Age | Commit message (Collapse) | Author | Files | Lines |
|
Execution of target binaries (with qemu) is now handled by the exec postprocessor in lua_scripts/argvenvp.lua, just like what has been used for native binaries. - If the CPU transparency method is "sbrsh", postprocessing is not used, but the old code in sb_exec.c is still applied; this will be changed later by another commit - "sb2" script tests if the Qemu knows about "-0" and "-E" options; the exec posprocessor uses them if they are available: - option -0 is used to preserve exec semantics. Without it argv[0] will be overwritten with the file name (and it is not always the same thing) - option -E is used to inject environment variables to qemu's emulated environment. "prelink" won't work without this trick. both options were implemented for Maemo SDK+, and are present in their patched qemu. - These changes were originally written by Mika Westerberg and Pas
|
|
which was caused by first clearing the environment and then executing another program; execution escaped from sb2. - Environment variables SBOX_SESSION_DIR, LD_PRELOAD and LD_LIBRARY_PATH are vital to sb2. Changed the way how these are handle by do_exec: - SBOX_SESSION_DIR can not be modified or removed at all from the environment - Original values of LD_PRELOAD and LD_LIBRARY_PATH are restored to the environment if those vars have been removed. - This commit also fixes a bug in uname() which was introduced by my last commit (sorry!)
|
|
SBOX_UNAME_MACHINE, SBOX_CPUTRANSPARENCY_METHOD, SBOX_CPU
|
|
|
|
introduces a new C function, sb2__read_string_variable_from_lua__(), which can be used to replace getenv() for variables that have been moved or will be moved away from environment
|
|
not anymore load all mapping modes to memory, only the rules of the selected mode will be loaded. Rules will be copied to $SBOX_SESSION_DIR/rules.lua at startup. - There is a new "-M" option to sb2, which can be used to provide direct path to the mapping rule file (so that rules don't have to be under $SBOX_LUA_SCRIPTS/pathmaps anymore) - sb2 now creates a new configuration file, $SBOX_SESSION_DIR/sb2-session.conf That file will be used to pass per-session information about sb2's environment to the various child processes; we have had far too many environment variables in use. Currently "sbox_mapmode" is the only thing passed via the new file, but other environment variables will follow.. - This should have a positive effect on performance, too.
|
|
(ld-linux.so.2) fails to execute dynamically linked programs (segfaults!), when called explicitly and stack limit has been set to infinity. This can be demonstrated by "ulimit -s unlimited; /lib/ld-linux.so /bin/bash" on ubuntu "hardy". - GNU make triggers this problem; it sets stack limit to infinity.. - This patch provides a workaround by wrapping the "setrlimit" calls, recording stack limit, and restoring the limit before exec is called.
|
|
be used to define how native binaries are started: For example, the tools that are used from "tools_root" may need to load dynamic libraries from nonstandard locations and/or use a nonstandard ld.so; also, if the target architecture is the same as the host architecture, binaries may also need special settings and a special ld.so. - These features are off by default, but can be taken into use by installing a libsb2.so to tools_root (or to the rootstrap, if target arch.==host arch) - NOTE/WARNING: These features are currently off because the current ld.so (which is part of glibc) is not fully transparent to the application. See comments in the source for a longer explanation of this.
|
|
|
|
|
|
|
|
|
|
mapping /tmp. Previously, /tmp was not mapped and in fact it was not possible map it because there were some functions (tmpnam(), mktemp(), mkdtemp() etc) that caused trouble if somebody attempted to map /tmp.
|
|
|
|
postprocessors can be used to copy modifications back from the mapped arguments to original arguments
|
|
|
|
superset of all exec functions, exported by libsb2.
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
Semantics of elf_hdr_match() was changed in the process: it now returns
a truth value.
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
Signed-off-by: Timo Savola <tsavola@movial.fi>
|
|
- Execution of host-gcc and other host-* tools failed when SBOX_TOOLS_ROOT
was set, because do_exec() did not check if the exec mangling code
disabled all mapping; it tried to start gcc from SBOX_TOOLS_ROOT and not
from the host (which of course failed, because rest of the universe didn't
come from SBOX_TOOLS_ROOT)
|
|
- The glob* functions used to be wrapped (the "pattern" parameter was
mapped by SB2), but that is a less-than-perfect solution because mapping
the pattern caused strange out-out-expectations results to be returned
(which caused problems with GNU Make, which uses glob() quite extensively).
The right thing to do is to include private implementations of the glob*
functions to SB2, so that the mapping happens at lower levels (e.g. in the
opendir() etc. functions used by glob).
- The replacements for glob() and glob64() were copied from glibc2.7. Some
minor modifications were needed to make them compile correctly in this
context.
- WARNING: Because the replacements were copied from glibc, and the interface to
the glob functions includes flags etc., SB2 is now somewhat bound to
glibc-based systems. The old less-than-perfect solution is still included
in the sources and can be enabled by defining SB2_WRAP_GLOB macro when
compiling, if SB2 needs to be used on a non-glibc host.
|
|
This commit fixes problems that were caused by intermediate symlinks,
that is, symlinks to directories inside longer paths.
Previously those were not mapped at all, which caused nasty unexpected
escapes from the SB2-sandboxed environment. Handling symlinks correctly
is a complex task which involved implementing a replacement for the
path resolution algorithm of the OS, and required many bigger and smaller
chenges to various modules of SB2.
Other notable changes: wrappers for glob() and glob64() were simplified as
part of the refactoring process. Re-implementing the path resolution code
pointed out that glob() did not work as it should do, when the pattern pointed
to a mapped destination. there might still be problems related to absolute
patterns.
|
|
- This commit adds initial support for handling Unix domain socket
addresses in bind() and connect(). Other socket API calls have not yet
been examined, there might be other needs for mapping, too.
- NOTE: Max. address (=path) length in the sockaddr_un structure is
usually quite short, when compared to the max.filename length. This may
present problems, because the mapped paths are usually much longer than the
original path was, but at least such cases are now logged ("error" level)
|
|
- changed the interface generator to restore the original value of "errno"
after path mapping has been done.
|
|
- if the path to the executable was a symlink which pointed to a file
which was mapped, run_hashbang() accidently changed the name of the
executable; first parameter to the exec*() needs to be name of the symlink,
not contents of the symlink. run_hashbang() used to work only if the path
was not mapped, now it works also for mapped paths to scripts.
|
|
- the new path name array to the real fts_open() is now properly
terminated by a NULL pointer.
|
|
- Using libpthread unconditionally caused crashes (segfaults inside
libstdc++, etc). This changes the preload library to use functions from
the pthread library only if they are available, and removes automatic
loading of that library (Full explanation can be found from luaif.c)
|
|
- level "debug": shows if argv and/or envp has been changed
- level "noise": as above + logs all components of modified
string vectors.
- added SB_LOG_IS_ACTIVE(level) macro for testing if logging
has been enabled
|
|
It is now possible to add "readonly = true" to any mapping rule, and
the generated interface will then return an error code for any function
which is trying to modify the filesystem: The interface functions do not
call the real functions at all in this case, instead they will
return an error code (typically -1 for system calls, NULL for fopen() etc).
Also, errno will been set to appropriate value, typically to EROFS.
Other modifications:
- Added wrappers for fhchmod() [all platforms],
and chflags(), getattrlist(), and setattrlist [Mac OS X - untested!]
- Modified many of the wrapper specifications in interface.master
(hopefully found all functions that may modify the filesystem :-)
- Added new logging level "NOTICE", used for logging interface-generated
"read only errors"
- sb2-show now displays if the target has been marked "readonly" by the rules
- sb2-logz knows about "notice" messages
- added two new modifiers to gen-interface.pl (without these this R/O-thing
would not be possible at all)
- some minor code cleanups
|
|
- wrapper for eaccess() was missing, and that caused the built-in "test"
of bash to fail.
|
|
Generated code can now log the return value (if the value is an int, long,
or pointer). Errno values and changes are also logged. This works for
all wrappers and gates.
The log level is defined in interface.master (by a new LOGLEVEL command).
Currently it is "noise" for all generated functions, so "-L noise" flag
needs to be given to "sb2" to make these new messages visible.
|
|
- new option "-Q BUGLIST" to sb2 (ex. sb2 -Q x)
- currently this can emulate:
x: scratchbox1 didn't check X-permission of files correctly,
|
|
stop the madness!
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Simply edit your target.config:
export SBOX_CPUTRANSPARENCY_METHOD="/home/lleukkun/scratchbox2/bin/qemu-arm -s 512"
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Now it can be included by itself with no dependency to libsb2.h.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
sb2-show allows you to inspect how path/argv/envp mangling
would be done for a given binary. Patch by
lauri.t.aarnio@nokia.com, somewhat cleaned up by
lle@rahina.org.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
- added sb2logz, which extracts information from logs and produces summaries
- general: log format changed (each line now contains log level, too)
- *.c: log messages which are needed by sb2logz are now at INFO level
- interface.master & libsb2.c: Added gates to _exit() and _Exit(),
so that exit status can be logged
- sb_exec.c: bugfix: sb_execve_mod() returns nonzero if error, not zero
- sb2: location of log files changed: logs now go to ~/sb2_logs/,
and initial environment is printed to the log file
|
|
(the result was that not all functions were wrapped)
|
|
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
This is not tested properly on amd64 host, but does fix the obvious
problems.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Still bombs out randomly for no apparent reason.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
* Adds endian string suffix checking (sh4eb now ok).
* Adds code to check endian in the elf header.
* Makes sure host binary really is a host binary - prevents
executing sh4eb as host on sh4 target.
Patch by Magnus Damm <magnus.damm@gmail.com>
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
This allows controlling build environment independently of
the host.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|
|
All need to have HAVE_ as prefix. This caused many functions not to
be built at all, ever.
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
|