summaryrefslogtreecommitdiff
path: root/preload
AgeCommit message (Collapse)AuthorFilesLines
2008-09-27CPU transparency changes: Qemu is now handled by an exec postprocessor - ↵Lauri Aarnio1-15/+50
Execution of target binaries (with qemu) is now handled by the exec postprocessor in lua_scripts/argvenvp.lua, just like what has been used for native binaries. - If the CPU transparency method is "sbrsh", postprocessing is not used, but the old code in sb_exec.c is still applied; this will be changed later by another commit - "sb2" script tests if the Qemu knows about "-0" and "-E" options; the exec posprocessor uses them if they are available: - option -0 is used to preserve exec semantics. Without it argv[0] will be overwritten with the file name (and it is not always the same thing) - option -E is used to inject environment variables to qemu's emulated environment. "prelink" won't work without this trick. both options were implemented for Maemo SDK+, and are present in their patched qemu. - These changes were originally written by Mika Westerberg and Pas
2008-09-27Bugfixes: Protect important environment variables - This commit fixes a bug ↵Lauri Aarnio2-36/+84
which was caused by first clearing the environment and then executing another program; execution escaped from sb2. - Environment variables SBOX_SESSION_DIR, LD_PRELOAD and LD_LIBRARY_PATH are vital to sb2. Changed the way how these are handle by do_exec: - SBOX_SESSION_DIR can not be modified or removed at all from the environment - Original values of LD_PRELOAD and LD_LIBRARY_PATH are restored to the environment if those vars have been removed. - This commit also fixes a bug in uname() which was introduced by my last commit (sorry!)
2008-09-27Cleanup: Replaced more environment variables by conf.vars (part 2) - ↵Lauri Aarnio2-15/+34
SBOX_UNAME_MACHINE, SBOX_CPUTRANSPARENCY_METHOD, SBOX_CPU
2008-09-27Replaced env.var. SBOX_TARGET_ROOT by conf.var. sbox_target_rootLauri Aarnio1-3/+3
2008-09-27sb2-show can be used to query string variables from the Lua engine - Also ↵Lauri Aarnio1-0/+1
introduces a new C function, sb2__read_string_variable_from_lua__(), which can be used to replace getenv() for variables that have been moved or will be moved away from environment
2008-09-27Eliminated env.var. SBOX_MAPMODE; Mode is now passed thru files - sb2 does ↵Lauri Aarnio1-2/+3
not anymore load all mapping modes to memory, only the rules of the selected mode will be loaded. Rules will be copied to $SBOX_SESSION_DIR/rules.lua at startup. - There is a new "-M" option to sb2, which can be used to provide direct path to the mapping rule file (so that rules don't have to be under $SBOX_LUA_SCRIPTS/pathmaps anymore) - sb2 now creates a new configuration file, $SBOX_SESSION_DIR/sb2-session.conf That file will be used to pass per-session information about sb2's environment to the various child processes; we have had far too many environment variables in use. Currently "sbox_mapmode" is the only thing passed via the new file, but other environment variables will follow.. - This should have a positive effect on performance, too.
2008-09-27Workaround for a Linux/glibc memory allocation problem - ld.so ↵Lauri Aarnio3-1/+124
(ld-linux.so.2) fails to execute dynamically linked programs (segfaults!), when called explicitly and stack limit has been set to infinity. This can be demonstrated by "ulimit -s unlimited; /lib/ld-linux.so /bin/bash" on ubuntu "hardy". - GNU make triggers this problem; it sets stack limit to infinity.. - This patch provides a workaround by wrapping the "setrlimit" calls, recording stack limit, and restoring the limit before exec is called.
2008-09-27Implemented policy-based execution of native binaries. - Exec policies can ↵Lauri Aarnio1-94/+109
be used to define how native binaries are started: For example, the tools that are used from "tools_root" may need to load dynamic libraries from nonstandard locations and/or use a nonstandard ld.so; also, if the target architecture is the same as the host architecture, binaries may also need special settings and a special ld.so. - These features are off by default, but can be taken into use by installing a libsb2.so to tools_root (or to the rootstrap, if target arch.==host arch) - NOTE/WARNING: These features are currently off because the current ld.so (which is part of glibc) is not fully transparent to the application. See comments in the source for a longer explanation of this.
2008-09-27Added four wrappers (__xmknodat(),__fxstatat(),__fxstatat64(),fstatat64())Lauri Aarnio1-0/+10
2008-09-27sb_execve_mod and sbox_execve_mod renamed to exec preprocessing functionsLauri Aarnio1-4/+4
2008-09-27sb_exec.c cleanup (most functions are now "static") + added 3 warning messagesLauri Aarnio1-6/+25
2008-09-27Bugfix to temp.name template postprocessorLauri Aarnio1-18/+22
2008-09-27Fixes to wrappers that generate temp.file names - This adds support for ↵Lauri Aarnio3-39/+167
mapping /tmp. Previously, /tmp was not mapped and in fact it was not possible map it because there were some functions (tmpnam(), mktemp(), mkdtemp() etc) that caused trouble if somebody attempted to map /tmp.
2008-09-27mkstemp() and mkstemp64() wrappers: Fixed filling of "template" argumentLauri Aarnio2-3/+60
2008-09-27Interface generator: Added "postprocess(varname)" modifier - variable ↵Lauri Aarnio1-9/+92
postprocessors can be used to copy modifications back from the mapped arguments to original arguments
2008-09-27More debug logs: Log full argv[] from sb_next_execve()Lauri Aarnio1-0/+61
2008-07-25sb_execvep()Timo Savola2-8/+27
superset of all exec functions, exported by libsb2. Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-07-25map mkstempTimo Savola2-4/+4
Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-07-25sbrsh: allow binary execution from home directoryTimo Savola1-4/+7
Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-07-25sbrsh: fix working directory checkTimo Savola1-3/+3
Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-07-25Don't try to validate target CPU type when executing a host binaryTimo Savola1-67/+57
Semantics of elf_hdr_match() was changed in the process: it now returns a truth value. Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-07-25Move target CPU information into a nice tableTimo Savola1-23/+33
Signed-off-by: Timo Savola <tsavola@movial.fi>
2008-06-17Bugfix: Fixed execution of host-* toolsLauri Aarnio1-10/+33
- Execution of host-gcc and other host-* tools failed when SBOX_TOOLS_ROOT was set, because do_exec() did not check if the exec mangling code disabled all mapping; it tried to start gcc from SBOX_TOOLS_ROOT and not from the host (which of course failed, because rest of the universe didn't come from SBOX_TOOLS_ROOT)
2008-06-17Replaced glob() and glob64()Lauri Aarnio6-2/+1639
- The glob* functions used to be wrapped (the "pattern" parameter was mapped by SB2), but that is a less-than-perfect solution because mapping the pattern caused strange out-out-expectations results to be returned (which caused problems with GNU Make, which uses glob() quite extensively). The right thing to do is to include private implementations of the glob* functions to SB2, so that the mapping happens at lower levels (e.g. in the opendir() etc. functions used by glob). - The replacements for glob() and glob64() were copied from glibc2.7. Some minor modifications were needed to make them compile correctly in this context. - WARNING: Because the replacements were copied from glibc, and the interface to the glob functions includes flags etc., SB2 is now somewhat bound to glibc-based systems. The old less-than-perfect solution is still included in the sources and can be enabled by defining SB2_WRAP_GLOB macro when compiling, if SB2 needs to be used on a non-glibc host.
2008-06-17Path resolution refactored and fixed, now maps intermediate symlinks, tooLauri Aarnio5-65/+120
This commit fixes problems that were caused by intermediate symlinks, that is, symlinks to directories inside longer paths. Previously those were not mapped at all, which caused nasty unexpected escapes from the SB2-sandboxed environment. Handling symlinks correctly is a complex task which involved implementing a replacement for the path resolution algorithm of the OS, and required many bigger and smaller chenges to various modules of SB2. Other notable changes: wrappers for glob() and glob64() were simplified as part of the refactoring process. Re-implementing the path resolution code pointed out that glob() did not work as it should do, when the pattern pointed to a mapped destination. there might still be problems related to absolute patterns.
2008-05-10Map unix domain socket addresses in bind() and connect()Lauri Aarnio3-0/+81
- This commit adds initial support for handling Unix domain socket addresses in bind() and connect(). Other socket API calls have not yet been examined, there might be other needs for mapping, too. - NOTE: Max. address (=path) length in the sockaddr_un structure is usually quite short, when compared to the max.filename length. This may present problems, because the mapped paths are usually much longer than the original path was, but at least such cases are now logged ("error" level)
2008-05-10Bugfix: Preserve errno.Lauri Aarnio1-1/+9
- changed the interface generator to restore the original value of "errno" after path mapping has been done.
2008-05-10Critical bugfix: Symlinks to scripts on mapped dirs broke argv[0] at exec*()Lauri Aarnio1-7/+11
- if the path to the executable was a symlink which pointed to a file which was mapped, run_hashbang() accidently changed the name of the executable; first parameter to the exec*() needs to be name of the symlink, not contents of the symlink. run_hashbang() used to work only if the path was not mapped, now it works also for mapped paths to scripts.
2008-03-14Fix to fts_open()Lauri Aarnio1-1/+1
- the new path name array to the real fts_open() is now properly terminated by a NULL pointer.
2008-03-14Important bugfix to libpthread interfaceLauri Aarnio1-2/+6
- Using libpthread unconditionally caused crashes (segfaults inside libstdc++, etc). This changes the preload library to use functions from the pthread library only if they are available, and removes automatic loading of that library (Full explanation can be found from luaif.c)
2008-01-31Logging enhancements: show changes made to argv+envpLauri Aarnio1-0/+54
- level "debug": shows if argv and/or envp has been changed - level "noise": as above + logs all components of modified string vectors. - added SB_LOG_IS_ACTIVE(level) macro for testing if logging has been enabled
2008-01-31Introduced R/O mapping mode.Lauri Aarnio5-97/+313
It is now possible to add "readonly = true" to any mapping rule, and the generated interface will then return an error code for any function which is trying to modify the filesystem: The interface functions do not call the real functions at all in this case, instead they will return an error code (typically -1 for system calls, NULL for fopen() etc). Also, errno will been set to appropriate value, typically to EROFS. Other modifications: - Added wrappers for fhchmod() [all platforms], and chflags(), getattrlist(), and setattrlist [Mac OS X - untested!] - Modified many of the wrapper specifications in interface.master (hopefully found all functions that may modify the filesystem :-) - Added new logging level "NOTICE", used for logging interface-generated "read only errors" - sb2-show now displays if the target has been marked "readonly" by the rules - sb2-logz knows about "notice" messages - added two new modifiers to gen-interface.pl (without these this R/O-thing would not be possible at all) - some minor code cleanups
2008-01-31Bugfix: added wrapper for eaccess()Lauri Aarnio1-0/+2
- wrapper for eaccess() was missing, and that caused the built-in "test" of bash to fail.
2008-01-23Modified interface generator to create SB_LOG calls at returns.Lauri Aarnio2-15/+78
Generated code can now log the return value (if the value is an int, long, or pointer). Errno values and changes are also logged. This works for all wrappers and gates. The log level is defined in interface.master (by a new LOGLEVEL command). Currently it is "noise" for all generated functions, so "-L noise" flag needs to be given to "sb2" to make these new messages visible.
2008-01-18Introduce SB1 bug emulation modeLauri Aarnio1-9/+40
- new option "-Q BUGLIST" to sb2 (ex. sb2 -Q x) - currently this can emulate: x: scratchbox1 didn't check X-permission of files correctly,
2008-01-11replace iswhitespace() with standard isspace()Lauri Leukkunen1-14/+5
stop the madness! Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2008-01-11Implement arguments for CPUTRANSPARENCY_METHODLauri Leukkunen1-12/+100
Simply edit your target.config: export SBOX_CPUTRANSPARENCY_METHOD="/home/lleukkun/scratchbox2/bin/qemu-arm -s 512" Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2008-01-11Make exported.h generated by gen-interface.pl to be a proper header fileLauri Leukkunen1-2/+40
Now it can be included by itself with no dependency to libsb2.h. Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2008-01-11Introduce sb2-show, cleanup some warningsLauri Leukkunen5-40/+118
sb2-show allows you to inspect how path/argv/envp mangling would be done for a given binary. Patch by lauri.t.aarnio@nokia.com, somewhat cleaned up by lle@rahina.org. Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2008-01-03Added log post-processing tool and improved logging messages.Lauri Aarnio3-7/+34
- added sb2logz, which extracts information from logs and produces summaries - general: log format changed (each line now contains log level, too) - *.c: log messages which are needed by sb2logz are now at INFO level - interface.master & libsb2.c: Added gates to _exit() and _Exit(), so that exit status can be logged - sb_exec.c: bugfix: sb_execve_mod() returns nonzero if error, not zero - sb2: location of log files changed: logs now go to ~/sb2_logs/, and initial environment is printed to the log file
2008-01-02bugfix: fixed typos in macro namesLauri Aarnio1-8/+8
(the result was that not all functions were wrapped)
2007-12-19Add IA64 and powerpc host supportRiku Voipio1-3/+10
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
2007-12-18Generate source files to the object dirLauri Leukkunen1-3/+3
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-18Change wrapper generation to support multilib compilationLauri Leukkunen1-6/+7
This is not tested properly on amd64 host, but does fix the obvious problems. Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-14Try to get ld_so_run_app() workingLauri Leukkunen1-4/+4
Still bombs out randomly for no apparent reason. Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-14One more ifdef HAVE_ found missingLauri Leukkunen1-1/+1
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-14Code cleanupLauri Leukkunen1-5/+5
Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-14Endianness check code updateLauri Leukkunen1-50/+81
* Adds endian string suffix checking (sh4eb now ok). * Adds code to check endian in the elf header. * Makes sure host binary really is a host binary - prevents executing sh4eb as host on sh4 target. Patch by Magnus Damm <magnus.damm@gmail.com> Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-13Re-introduce tool distro supportLauri Leukkunen1-11/+134
This allows controlling build environment independently of the host. Signed-off-by: Lauri Leukkunen <lle@rahina.org>
2007-12-13Fix ifdefs in interface.masterLauri Leukkunen1-6/+6
All need to have HAVE_ as prefix. This caused many functions not to be built at all, ever. Signed-off-by: Lauri Leukkunen <lle@rahina.org>