diff options
| author | Lauri Aarnio <Lauri.Aarnio@iki.fi> | 2009-01-29 19:31:22 +0200 |
|---|---|---|
| committer | Lauri Leukkunen <lle@rahina.org> | 2009-02-10 08:38:10 +0200 |
| commit | 1cdc38fbc7884e1cecbcb116ba850ddac2ab10e4 (patch) | |
| tree | 0cc0a197a54a3406bb761406240ef1043699dc79 /luaif | |
| parent | 31eb133d84f24ef1e0f888317a3a9a0c94729222 (diff) | |
Simplified support for SBOX_REDIRECT_IGNORE environment variable
"SBOX_REDIRECT_IGNORE" is a feature from the old scratchbox 1: It can
be used to disable redirection of various paths during exec. This commit
adds a simplified, mostly compatible support to SB2. Since we don't have
a similar "redirector" as what the old SB1 had, this feature is implemented
by some special mapping rules in the devel mode and is only available
for two programs: : redirection of /usr/bin/perl and /usr/bin/python can
be disabled by this. For example, setting
SBOX_REDIRECT_IGNORE=/usr/bin/perl:/usr/bin/python
will force these two programs to be mapped to the rootstrap (while the
default is still to map them to tools_root)
Also included: new conditional action 'if_redirect_ignore_is_active = "path"'
makes all this possible (added to the rule execution engine in mapping.lua).
Diffstat (limited to 'luaif')
| -rw-r--r-- | luaif/luaif.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/luaif/luaif.c b/luaif/luaif.c index e6f8b25..2801bdd 100644 --- a/luaif/luaif.c +++ b/luaif/luaif.c @@ -764,6 +764,58 @@ static int lua_sb_procfs_mapping_request(lua_State *l) return 1; } +/* "sb.test_redirect_ignore", to be called from lua code + * Parameters (in stack): + * 1. string: unmapped path + * Returns (in stack): + * 1. flag (boolean): true if the path is listed in environment + * variable "SBOX_REDIRECT_IGNORE", false otherwise + * + * Note: It would be nice if the value of SBOX_REDIRECT_IGNORE could be + * cached, but it can't; it can be changed by the current process. +*/ +static int lua_sb_test_redirect_ignore(lua_State *l) +{ + char *env_sbox_redirect_ignore = NULL; + int result = 0; /* boolean; default result is "false" */ + int n; + const char *path = NULL; + char *tok = NULL; + char *tok_state = NULL; + + n = lua_gettop(l); + if (n != 1) { + SB_LOG(SB_LOGLEVEL_DEBUG, "lua_sb_test_redirect_ignore FAILS: lua_gettop = %d", n); + goto out; + } + + env_sbox_redirect_ignore = getenv("SBOX_REDIRECT_IGNORE"); + if (!env_sbox_redirect_ignore) { + SB_LOG(SB_LOGLEVEL_DEBUG, "no SBOX_REDIRECT_IGNORE"); + goto out; + } + env_sbox_redirect_ignore = strdup(env_sbox_redirect_ignore); + SB_LOG(SB_LOGLEVEL_DEBUG, "SBOX_REDIRECT_IGNORE is '%s'", + env_sbox_redirect_ignore); + + path = lua_tostring(l, 1); + if (!path) goto out; + + tok = strtok_r(env_sbox_redirect_ignore, ":", &tok_state); + while (tok) { + result = !strcmp(path, tok); + if (result) goto out; /* return if matched */ + tok = strtok_r(NULL, ":", &tok_state); + } + + out: + if (env_sbox_redirect_ignore) free(env_sbox_redirect_ignore); + lua_pushboolean(l, result); + SB_LOG(SB_LOGLEVEL_DEBUG, "lua_sb_test_redirect_ignore(%s) => %d", + path, result); + return 1; +} + /* mappings from c to lua */ static const luaL_reg reg[] = { @@ -786,6 +838,7 @@ static const luaL_reg reg[] = {"isprefix", lua_sb_isprefix}, {"test_path_match", lua_sb_test_path_match}, {"procfs_mapping_request", lua_sb_procfs_mapping_request}, + {"test_redirect_ignore", lua_sb_test_redirect_ignore}, {NULL, NULL} }; |