diff options
| author | Lauri Aarnio <Lauri.Aarnio@iki.fi> | 2008-10-29 00:34:28 +0200 |
|---|---|---|
| committer | Lauri Leukkunen <lle@rahina.org> | 2008-11-02 18:59:55 +0200 |
| commit | a7357a2051b7d0835f5dc00153a084846d06df43 (patch) | |
| tree | 4a9adcbbf61a3e93330888df4c281f59bf059e02 /lua_scripts/argvenvp.lua | |
| parent | 44f6d26ad3ada48458f30a4347d308d3d0110aa8 (diff) | |
More fixes to gcc tools exec preprocesing - My previous patch was simply too simple...
Diffstat (limited to 'lua_scripts/argvenvp.lua')
| -rw-r--r-- | lua_scripts/argvenvp.lua | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/lua_scripts/argvenvp.lua b/lua_scripts/argvenvp.lua index 3ea7284..4bde158 100644 --- a/lua_scripts/argvenvp.lua +++ b/lua_scripts/argvenvp.lua @@ -19,13 +19,14 @@ end -- -- rule = { -- name = "binary-name", +-- path_prefixes = {"/list/of", "/possible/path/prefixes"}, -- add_head = {"list", "of", "args", "to", "prepend"}, -- add_tail = {"these", "are", "appended"}, -- remove = {"args", "to", "remove"}, -- new_filename = "exec-this-binary-instead", -- disable_mapping = 1 -- set this to disable mappings -- } --- argvmods["/path/prefix/to/tool/"..rule.name] = rule +-- argvmods[rule.name] = rule -- -- Environment modifications are not supported yet, except for disabling -- mappings. @@ -37,9 +38,10 @@ end dpkg_architecture = { name = "dpkg-architecture", + path_prefixes = {"/usr/bin/"}, remove = {"-f"} } -argvmods["/usr/bin/"..dpkg_architecture.name] = dpkg_architecture +argvmods[dpkg_architecture.name] = dpkg_architecture -- ------------------------------------ -- Exec preprocessing. @@ -52,6 +54,7 @@ argvmods["/usr/bin/"..dpkg_architecture.name] = dpkg_architecture function sbox_execve_preprocess(filename, argv, envp) local new_argv = {} local new_envp = {} + local binaryname = string.match(filename, "[^/]+$") local new_filename = filename if (debug_messages_enabled) then @@ -61,12 +64,25 @@ function sbox_execve_preprocess(filename, argv, envp) new_envp = envp - local am = argvmods[filename] - if (am and not am.remove) then am.remove = {} end - if (am and not am.add_head) then am.add_head = {} end - if (am and not am.add_tail) then am.add_tail = {} end + local am = argvmods[binaryname] + if (am ~= nil) then + local prefix_match_found = false + for i = 1, table.maxn(am.path_prefixes) do + if isprefix(am.path_prefixes[i], filename) then + prefix_match_found = true + break + end + end + if (not prefix_match_found) then + am = nil + end + end if (am ~= nil) then + if (not am.remove) then am.remove = {} end + if (not am.add_head) then am.add_head = {} end + if (not am.add_tail) then am.add_tail = {} end + if (debug_messages_enabled) then sb.log("debug", string.format( "argvmods[%s] found\n", filename)) |