| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
the "ld.so-trick" is used to start tools from tools_root so that shared libraries are also used from tools_root, another instance of libsb2.so must be installed to tools_root. That libsb2.so must be compiled against the libc, which is available at tools_root => there will be two separately compiled versions of libsb2.so. These must be compiled from the same source, but the binaries are very probably slightly different, if the host os version != tools_root distribution. And still these must use the same lua scripts. Forgetting to update one libsb2.so can cause all kinds of strange side-effects (already tried that :-)
|
|
(no timestamp, no PID) => makes it easier to compare log files from different runs
|
|
which was caused by first clearing the environment and then executing another program; execution escaped from sb2. - Environment variables SBOX_SESSION_DIR, LD_PRELOAD and LD_LIBRARY_PATH are vital to sb2. Changed the way how these are handle by do_exec: - SBOX_SESSION_DIR can not be modified or removed at all from the environment - Original values of LD_PRELOAD and LD_LIBRARY_PATH are restored to the environment if those vars have been removed. - This commit also fixes a bug in uname() which was introduced by my last commit (sorry!)
|
|
SBOX_SESSION_DIR + a symlink in the session directory. SBOX_LUA_SCRIPTS variable still exists inside the "sb2" script, but it is not exported anymore.
|
|
introduces a new C function, sb2__read_string_variable_from_lua__(), which can be used to replace getenv() for variables that have been moved or will be moved away from environment
|
|
not anymore load all mapping modes to memory, only the rules of the selected mode will be loaded. Rules will be copied to $SBOX_SESSION_DIR/rules.lua at startup. - There is a new "-M" option to sb2, which can be used to provide direct path to the mapping rule file (so that rules don't have to be under $SBOX_LUA_SCRIPTS/pathmaps anymore) - sb2 now creates a new configuration file, $SBOX_SESSION_DIR/sb2-session.conf That file will be used to pass per-session information about sb2's environment to the various child processes; we have had far too many environment variables in use. Currently "sbox_mapmode" is the only thing passed via the new file, but other environment variables will follow.. - This should have a positive effect on performance, too.
|
|
(ld-linux.so.2) fails to execute dynamically linked programs (segfaults!), when called explicitly and stack limit has been set to infinity. This can be demonstrated by "ulimit -s unlimited; /lib/ld-linux.so /bin/bash" on ubuntu "hardy". - GNU make triggers this problem; it sets stack limit to infinity.. - This patch provides a workaround by wrapping the "setrlimit" calls, recording stack limit, and restoring the limit before exec is called.
|
|
mapping modes than maemo do not yet contain exec policies, so the world is not yet ready for warnings about missing policies..
|
|
be used to define how native binaries are started: For example, the tools that are used from "tools_root" may need to load dynamic libraries from nonstandard locations and/or use a nonstandard ld.so; also, if the target architecture is the same as the host architecture, binaries may also need special settings and a special ld.so. - These features are off by default, but can be taken into use by installing a libsb2.so to tools_root (or to the rootstrap, if target arch.==host arch) - NOTE/WARNING: These features are currently off because the current ld.so (which is part of glibc) is not fully transparent to the application. See comments in the source for a longer explanation of this.
|
|
|
|
most of Lua initialization was in luaif.c, while there were (modified) copies in argvenvp.c and paths.c
|
|
Paths can become longer than PATH_MAX during processing inside SB2, for example when getcwd() returns a really long path and a relative path is then joined to it (and this this did happen...) - Fixed potential problems in luaif/paths.c by replacing almost all references to fixed-sized buffers by dynamically allocated buffers; the remaining fixed-sized buffers are used as parameters to well-defined system calls and buffer overflows should not be possible with those.
|
|
unnecessary calls to find_rule() during path resolution phase. find_rule() is now called once for each path, and the mapping engine keeps the rule in stack while it is testing the path components. - This should also remove a problem with "install" mode rules that use a "func_name" condition ("func_name" conditions are not used by other mapping modes currently)
|
|
- calls the logger for debug messages only if debug messages have been activated
|
|
This commit fixes problems that were caused by intermediate symlinks,
that is, symlinks to directories inside longer paths.
Previously those were not mapped at all, which caused nasty unexpected
escapes from the SB2-sandboxed environment. Handling symlinks correctly
is a complex task which involved implementing a replacement for the
path resolution algorithm of the OS, and required many bigger and smaller
chenges to various modules of SB2.
Other notable changes: wrappers for glob() and glob64() were simplified as
part of the refactoring process. Re-implementing the path resolution code
pointed out that glob() did not work as it should do, when the pattern pointed
to a mapped destination. there might still be problems related to absolute
patterns.
|
|
|
|
- This commit adds initial support for handling Unix domain socket
addresses in bind() and connect(). Other socket API calls have not yet
been examined, there might be other needs for mapping, too.
- NOTE: Max. address (=path) length in the sockaddr_un structure is
usually quite short, when compared to the max.filename length. This may
present problems, because the mapped paths are usually much longer than the
original path was, but at least such cases are now logged ("error" level)
|
|
- "maemo" mode has been updated with many new rules.
- mapping rules can now call logger when the rule is selected
- conditional rules ("map if destination exists") have been added to
mapping.lua (needed by "maemo" mode)
- added new action type "use_orig_path = true" to all mapping modes,
this used to be expressed by "map_to = nil"
- "simple" and "emulate" modes were updated to use "use_orig_path" action
- "emulate" now uses /etc/resolv.conf from the host.
|
|
- sb_decolonize_path produced an empty string if the original path was /.
(and then the mapping logic could not find any matching rules, which
produced errors to the log)
|
|
- Using libpthread unconditionally caused crashes (segfaults inside
libstdc++, etc). This changes the preload library to use functions from
the pthread library only if they are available, and removes automatic
loading of that library (Full explanation can be found from luaif.c)
|
|
Really deep directory structure caused panic in sb2 preload library when
getcwd() returned NULL (which of course caused unexpected side-effects..)
This was fixed by allowing sb_decolonize_path() to return relative
paths, if getcwd() fails. This does happen in real life: Some "configure"
scripts create ultra-deep directory structures.
|
|
It is now possible to add "readonly = true" to any mapping rule, and
the generated interface will then return an error code for any function
which is trying to modify the filesystem: The interface functions do not
call the real functions at all in this case, instead they will
return an error code (typically -1 for system calls, NULL for fopen() etc).
Also, errno will been set to appropriate value, typically to EROFS.
Other modifications:
- Added wrappers for fhchmod() [all platforms],
and chflags(), getattrlist(), and setattrlist [Mac OS X - untested!]
- Modified many of the wrapper specifications in interface.master
(hopefully found all functions that may modify the filesystem :-)
- Added new logging level "NOTICE", used for logging interface-generated
"read only errors"
- sb2-show now displays if the target has been marked "readonly" by the rules
- sb2-logz knows about "notice" messages
- added two new modifiers to gen-interface.pl (without these this R/O-thing
would not be possible at all)
- some minor code cleanups
|
|
Now it can be included by itself with no dependency to libsb2.h.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
sb2-show allows you to inspect how path/argv/envp mangling
would be done for a given binary. Patch by
lauri.t.aarnio@nokia.com, somewhat cleaned up by
lle@rahina.org.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
- added sb2logz, which extracts information from logs and produces summaries
- general: log format changed (each line now contains log level, too)
- *.c: log messages which are needed by sb2logz are now at INFO level
- interface.master & libsb2.c: Added gates to _exit() and _Exit(),
so that exit status can be logged
- sb_exec.c: bugfix: sb_execve_mod() returns nonzero if error, not zero
- sb2: location of log files changed: logs now go to ~/sb2_logs/,
and initial environment is printed to the log file
|
|
Very handy for totally understanding wtf is going on.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Cleans the sequence by pushing hashbang detection further down
the pipeline, improves code structure and hopefully fixes some
breakage.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
host-gcc is run with all manglings disabled
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
sb_gcc_wrapper functionality is now implemented directly in libsb2.so as
a lua script directly managing the execve(file, argv, envp) call.
Same functionality can be used to do other things as well, see for
the dpkg-architecture example in lua_scripts/argvenvp.lua
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
For now this is just a pass-through, doesn't do anything, but
from here it's just a matter of building up the lua scripts.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
The engine initialization will end up going through scratchbox_path2
so we have to have a "in process" state to know what to do.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
This prepares for argv and envp processing using lua.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
