diff options
| -rw-r--r-- | lua_scripts/argvenvp.lua | 28 | ||||
| -rw-r--r-- | lua_scripts/argvenvp_gcc.lua | 14 |
2 files changed, 32 insertions, 10 deletions
diff --git a/lua_scripts/argvenvp.lua b/lua_scripts/argvenvp.lua index 3ea7284..4bde158 100644 --- a/lua_scripts/argvenvp.lua +++ b/lua_scripts/argvenvp.lua @@ -19,13 +19,14 @@ end -- -- rule = { -- name = "binary-name", +-- path_prefixes = {"/list/of", "/possible/path/prefixes"}, -- add_head = {"list", "of", "args", "to", "prepend"}, -- add_tail = {"these", "are", "appended"}, -- remove = {"args", "to", "remove"}, -- new_filename = "exec-this-binary-instead", -- disable_mapping = 1 -- set this to disable mappings -- } --- argvmods["/path/prefix/to/tool/"..rule.name] = rule +-- argvmods[rule.name] = rule -- -- Environment modifications are not supported yet, except for disabling -- mappings. @@ -37,9 +38,10 @@ end dpkg_architecture = { name = "dpkg-architecture", + path_prefixes = {"/usr/bin/"}, remove = {"-f"} } -argvmods["/usr/bin/"..dpkg_architecture.name] = dpkg_architecture +argvmods[dpkg_architecture.name] = dpkg_architecture -- ------------------------------------ -- Exec preprocessing. @@ -52,6 +54,7 @@ argvmods["/usr/bin/"..dpkg_architecture.name] = dpkg_architecture function sbox_execve_preprocess(filename, argv, envp) local new_argv = {} local new_envp = {} + local binaryname = string.match(filename, "[^/]+$") local new_filename = filename if (debug_messages_enabled) then @@ -61,12 +64,25 @@ function sbox_execve_preprocess(filename, argv, envp) new_envp = envp - local am = argvmods[filename] - if (am and not am.remove) then am.remove = {} end - if (am and not am.add_head) then am.add_head = {} end - if (am and not am.add_tail) then am.add_tail = {} end + local am = argvmods[binaryname] + if (am ~= nil) then + local prefix_match_found = false + for i = 1, table.maxn(am.path_prefixes) do + if isprefix(am.path_prefixes[i], filename) then + prefix_match_found = true + break + end + end + if (not prefix_match_found) then + am = nil + end + end if (am ~= nil) then + if (not am.remove) then am.remove = {} end + if (not am.add_head) then am.add_head = {} end + if (not am.add_tail) then am.add_tail = {} end + if (debug_messages_enabled) then sb.log("debug", string.format( "argvmods[%s] found\n", filename)) diff --git a/lua_scripts/argvenvp_gcc.lua b/lua_scripts/argvenvp_gcc.lua index 160d527..4e444c8 100644 --- a/lua_scripts/argvenvp_gcc.lua +++ b/lua_scripts/argvenvp_gcc.lua @@ -43,11 +43,17 @@ gcc_tools = { "strip" } -function register_gcc_component_path(tmp) - -- currently all gcc tools (that we are going to process) live in /usr/bin - local full_path = "/usr/bin/" .. tmp.name +-- currently all gcc tools that we are going to replace live in /usr/bin, +-- but these tools may call other tools from the same set (e.g. "gcc" calls +-- "ld", etc) +gcc_tools_path_prefixes = { + "/usr/bin/", + sbox_cross_gcc_dir +} - argvmods[full_path] = tmp +function register_gcc_component_path(tmp) + tmp.path_prefixes = gcc_tools_path_prefixes + argvmods[tmp.name] = tmp end function gcc_compiler_arg_mods(tmp) |