summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLauri Aarnio <Lauri.Aarnio@iki.fi>2008-10-24 13:24:18 +0300
committerLauri Leukkunen <lle@rahina.org>2008-10-25 15:22:48 +0300
commit5ce715576032c159cb36abd9f203a6d8678e3254 (patch)
treeb841518b407601cbaece085312907a28a9b4e803
parent5c3bcf8ea94caa026ce756553eb381e64369cb1c (diff)
Fixed exec policy based setting of LD_LIBRARY_PATH for native applications - new attributes "native_app_ld_library_path_prefix" and "native_app_ld_library_path_suffix" are available - "emulate" mode works better now when target architecture == host arch and libsb2.so has not been installed to target_root. (native applications, "emulate" mode)
-rw-r--r--lua_scripts/argvenvp.lua101
-rw-r--r--lua_scripts/pathmaps/emulate/00_default.lua14
2 files changed, 96 insertions, 19 deletions
diff --git a/lua_scripts/argvenvp.lua b/lua_scripts/argvenvp.lua
index 09da79b..ca6d90b 100644
--- a/lua_scripts/argvenvp.lua
+++ b/lua_scripts/argvenvp.lua
@@ -104,6 +104,81 @@ function sbox_execve_preprocess(filename, argv, envp)
end
-- ------------------------------------
+
+function locate_ld_library_path(envp)
+ local k
+ for k = 1, table.maxn(envp) do
+ if (string.match(envp[k], "^LD_LIBRARY_PATH=")) then
+ return k
+ end
+ end
+ return -1
+end
+
+-- Return path to be used as LD_LIBRARY_PATH for native applications
+--
+function get_native_app_ld_library_path(exec_policy, envp)
+
+ -- attribute "native_app_ld_library_path" overrides everything else:
+ if (exec_policy.native_app_ld_library_path ~= nil) then
+ return exec_policy.native_app_ld_library_path
+ end
+
+ -- attributes "native_app_ld_library_path_prefix" and
+ -- "native_app_ld_library_path_suffix" extend the old value:
+ if ((exec_policy.native_app_ld_library_path_prefix ~= nil) or
+ (exec_policy.native_app_ld_library_path_suffix ~= nil)) then
+ local ld_library_path_index = locate_ld_library_path(envp)
+ local libpath = nil
+ if ld_library_path_index > 0 then
+ libpath = string.gsub(envp[ld_library_path_index],
+ "^LD_LIBRARY_PATH=", "", 1)
+ end
+ if (exec_policy.native_app_ld_library_path_prefix ~= nil) then
+ if libpath ~= nil then
+ libpath = exec_policy.native_app_ld_library_path_prefix ..
+ ":" .. libpath
+ else
+ libpath = exec_policy.native_app_ld_library_path_prefix
+ end
+ end
+ if (exec_policy.native_app_ld_library_path_suffix ~= nil) then
+ if libpath ~= nil then
+ libpath = libpath .. ":" ..
+ exec_policy.native_app_ld_library_path_suffix
+ else
+ libpath = exec_policy.native_app_ld_library_path_suffix
+ end
+ end
+ return libpath
+ end
+
+ return nil
+end
+
+-- Set LD_LIBRARY_PATH: modifies "envp"
+--
+function setenv_native_app_ld_library_path(exec_policy, envp)
+
+ local ld_library_path_index = locate_ld_library_path(envp)
+ local new_path = get_native_app_ld_library_path(exec_policy, envp)
+
+ -- Set the value:
+ if (new_path ~= nil) then
+ if (ld_library_path_index > 0) then
+ envp[ld_library_path_index] =
+ "LD_LIBRARY_PATH=" .. new_path
+ sb.log("debug", "Replaced LD_LIBRARY_PATH")
+ else
+ table.insert(envp, "LD_LIBRARY_PATH=" .. new_path)
+ sb.log("debug", "Added LD_LIBRARY_PATH")
+ end
+ else
+ sb.log("debug", "No value for LD_LIBRARY_PATH")
+ end
+end
+
+-- ------------------------------------
-- Exec postprocessing.
-- function sb_execve_postprocess is called to decide HOW the executable
-- should be started (see description of the algorithm in sb_exec.c)
@@ -143,9 +218,11 @@ function sb_execve_postprocess_native_executable(rule, exec_policy,
new_mapped_file = exec_policy.native_app_ld_so
table.insert(new_argv, exec_policy.native_app_ld_so)
- if (exec_policy.native_app_ld_library_path ~= nil) then
+ local ld_lib_path = get_native_app_ld_library_path(
+ exec_policy, new_envp)
+ if (ld_lib_path ~= nil) then
table.insert(new_argv, "--library-path")
- table.insert(new_argv, exec_policy.native_app_ld_library_path)
+ table.insert(new_argv, ld_lib_path)
end
-- NOTE/WARNING: The default ld.so (ld-linux.so) will loose
@@ -170,23 +247,11 @@ function sb_execve_postprocess_native_executable(rule, exec_policy,
first_argv_element_to_copy = 2
updated_args = 1
- elseif (exec_policy.native_app_ld_library_path ~= nil) then
+ elseif ((exec_policy.native_app_ld_library_path ~= nil) or
+ (exec_policy.native_app_ld_library_path_prefix ~= nil) or
+ (exec_policy.native_app_ld_library_path_suffix ~= nil)) then
-- Start the binary with a nonstandard LD_LIBRARY_PATH
- local lib_path_found = 0
- for j = 1, table.maxn(new_envp) do
- if (string.match(new_envp[j], "^LD_LIBRARY_PATH=")) then
- new_envp[j] = exec_policy.native_app_ld_library_path
- sb.log("debug", string.format(
- "Replaced LD_LIBRARY_PATH=%s",
- new_envp[j]))
- local lib_path_found = 1
- end
- end
- if (lib_path_found == 0) then
- table.insert(new_envp,
- "LD_LIBRARY_PATH="..exec_policy.native_app_ld_library_path)
- sb.log("debug", "Added LD_LIBRARY_PATH")
- end
+ setenv_native_app_ld_library_path(exec_policy, new_envp)
updated_args = 1
end
diff --git a/lua_scripts/pathmaps/emulate/00_default.lua b/lua_scripts/pathmaps/emulate/00_default.lua
index 3aba9a4..a92d790 100644
--- a/lua_scripts/pathmaps/emulate/00_default.lua
+++ b/lua_scripts/pathmaps/emulate/00_default.lua
@@ -83,6 +83,9 @@ default_exec_policy = {
emulate_mode_target_ld_so = nil -- default = not needed
emulate_mode_target_ld_library_path = nil -- default = not needed
+-- used if libsb2.so is not available in target_root:
+emulate_mode_target_ld_library_path_suffix = nil
+
if (conf_target_sb2_installed) then
if (conf_target_ld_so ~= nil) then
-- use dynamic libraries from target,
@@ -95,6 +98,8 @@ if (conf_target_sb2_installed) then
-- to emulate_mode_target_ld_library_path just before exec.
-- This has not been done yet.
end
+else
+ emulate_mode_target_ld_library_path_suffix = conf_target_ld_so_library_path
end
local exec_policy_target = {
@@ -103,6 +108,8 @@ local exec_policy_target = {
native_app_ld_so_supports_argv0 = conf_target_ld_so_supports_argv0,
native_app_ld_library_path = emulate_mode_target_ld_library_path,
+ native_app_ld_library_path_suffix = emulate_mode_target_ld_library_path_suffix,
+
native_app_locale_path = conf_target_locale_path,
native_app_message_catalog_prefix = conf_target_message_catalog_prefix,
}
@@ -112,7 +119,12 @@ all_exec_policies_chain = {
next_chain = nil,
binary = nil,
rules = {
- { prefix = target_root, exec_policy = exec_policy_target },
+ -- the home directory is expected to contain target binaries:
+ {prefix = sbox_user_home_dir, exec_policy = exec_policy_target},
+
+ -- Target binaries:
+ {prefix = target_root, exec_policy = exec_policy_target},
+
-- DEFAULT RULE (must exist):
{prefix = "/", exec_policy = default_exec_policy}