Simplified support for SBOX_REDIRECT_IGNORE environment variable

"SBOX_REDIRECT_IGNORE" is a feature from the old scratchbox 1: It can
be used to disable redirection of various paths during exec. This commit
adds a simplified, mostly compatible support to SB2. Since we don't have
a similar "redirector" as what the old SB1 had, this feature is implemented
by some special mapping rules in the devel mode and is only available
for two programs: : redirection of /usr/bin/perl and /usr/bin/python can
be disabled by this. For example, setting
        SBOX_REDIRECT_IGNORE=/usr/bin/perl:/usr/bin/python
will force these two programs to be mapped to the rootstrap (while the
default is still to map them to tools_root)

Also included: new conditional action 'if_redirect_ignore_is_active = "path"'
makes all this possible (added to the rule execution engine in mapping.lua).

4 files changed, 68 insertions, 2 deletions

diff --git a/lua_scripts/mapping.lua b/lua_scripts/mapping.lua
index b70c632..629bbaf 100644
--- a/lua_scripts/mapping.lua
+++ b/lua_scripts/mapping.lua
@@ -339,6 +339,13 @@ function sbox_execute_conditional_actions(binary_name,
 				return sbox_execute_rule(binary_name,
 					 func_name, rp, path, rule_cand)
 			end
+		elseif (rule_cand.if_redirect_ignore_is_active) then
+			if (sb.test_redirect_ignore(
+				rule_cand.if_redirect_ignore_is_active)) then
+
+				return sbox_execute_rule(binary_name,
+					 func_name, rp, path, rule_cand)
+			end
 		else
 			-- there MUST BE unconditional actions:
 			if (rule_cand.use_orig_path 
diff --git a/lua_scripts/pathmaps/devel/00_default.lua b/lua_scripts/pathmaps/devel/00_default.lua
index 09daadf..ceb7b2a 100644
--- a/lua_scripts/pathmaps/devel/00_default.lua
+++ b/lua_scripts/pathmaps/devel/00_default.lua
@@ -123,12 +123,16 @@ perl_lib_test = {
 }
 
 perl_bin_test = {
+	{ if_redirect_ignore_is_active = "/usr/bin/perl",
+	  map_to = target_root, readonly = true },
 	{ if_active_exec_policy_is = "Rootstrap",
 	  map_to = target_root, readonly = true },
 	{ map_to = tools, readonly = true }
 }
 
 python_bin_test = {
+	{ if_redirect_ignore_is_active = "/usr/bin/python",
+	  map_to = target_root, readonly = true },
 	{ if_active_exec_policy_is = "Rootstrap",
 	  map_to = target_root, readonly = true },
 	{ map_to = tools, readonly = true }
@@ -327,8 +331,8 @@ devel_mode_rules_usr_bin = {
 		 readonly = true},
 
 		-- 19. perl & python:
-		-- 	processing depends on the
-		--	name of the current mapping mode.
+		-- 	processing depends on SBOX_REDIRECT_IGNORE and
+		--	name of the current mapping mode. 
 		--	(these are real prefixes, version number may
 		--	be included in the name (/usr/bin/python2.5 etc))
 		{prefix = "/usr/bin/perl", actions = perl_bin_test},
diff --git a/luaif/luaif.c b/luaif/luaif.c
index e6f8b25..2801bdd 100644
--- a/luaif/luaif.c
+++ b/luaif/luaif.c
@@ -764,6 +764,58 @@ static int lua_sb_procfs_mapping_request(lua_State *l)
 	return 1;
 }
 
+/* "sb.test_redirect_ignore", to be called from lua code
+ * Parameters (in stack):
+ *	1. string: unmapped path
+ * Returns (in stack):
+ *	1. flag (boolean): true if the path is listed in environment
+ *			   variable "SBOX_REDIRECT_IGNORE", false otherwise
+ *
+ * Note: It would be nice if the value of SBOX_REDIRECT_IGNORE could be
+ * cached, but it can't; it can be changed by the current process.
+*/
+static int lua_sb_test_redirect_ignore(lua_State *l)
+{
+	char *env_sbox_redirect_ignore = NULL;
+	int result = 0; /* boolean; default result is "false" */
+	int n;
+	const char *path = NULL;
+	char *tok = NULL;
+	char *tok_state = NULL;
+
+	n = lua_gettop(l);
+	if (n != 1) {
+		SB_LOG(SB_LOGLEVEL_DEBUG, "lua_sb_test_redirect_ignore FAILS: lua_gettop = %d", n);
+		goto out;
+	}
+
+	env_sbox_redirect_ignore = getenv("SBOX_REDIRECT_IGNORE");
+	if (!env_sbox_redirect_ignore) {
+		SB_LOG(SB_LOGLEVEL_DEBUG, "no SBOX_REDIRECT_IGNORE");
+		goto out;
+	}
+	env_sbox_redirect_ignore = strdup(env_sbox_redirect_ignore);
+	SB_LOG(SB_LOGLEVEL_DEBUG, "SBOX_REDIRECT_IGNORE is '%s'",
+		env_sbox_redirect_ignore);
+
+	path = lua_tostring(l, 1);
+	if (!path) goto out;
+
+	tok = strtok_r(env_sbox_redirect_ignore, ":", &tok_state);
+	while (tok) {
+		result = !strcmp(path, tok);
+		if (result) goto out; /* return if matched */
+		tok = strtok_r(NULL, ":", &tok_state);
+	}
+
+    out:
+	if (env_sbox_redirect_ignore) free(env_sbox_redirect_ignore);
+	lua_pushboolean(l, result);
+	SB_LOG(SB_LOGLEVEL_DEBUG, "lua_sb_test_redirect_ignore(%s) => %d",
+		path, result);
+	return 1;
+}
+
 /* mappings from c to lua */
 static const luaL_reg reg[] =
 {
@@ -786,6 +838,7 @@ static const luaL_reg reg[] =
 	{"isprefix",			lua_sb_isprefix},
 	{"test_path_match",		lua_sb_test_path_match},
 	{"procfs_mapping_request",	lua_sb_procfs_mapping_request},
+	{"test_redirect_ignore",	lua_sb_test_redirect_ignore},
 	{NULL,				NULL}
 };
 
diff --git a/wrappers/dpkg-checkbuilddeps b/wrappers/dpkg-checkbuilddeps
index b2dbd5c..fb78725 100755
--- a/wrappers/dpkg-checkbuilddeps
+++ b/wrappers/dpkg-checkbuilddeps
@@ -31,6 +31,8 @@ args="$*"
 prog="$0"
 progbase=`basename $0`
 
+SBOX_REDIRECT_IGNORE=""
+
 function error_not_inside_sb2()
 {
 	echo "SB2: $progbase: This wrapper can only be used from inside"