diff options
| author | Lauri Aarnio <Lauri.Aarnio@iki.fi> | 2009-01-29 19:31:22 +0200 |
|---|---|---|
| committer | Lauri Leukkunen <lle@rahina.org> | 2009-02-10 08:38:10 +0200 |
| commit | 1cdc38fbc7884e1cecbcb116ba850ddac2ab10e4 (patch) | |
| tree | 0cc0a197a54a3406bb761406240ef1043699dc79 /lua_scripts | |
| parent | 31eb133d84f24ef1e0f888317a3a9a0c94729222 (diff) | |
Simplified support for SBOX_REDIRECT_IGNORE environment variable
"SBOX_REDIRECT_IGNORE" is a feature from the old scratchbox 1: It can
be used to disable redirection of various paths during exec. This commit
adds a simplified, mostly compatible support to SB2. Since we don't have
a similar "redirector" as what the old SB1 had, this feature is implemented
by some special mapping rules in the devel mode and is only available
for two programs: : redirection of /usr/bin/perl and /usr/bin/python can
be disabled by this. For example, setting
SBOX_REDIRECT_IGNORE=/usr/bin/perl:/usr/bin/python
will force these two programs to be mapped to the rootstrap (while the
default is still to map them to tools_root)
Also included: new conditional action 'if_redirect_ignore_is_active = "path"'
makes all this possible (added to the rule execution engine in mapping.lua).
Diffstat (limited to 'lua_scripts')
| -rw-r--r-- | lua_scripts/mapping.lua | 7 | ||||
| -rw-r--r-- | lua_scripts/pathmaps/devel/00_default.lua | 8 |
2 files changed, 13 insertions, 2 deletions
diff --git a/lua_scripts/mapping.lua b/lua_scripts/mapping.lua index b70c632..629bbaf 100644 --- a/lua_scripts/mapping.lua +++ b/lua_scripts/mapping.lua @@ -339,6 +339,13 @@ function sbox_execute_conditional_actions(binary_name, return sbox_execute_rule(binary_name, func_name, rp, path, rule_cand) end + elseif (rule_cand.if_redirect_ignore_is_active) then + if (sb.test_redirect_ignore( + rule_cand.if_redirect_ignore_is_active)) then + + return sbox_execute_rule(binary_name, + func_name, rp, path, rule_cand) + end else -- there MUST BE unconditional actions: if (rule_cand.use_orig_path diff --git a/lua_scripts/pathmaps/devel/00_default.lua b/lua_scripts/pathmaps/devel/00_default.lua index 09daadf..ceb7b2a 100644 --- a/lua_scripts/pathmaps/devel/00_default.lua +++ b/lua_scripts/pathmaps/devel/00_default.lua @@ -123,12 +123,16 @@ perl_lib_test = { } perl_bin_test = { + { if_redirect_ignore_is_active = "/usr/bin/perl", + map_to = target_root, readonly = true }, { if_active_exec_policy_is = "Rootstrap", map_to = target_root, readonly = true }, { map_to = tools, readonly = true } } python_bin_test = { + { if_redirect_ignore_is_active = "/usr/bin/python", + map_to = target_root, readonly = true }, { if_active_exec_policy_is = "Rootstrap", map_to = target_root, readonly = true }, { map_to = tools, readonly = true } @@ -327,8 +331,8 @@ devel_mode_rules_usr_bin = { readonly = true}, -- 19. perl & python: - -- processing depends on the - -- name of the current mapping mode. + -- processing depends on SBOX_REDIRECT_IGNORE and + -- name of the current mapping mode. -- (these are real prefixes, version number may -- be included in the name (/usr/bin/python2.5 etc)) {prefix = "/usr/bin/perl", actions = perl_bin_test}, |