Gentoo Archives: gentoo-alt

From: "C. Bergström" <cbergstrom@×××××××××.com>
To: Mike Frysinger <vapier@g.o>
Cc: gentoo-alt@l.g.o
Subject: Re: [gentoo-alt] Any interest in sandbox on (open)solaris?
Date: Thu, 29 Jan 2009 09:12:43
Message-Id: 498170CF.2010709@netsyncro.com
In Reply to: Re: [gentoo-alt] Any interest in sandbox on (open)solaris? by Mike Frysinger
1 Mike Frysinger wrote:
2 > On Wednesday 28 January 2009 19:01:07 C. Bergström wrote:
3 >
4 >> It builds.. it runs.. and now trying to get it to run correctly..
5 >> (forgive the verbose post please) I've been building everything as
6 >> 64bit.. and wonder if I need a 32bit libsandbox.so as well? (I need to
7 >> fix scanelf as it's been broken, but that wouldn't account for why rm
8 >> gave the same error)
9 >>
10 >
11 > you need a binary version for whatever you want to protect. if you arent
12 > running 32bit programs during normal build/install, then you wont need a 32bit
13 > libsandbox. not sure multilib will even work atm with non-standard lib paths
14 > though.
15 >
16 >
17 >> Small note.. this seems to be needed..
18 >> SANDBOX_WRITE="/dev/fd:/proc/self/fd:/dev/dtrace/helper"
19 >>
20 >
21 > i'm guessing you're only talking about /dev/dtrace/helper ... in that case,
22 > you should be able to drop that into /etc/sandbox.d/
23 >
24 >
25 >> ld.so.1: install: fatal: libsandbox.so: open failed: No such file or
26 >> directory
27 >>
28 >
29 > this should be fixed in latest sandbox already ... so make sure you're using
30 > sandbox-1.3.3 or newer
31 >
32 >
33 >> "../libsbutil/sbutil.h", line 101: warning: attribute parameter
34 >> "__printf__" is undefined
35 >>
36 >
37 > i imagine there's an autoconf test somewhere for this i can steal. or we just
38 > ignore it.
39 >
40 >
41 >> "wrapper-funcs/__wrapper_simple.c", line 31:
42 >> warning: assignment type mismatch: pointer to function(pointer to const
43 >> char, unsigned long) returning int "=" pointer to void
44 >> "symbols.h", line 30: warning: syntax error: empty declaration
45 >>
46 >
47 > could you post symbols.h as an attachment ? this is generated on the fly, so
48 > line numbers are useless w/out the generated file.
49 >
50 >
51 >> "wrapper-funcs/__wrapper_simple.c", line 21: syntax error before or at:
52 >> __off64_t
53 >>
54 >
55 > will have to figure out how LFS is handled on opensolaris ... maybe assuming
56 > the __XXX form exists is bad mojo.
57 >
58 A few small and more recent patches I had to add..
59
60 --- libsandbox/memory.c.old 2009-01-29 07:28:47.312601827 -0800
61 +++ libsandbox/memory.c 2009-01-29 07:30:55.834594791 -0800
62 @@ -11,6 +11,8 @@
63 #include "libsandbox.h"
64 #include "sbutil.h"
65
66 +#define MIN(x, y) ((x) < (y) ? (x) : (y))
67 +
68 #define SB_MALLOC_TO_MMAP(ptr) ((void*)(((size_t*)ptr) - 1))
69 #define SB_MMAP_TO_MALLOC(ptr) ((void*)(((size_t*)ptr) + 1))
70 #define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))
71
72 --- libsbutil/get_tmp_dir.c.old 2009-01-29 07:08:59.114359101 -0800
73 +++ libsbutil/get_tmp_dir.c 2009-01-29 07:09:31.921878506 -0800
74 @@ -17,7 +17,7 @@
75 {
76 save_errno();
77
78 - if (NULL == realpath(getenv(ENV_TMPDIR) ? : TMPDIR, path))
79 + if (NULL == realpath(getenv(ENV_TMPDIR) ? getenv(ENV_TMPDIR) :
80 TMPDIR, path))
81 if (NULL == realpath(TMPDIR, path))
82 return -1;
83
84
85
86 I have some missing symbols and end up adding 'LIBS=-lmagic' Which I
87 think is causing further problems..
88
89 (Not sure this is correct and then ultimately causing the error below,
90 but fixed a similar problem)
91 --- libsandbox/Makefile.in.old 2009-01-29 23:41:03.071332311 -0800
92 +++ libsandbox/Makefile.in 2009-01-29 23:41:31.923431471 -0800
93 @@ -291,7 +291,7 @@
94 rm -f "$${dir}/so_locations"; \
95 done
96 libsandbox.la: $(libsandbox_la_OBJECTS) $(libsandbox_la_DEPENDENCIES)
97 - $(libsandbox_la_LINK) -rpath $(libdir) $(libsandbox_la_OBJECTS)
98 $(libsandbox_la_LIBADD) $(LIBS)
99 + $(libsandbox_la_LINK) --use-libtool-rpath
100 $(libsandbox_la_OBJECTS) $(libsandbox_la_LIBADD) $(LIBS)
101
102 mostlyclean-compile:
103 -rm -f *.$(OBJEXT)
104
105 /bin/sh ../libtool --tag=CC --mode=link /opt/SUNWspro/prod/bin/cc
106 -DOUTSIDE_LIBSANDBOX -i -xO4 -xspace -xstrconst -Kpic -fast
107 -xregs=no%frameptr -m64 -ztext -m64 -o sandbox sandbox-environ.o
108 sandbox-sandbox.o ../libsbutil/libsbutil.la -lmagic -m64
109 mkdir .libs
110 /opt/SUNWspro/prod/bin/cc -DOUTSIDE_LIBSANDBOX -i -xO4 -xspace
111 -xstrconst -Kpic -fast -xregs=no%frameptr -m64 -ztext -m64 -o sandbox
112 sandbox-environ.o sandbox-sandbox.o -m64 ../libsbutil/.libs/libsbutil.a
113 /usr/lib/libmagic.so -lz
114 ld: fatal: file /usr/lib/libmagic.so: wrong ELF class: ELFCLASS32
115 ld: fatal: file processing errors. No output written to sandbox
116
117 When I made libmagic.so multilib that's when this stopped working.. So
118 it was only coincidence it was working before.. If you merge any
119 changes I'll pick them up since I'm currently using git tip.. The error
120 regarding
121
122 ld.so.1: install: fatal: libsandbox.so: open failed: No such file or
123 > directory
124
125 is 99.9% because I'm missing the 32bit libsandbox.so..
126
127 sun cc flat out dies with -Wall. -v iirc is the equivalent and if it's
128 turned on by default that's fine, but something that can be
129 disabled/overridden would be great.. For the other stuff I'll
130 investigate.. (I could also do some extra trickery with calls cw
131 instead of cc so it translates gcc options and then invokes the
132 compiler, but that I suspect would lead to even more complexity.)
133
134 Thanks a lot for your help Mike..
135
136 ./C

Attachments

File name MIME type
symbols.h-32bit-bad text/plain
symbols.h-64bit-good text/plain

Replies

Subject Author
Re: [gentoo-alt] Any interest in sandbox on (open)solaris? Mike Frysinger <vapier@g.o>