1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
-- Scratchbox2 Lua main file
-- Copyright (C) 2006, 2007 Lauri Leukkunen
-- Licensed under MIT license.
-- This file is loaded by the libsb2.so preload library, from the
-- constructor to initialize sb2's "Lua-side"
debug = os.getenv("SBOX_MAPPING_DEBUG")
debug_messages_enabled = sb.debug_messages_enabled()
-- This version string is used to check that the lua scripts offer
-- what the C files expect, and v.v.
-- Increment the serial number (first number) and update the initials
-- and date whenever the interface beween Lua and C is changed.
--
-- NOTE: the corresponding identifier for C is in include/sb2.h,
-- see that file for description about differences
sb2_lua_c_interface_version = "61"
function do_file(filename)
if (debug_messages_enabled) then
sb.log("debug", string.format("Loading '%s'", filename))
end
f, err = loadfile(filename)
if (f == nil) then
error("\nError while loading " .. filename .. ": \n"
.. err .. "\n")
-- "error()" never returns
else
f() -- execute the loaded chunk
end
end
session_dir = os.getenv("SBOX_SESSION_DIR")
-- Load session-specific settings
do_file(session_dir .. "/sb2-session.conf")
do_file(session_dir .. "/exec_config.lua")
-- Load mapping- and exec functions
--
-- NOTE: "mapping.lua" loads the mapping mode config, which may be needed
-- by "argvenvp.lua", so order is important!
do_file(session_dir .. "/lua_scripts/mapping.lua")
-- other processes than "make" or the shells load
-- argvenvp.lua only if exec* functions are needed!
function sbox_execve_preprocess_loader(binaryname, argv, envp)
local prev_fn = sbox_execve_preprocess
sb.log("info", "sbox_execve_preprocess called: loading argvenvp.lua")
do_file(session_dir .. "/lua_scripts/argvenvp.lua")
if prev_fn == sbox_execve_preprocess then
sb.log("error",
"Fatal: Failed to load real sbox_execve_preprocess")
os.exit(88)
end
-- This loader has been replaced. The following call is not
-- a recursive call to this function, even if it may look like one:
return sbox_execve_preprocess(binaryname, argv, envp)
end
function sb_execve_postprocess_loader(rule, exec_policy, exec_type,
mapped_file, filename, binaryname, argv, envp)
local prev_fn = sb_execve_postprocess
sb.log("info", "sb_execve_postprocess called: loading argvenvp.lua")
do_file(session_dir .. "/lua_scripts/argvenvp.lua")
if prev_fn == sb_execve_postprocess then
sb.log("error",
"Fatal: Failed to load real sb_execve_postprocess")
os.exit(88)
end
-- This loader has been replaced. The following call is not
-- a recursive call to this function, even if it may look like one:
return sb_execve_postprocess(rule, exec_policy, exec_type,
mapped_file, filename, binaryname, argv, envp)
end
local binary_name = sb.get_binary_name()
if (binary_name == "make") or
(binary_name == "sh") or
(binary_name == "bash") then
-- This is a performance optimization;
-- this process will probably do multiple fork()+exec*() calls,
-- so it is better to load the exec code right now.
-- otherwise every child process will be doing the loading..that
-- would work, of course, but this is better when the overall
-- performance is considered.
if debug_messages_enabled then
sb.log("debug", "Loading exec code now")
end
do_file(session_dir .. "/lua_scripts/argvenvp.lua")
else
if debug_messages_enabled then
sb.log("debug", "exec code will be loaded on demand")
end
sbox_execve_preprocess = sbox_execve_preprocess_loader
sb_execve_postprocess = sb_execve_postprocess_loader
end
-- sb2 is ready for operation!
|
