diff options
Diffstat (limited to 'rust/minijail/src/lib.rs')
-rw-r--r-- | rust/minijail/src/lib.rs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/rust/minijail/src/lib.rs b/rust/minijail/src/lib.rs index ba9c8af..ba59075 100644 --- a/rust/minijail/src/lib.rs +++ b/rust/minijail/src/lib.rs @@ -266,6 +266,22 @@ impl Minijail { Ok(Minijail { jail: j }) } + /// Clones self to a new `Minijail`. Useful because `fork` can only be called once on a + /// `Minijail`. + pub fn try_clone(&self) -> Result<Minijail> { + let jail_out = Minijail::new()?; + unsafe { + // Safe to clone one minijail to the other as minijail_clone doesn't modify the source + // jail(`self`) and leaves a valid minijail in the destination(`jail_out`). + let ret = minijail_copy_jail(self.jail, jail_out.jail); + if ret < 0 { + return Err(Error::ReturnCode(ret as u8)); + } + } + + Ok(jail_out) + } + // The following functions are safe because they only set values in the // struct already owned by minijail. The struct's lifetime is tied to // `struct Minijail` so it is guaranteed to be valid @@ -991,6 +1007,15 @@ mod tests { } #[test] + fn run_clone() { + let j = Minijail::new().unwrap(); + let b = j.try_clone().unwrap(); + // Pass the same FDs to both clones and make sure they don't conflict. + j.run("/bin/true", &[1, 2], &EMPTY_STRING_SLICE).unwrap(); + b.run("/bin/true", &[1, 2], &EMPTY_STRING_SLICE).unwrap(); + } + + #[test] fn run_string_vec() { let j = Minijail::new().unwrap(); let args = vec!["ignored".to_string()]; |