse_args_recurse (int *argcp,
{
if (argc < 2)
die ("--file-label takes an argument");

if (opt_file_label != NULL)
warn_only_last_option ("--file-label");

opt_file_label = argv[1];
die_unless_label_valid (opt_file_label);
if (label_create_file (opt_file_label))
Expand Down Expand Up @@ -1957,6 +1974,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--sync-fd takes an argument");

if (opt_sync_fd != -1)
warn_only_last_option ("--sync-fd");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -1974,6 +1994,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--block-fd takes an argument");

if (opt_block_fd != -1)
warn_only_last_option ("--block-fd");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -1991,6 +2014,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--userns-block-fd takes an argument");

if (opt_userns_block_fd != -1)
warn_only_last_option ("--userns-block-fd");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2008,6 +2034,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--info-fd takes an argument");

if (opt_info_fd != -1)
warn_only_last_option ("--info-fd");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2025,6 +2054,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--json-status-fd takes an argument");

if (opt_json_status_fd != -1)
warn_only_last_option ("--json-status-fd");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2042,6 +2074,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--seccomp takes an argument");

if (opt_seccomp_fd != -1)
warn_only_last_option ("--seccomp");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2059,6 +2094,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--userns takes an argument");

if (opt_userns_fd != -1)
warn_only_last_option ("--userns");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2076,6 +2114,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--userns2 takes an argument");

if (opt_userns2_fd != -1)
warn_only_last_option ("--userns2");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand All @@ -2093,6 +2134,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--pidns takes an argument");

if (opt_pidns_fd != -1)
warn_only_last_option ("--pidns");

the_fd = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
die ("Invalid fd: %s", argv[1]);
Expand Down Expand Up @@ -2134,6 +2178,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--uid takes an argument");

if (opt_sandbox_uid != -1)
warn_only_last_option ("--uid");

the_uid = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_uid < 0)
die ("Invalid uid: %s", argv[1]);
Expand All @@ -2151,6 +2198,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--gid takes an argument");

if (opt_sandbox_gid != -1)
warn_only_last_option ("--gid");

the_gid = strtol (argv[1], &endptr, 10);
if (argv[1][0] == 0 || endptr[0] != 0 || the_gid < 0)
die ("Invalid gid: %s", argv[1]);
Expand All @@ -2165,6 +2215,9 @@ parse_args_recurse (int *argcp,
if (argc < 2)
die ("--hostname takes an argument");

if (opt_sandbox_hostname != NULL)
warn_only_last_option ("--hostname");

op = setup_op_new (SETUP_SET_HOSTNAME);
op->dest = argv[1];
op->flags = NO_CREATE_DEST;
Expand Down

0 comments on commit 0d369cd

Please sign in to comment.