[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] -chroot and -su options.
From: |
Edgar E. Iglesias |
Subject: |
Re: [Qemu-devel] [PATCH] -chroot and -su options. |
Date: |
Wed, 5 Mar 2008 08:54:08 +0100 |
User-agent: |
Mutt/1.5.16 (2007-06-09) |
On Wed, Mar 05, 2008 at 12:51:36AM -0600, Rob Landley wrote:
> On Tuesday 04 March 2008 05:22:12 you wrote:
> > On Mon, Mar 03, 2008 at 06:28:22PM -0600, Rob Landley wrote:
> > > Quick and dirty patch to teach qemu application emulation how to chroot
> > > (and drop privs), so you don't have to pollute a target filesystem with
> > > host code, and/or figure out how to build qemu static in order to run a
> > > dynamic binary.
> >
> > Hi Rob,
> >
> > Right, doing the chroot from within qemu avoids the issue with polluting
> > the target/. Thanks for the example.
> >
> > The chroot approach still suffers from the need of initially having higher
> > privileges. Personally, I still prefer the sysroot option and avoid that
> > need but either way helps me.
> >
> > Best regards
>
> Which sysroot option? (I may have missed a patch, I'm a month behind on the
> list. This is just something I've meant to submit for... about a year, I
> think.)
>
> You can also teach a bunch of different qemu syscalls (open, unlink, mmap,
> exec, fcntl, and 3 dozen others...) to append a prefix to its path, and
> perhaps try to prevent them from playing games with symlinks or ".." to break
> out of that subdir. But that's a much, much, much more extensive/intrusive
> patch.
Hi,
This is the updated example from my local git of how it could work, it only
maps absolute paths.
I don't think taking care of relative paths involves much more code but so far
this behaviour has been enough for me.
The sim simulators in GDB have a similar --sysroot option which I beleive
behaves very similar (or equal).
Please note that I'm not trying to jail in a program for security purposes,
just for test and debug purposes.
My original post can be found here:
http://lists.gnu.org/archive/html/qemu-devel/2008-03/msg00027.html
Best regards
--
Edgar E. Iglesias
Axis Communications AB
diff --git a/linux-user/main.c b/linux-user/main.c
index 0079c7a..8190dbf 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -1904,6 +1904,7 @@ void usage(void)
"-h print this help\n"
"-g port wait gdb connection to port\n"
"-L path set the elf interpreter prefix (default=%s)\n"
+ "-sysroot Root for system calls with absolute file-names\n"
"-s size set the stack size in bytes (default=%ld)\n"
"-cpu model select CPU (-cpu ? for list)\n"
"-drop-ld-preload drop LD_PRELOAD for target process\n"
@@ -1943,6 +1944,7 @@ int main(int argc, char **argv)
int gdbstub_port = 0;
int drop_ld_preload = 0, environ_count = 0;
char **target_environ, **wrk, **dst;
+ char *sysroot = NULL;
if (argc <= 1)
usage();
@@ -2014,6 +2016,8 @@ int main(int argc, char **argv)
drop_ld_preload = 1;
} else if (!strcmp(r, "strace")) {
do_strace = 1;
+ } else if (!strcmp(r, "sysroot")) {
+ sysroot = argv[optind++];
} else
{
usage();
@@ -2030,7 +2034,10 @@ int main(int argc, char **argv)
memset(info, 0, sizeof(struct image_info));
/* Scan interp_prefix dir for replacement files. */
- init_paths(interp_prefix);
+ if (sysroot)
+ init_paths(sysroot, 1);
+ else
+ init_paths(interp_prefix, 0);
if (cpu_model == NULL) {
#if defined(TARGET_I386)
diff --git a/linux-user/path.c b/linux-user/path.c
index 7da0a8b..5b6abc9 100644
--- a/linux-user/path.c
+++ b/linux-user/path.c
@@ -25,6 +25,8 @@ struct pathelem
};
static struct pathelem *base;
+static int use_sysroot;
+static size_t sysroot_pathlen;
/* First N chars of S1 match S2, and S2 is N chars long. */
static int strneq(const char *s1, unsigned int n, const char *s2)
@@ -118,7 +120,7 @@ follow_path(const struct pathelem *cursor, const char *name)
return NULL;
}
-void init_paths(const char *prefix)
+void init_paths(const char *prefix, int sysroot)
{
char pref_buf[PATH_MAX];
@@ -135,15 +137,25 @@ void init_paths(const char *prefix)
strcat(pref_buf, prefix);
free(cwd);
} else
- strcpy(pref_buf,prefix + 1);
-
- base = new_entry("", NULL, pref_buf);
- base = add_dir_maybe(base);
- if (base->num_entries == 0) {
- free (base);
- base = NULL;
+ strcpy(pref_buf, prefix + 1);
+
+ use_sysroot = sysroot;
+ if (sysroot) {
+ base = malloc(sizeof (*base));
+ sysroot_pathlen = strlen(pref_buf);
+ base->pathname = malloc(sysroot_pathlen + PATH_MAX + 1);
+ base->pathname[0] = '/';
+ memcpy(base->pathname + 1, pref_buf, sysroot_pathlen);
+ sysroot_pathlen++;
} else {
- set_parents(base, base);
+ base = new_entry("", NULL, pref_buf);
+ base = add_dir_maybe(base);
+ if (base->num_entries == 0) {
+ free (base);
+ base = NULL;
+ } else {
+ set_parents(base, base);
+ }
}
}
@@ -155,5 +167,12 @@ const char *path(const char *name)
if (!base || name[0] != '/')
return name;
- return follow_path(base, name) ?: name;
+ if (use_sysroot) {
+ size_t name_len;
+ /* Prepend base->pathname to name. */
+ name_len = strlen(name);
+ memcpy (base->pathname + sysroot_pathlen, name, name_len + 1);
+ return base->pathname;
+ } else
+ return follow_path(base, name) ?: name;
}
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index b33ad89..9e1b4f4 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -166,7 +166,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
void gemu_log(const char *fmt, ...) __attribute__((format(printf,1,2)));
extern CPUState *global_env;
void cpu_loop(CPUState *env);
-void init_paths(const char *prefix);
+void init_paths(const char *prefix, int sysroot);
const char *path(const char *pathname);
char *target_strerror(int err);
Re: [Qemu-devel] [PATCH] -chroot and -su options., Anderson Lizardo, 2008/03/14