diff options
| author | Lauri Aarnio <Lauri.Aarnio@iki.fi> | 2009-02-03 15:18:54 +0200 |
|---|---|---|
| committer | Lauri Leukkunen <lle@rahina.org> | 2009-02-10 08:38:11 +0200 |
| commit | 21853e7a6b5f51270c6673158086bbf4d9805452 (patch) | |
| tree | 1428f218c84e40b31cad89815a151222b246e78f /lua_scripts | |
| parent | 4dc080690c7900c298def5c8ba6a89860a17f4a1 (diff) | |
Added support for SBOX_REDIRECT_FORCE environment variable
- This is practically the opposite of SBOX_REDIRECT_IGNORE.
- Devel mode: including /usr/bin/perl and/or /usr/bin/python in
SBOX_REDIRECT_FORCE will force perl and/or python to be taken from tools
(the default is to map these to target_root).
- Note that if SBOX_REDIRECT_IGNORE and SBOX_REDIRECT_FORCE are both
active at the same time, SBOX_REDIRECT_IGNORE will have priority.
Diffstat (limited to 'lua_scripts')
| -rw-r--r-- | lua_scripts/main.lua | 2 | ||||
| -rw-r--r-- | lua_scripts/mapping.lua | 13 | ||||
| -rw-r--r-- | lua_scripts/pathmaps/devel/00_default.lua | 7 |
3 files changed, 18 insertions, 4 deletions
diff --git a/lua_scripts/main.lua b/lua_scripts/main.lua index a9ca58a..f338386 100644 --- a/lua_scripts/main.lua +++ b/lua_scripts/main.lua @@ -15,7 +15,7 @@ debug_messages_enabled = sb.debug_messages_enabled() -- -- NOTE: the corresponding identifier for C is in include/sb2.h, -- see that file for description about differences -sb2_lua_c_interface_version = "61" +sb2_lua_c_interface_version = "62" function do_file(filename) if (debug_messages_enabled) then diff --git a/lua_scripts/mapping.lua b/lua_scripts/mapping.lua index b97e57a..e4240ea 100644 --- a/lua_scripts/mapping.lua +++ b/lua_scripts/mapping.lua @@ -340,8 +340,17 @@ function sbox_execute_conditional_actions(binary_name, func_name, rp, path, rule_cand) end elseif (rule_cand.if_redirect_ignore_is_active) then - if (sb.test_redirect_ignore( - rule_cand.if_redirect_ignore_is_active)) then + if (sb.test_if_listed_in_envvar( + rule_cand.if_redirect_ignore_is_active, + "SBOX_REDIRECT_IGNORE")) then + + return sbox_execute_rule(binary_name, + func_name, rp, path, rule_cand) + end + elseif (rule_cand.if_redirect_force_is_active) then + if (sb.test_if_listed_in_envvar( + rule_cand.if_redirect_force_is_active, + "SBOX_REDIRECT_FORCE")) then return sbox_execute_rule(binary_name, func_name, rp, path, rule_cand) diff --git a/lua_scripts/pathmaps/devel/00_default.lua b/lua_scripts/pathmaps/devel/00_default.lua index 8535029..80b63e7 100644 --- a/lua_scripts/pathmaps/devel/00_default.lua +++ b/lua_scripts/pathmaps/devel/00_default.lua @@ -161,6 +161,8 @@ perl_lib_test = { perl_bin_test = { { if_redirect_ignore_is_active = "/usr/bin/perl", map_to = target_root, readonly = true }, + { if_redirect_force_is_active = "/usr/bin/perl", + map_to = tools, readonly = true }, { if_active_exec_policy_is = "Rootstrap", map_to = target_root, readonly = true }, { if_active_exec_policy_is = "Tools-perl", @@ -171,6 +173,8 @@ perl_bin_test = { python_bin_test = { { if_redirect_ignore_is_active = "/usr/bin/python", map_to = target_root, readonly = true }, + { if_redirect_force_is_active = "/usr/bin/python", + map_to = tools, readonly = true }, { if_active_exec_policy_is = "Rootstrap", map_to = target_root, readonly = true }, { if_active_exec_policy_is = "Tools-python", @@ -376,7 +380,8 @@ devel_mode_rules_usr_bin = { readonly = true}, -- 19. perl & python: - -- processing depends on SBOX_REDIRECT_IGNORE and + -- processing depends on SBOX_REDIRECT_IGNORE, + -- SBOX_REDIRECT_FORCE and -- name of the current mapping mode. -- (these are real prefixes, version number may -- be included in the name (/usr/bin/python2.5 etc)) |