diff options
| author | Lauri Aarnio <Lauri.Aarnio@iki.fi> | 2008-01-29 07:29:02 +0200 |
|---|---|---|
| committer | Lauri Leukkunen <lle@rahina.org> | 2008-01-31 10:12:20 +0200 |
| commit | 8e45a618a9bec1998982e5bf9bbf733b4413d24a (patch) | |
| tree | 757e64a3870ba95fad4451be4589cb6e19286ffb /lua_scripts/mapping.lua | |
| parent | 79e5131f3d04b38fbba227a6e3057032b863a111 (diff) | |
Introduced R/O mapping mode.
It is now possible to add "readonly = true" to any mapping rule, and
the generated interface will then return an error code for any function
which is trying to modify the filesystem: The interface functions do not
call the real functions at all in this case, instead they will
return an error code (typically -1 for system calls, NULL for fopen() etc).
Also, errno will been set to appropriate value, typically to EROFS.
Other modifications:
- Added wrappers for fhchmod() [all platforms],
and chflags(), getattrlist(), and setattrlist [Mac OS X - untested!]
- Modified many of the wrapper specifications in interface.master
(hopefully found all functions that may modify the filesystem :-)
- Added new logging level "NOTICE", used for logging interface-generated
"read only errors"
- sb2-show now displays if the target has been marked "readonly" by the rules
- sb2-logz knows about "notice" messages
- added two new modifiers to gen-interface.pl (without these this R/O-thing
would not be possible at all)
- some minor code cleanups
Diffstat (limited to 'lua_scripts/mapping.lua')
| -rw-r--r-- | lua_scripts/mapping.lua | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lua_scripts/mapping.lua b/lua_scripts/mapping.lua index f4f0ebb..63ccc01 100644 --- a/lua_scripts/mapping.lua +++ b/lua_scripts/mapping.lua @@ -276,12 +276,13 @@ function map_using_chain(chain, binary_name, func_name, work_dir, path) local ret = path local rp = path local rule = nil + local readonly_flag = false rule = find_rule(chain, func_name, rp) if (not rule) then -- error, not even a default rule found sb.log("error", string.format("Unable to find a match at all: %s(%s)", func_name, path)) - return path + return path, readonly_flag end if (rule.custom_map_func ~= nil) then ret = rule.custom_map_func(binary_name, func_name, work_dir, rp, path, rules[n]) @@ -295,12 +296,16 @@ function map_using_chain(chain, binary_name, func_name, work_dir, path) end end end - return ret + if (rule.readonly ~= nil) then + readonly_flag = rule.readonly + end + return ret, readonly_flag end -- sbox_translate_path is the function called from libsb2.so -- preload library and the FUSE system for each path that needs -- translating +-- returns path and the "readonly" flag function sbox_translate_path(mapping_mode, binary_name, func_name, work_dir, path) -- loop through the chains, first match is used for n=1,table.maxn(modes[mapping_mode].chains) do @@ -314,6 +319,6 @@ function sbox_translate_path(mapping_mode, binary_name, func_name, work_dir, pat sb.log("error", string.format("[-][-] %s(%s) [MAPPING FAILED]", func_name, path)) - return path + return path, false end |