This moves the primary key for a 'jail' to no longer be the executable
path, but instead a name.
In many cases that string will be based on the executable path, for
instance it will take the filename if the exe lives in /bin or /usr/bin
so in that respect nothing will change.
What this does allow is that you can have two different profiles that
both map to the same executabe. Allowing for instance having two
completely isolated instances running of telegram or of firefox.
The defaults are not 'secure', as they would be annoying to the max.
This is an isolation runner, removing a lot of attack vectors, for sure
but the name would give the wrong impression with defaults like we have
now.
This introduces the command execute-apprules which behaves like
an 'include' as it recurses into the app specific file.
If there is no app specific one, it will load the default.rules
Notable too is that in an app specific rules file the usage of
execute-apprules will always go to default.rules, to avoid
copy / paste of rules.
This avoids the problem that install fails if the file hasn't changed
and its installed version was changed to be owned by root externally to
cmake.
Additionally, call the helper app 'secure'.
I like 'secure firefox' to read.
This moves the final mounts to the rules file and creates the default
setup where the app has the users homedir available under a 'shared'
subdir.
This also introduces environment variables support, filtering out all
easy targets and additionally setting the config / data dirs to not be
hidden dirs.
In ~/.local/share/secure-run/1/db we store our data.
In a file `system` we now read (ini format) a [Drives] list
of which mounts are 'dangerous' in a system.
The result will be that for processes those mountmounts
will be unmounted before they start.
Drives]
1\mount=/mnt/usbpen
size=1
This also adds to an app specific (same dir) ini file the ability to list
those mounts that this specific app is allowed to see, and thus should
not be unmounted.
This uses the [AllowedDrives] list naming.
[AllowedDrives]
1\mount=/mnt/usbpen
size=1
Added plenty of small docs.
Changed the message to be pre-fixed with a message-size in order to allow
us to get interrupted on read() and know
if we need to read more.
Also fixes the bug that the server shuts down after one process as
reported by some.
tomFlowee