1 |
Mike Frysinger wrote: |
2 |
> On Wednesday 28 January 2009 19:01:07 C. Bergström wrote: |
3 |
> |
4 |
>> It builds.. it runs.. and now trying to get it to run correctly.. |
5 |
>> (forgive the verbose post please) I've been building everything as |
6 |
>> 64bit.. and wonder if I need a 32bit libsandbox.so as well? (I need to |
7 |
>> fix scanelf as it's been broken, but that wouldn't account for why rm |
8 |
>> gave the same error) |
9 |
>> |
10 |
> |
11 |
> you need a binary version for whatever you want to protect. if you arent |
12 |
> running 32bit programs during normal build/install, then you wont need a 32bit |
13 |
> libsandbox. not sure multilib will even work atm with non-standard lib paths |
14 |
> though. |
15 |
> |
16 |
> |
17 |
>> Small note.. this seems to be needed.. |
18 |
>> SANDBOX_WRITE="/dev/fd:/proc/self/fd:/dev/dtrace/helper" |
19 |
>> |
20 |
> |
21 |
> i'm guessing you're only talking about /dev/dtrace/helper ... in that case, |
22 |
> you should be able to drop that into /etc/sandbox.d/ |
23 |
> |
24 |
> |
25 |
>> ld.so.1: install: fatal: libsandbox.so: open failed: No such file or |
26 |
>> directory |
27 |
>> |
28 |
> |
29 |
> this should be fixed in latest sandbox already ... so make sure you're using |
30 |
> sandbox-1.3.3 or newer |
31 |
> |
32 |
> |
33 |
>> "../libsbutil/sbutil.h", line 101: warning: attribute parameter |
34 |
>> "__printf__" is undefined |
35 |
>> |
36 |
> |
37 |
> i imagine there's an autoconf test somewhere for this i can steal. or we just |
38 |
> ignore it. |
39 |
> |
40 |
> |
41 |
>> "wrapper-funcs/__wrapper_simple.c", line 31: |
42 |
>> warning: assignment type mismatch: pointer to function(pointer to const |
43 |
>> char, unsigned long) returning int "=" pointer to void |
44 |
>> "symbols.h", line 30: warning: syntax error: empty declaration |
45 |
>> |
46 |
> |
47 |
> could you post symbols.h as an attachment ? this is generated on the fly, so |
48 |
> line numbers are useless w/out the generated file. |
49 |
> |
50 |
> |
51 |
>> "wrapper-funcs/__wrapper_simple.c", line 21: syntax error before or at: |
52 |
>> __off64_t |
53 |
>> |
54 |
> |
55 |
> will have to figure out how LFS is handled on opensolaris ... maybe assuming |
56 |
> the __XXX form exists is bad mojo. |
57 |
> |
58 |
A few small and more recent patches I had to add.. |
59 |
|
60 |
--- libsandbox/memory.c.old 2009-01-29 07:28:47.312601827 -0800 |
61 |
+++ libsandbox/memory.c 2009-01-29 07:30:55.834594791 -0800 |
62 |
@@ -11,6 +11,8 @@ |
63 |
#include "libsandbox.h" |
64 |
#include "sbutil.h" |
65 |
|
66 |
+#define MIN(x, y) ((x) < (y) ? (x) : (y)) |
67 |
+ |
68 |
#define SB_MALLOC_TO_MMAP(ptr) ((void*)(((size_t*)ptr) - 1)) |
69 |
#define SB_MMAP_TO_MALLOC(ptr) ((void*)(((size_t*)ptr) + 1)) |
70 |
#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) |
71 |
|
72 |
--- libsbutil/get_tmp_dir.c.old 2009-01-29 07:08:59.114359101 -0800 |
73 |
+++ libsbutil/get_tmp_dir.c 2009-01-29 07:09:31.921878506 -0800 |
74 |
@@ -17,7 +17,7 @@ |
75 |
{ |
76 |
save_errno(); |
77 |
|
78 |
- if (NULL == realpath(getenv(ENV_TMPDIR) ? : TMPDIR, path)) |
79 |
+ if (NULL == realpath(getenv(ENV_TMPDIR) ? getenv(ENV_TMPDIR) : |
80 |
TMPDIR, path)) |
81 |
if (NULL == realpath(TMPDIR, path)) |
82 |
return -1; |
83 |
|
84 |
|
85 |
|
86 |
I have some missing symbols and end up adding 'LIBS=-lmagic' Which I |
87 |
think is causing further problems.. |
88 |
|
89 |
(Not sure this is correct and then ultimately causing the error below, |
90 |
but fixed a similar problem) |
91 |
--- libsandbox/Makefile.in.old 2009-01-29 23:41:03.071332311 -0800 |
92 |
+++ libsandbox/Makefile.in 2009-01-29 23:41:31.923431471 -0800 |
93 |
@@ -291,7 +291,7 @@ |
94 |
rm -f "$${dir}/so_locations"; \ |
95 |
done |
96 |
libsandbox.la: $(libsandbox_la_OBJECTS) $(libsandbox_la_DEPENDENCIES) |
97 |
- $(libsandbox_la_LINK) -rpath $(libdir) $(libsandbox_la_OBJECTS) |
98 |
$(libsandbox_la_LIBADD) $(LIBS) |
99 |
+ $(libsandbox_la_LINK) --use-libtool-rpath |
100 |
$(libsandbox_la_OBJECTS) $(libsandbox_la_LIBADD) $(LIBS) |
101 |
|
102 |
mostlyclean-compile: |
103 |
-rm -f *.$(OBJEXT) |
104 |
|
105 |
/bin/sh ../libtool --tag=CC --mode=link /opt/SUNWspro/prod/bin/cc |
106 |
-DOUTSIDE_LIBSANDBOX -i -xO4 -xspace -xstrconst -Kpic -fast |
107 |
-xregs=no%frameptr -m64 -ztext -m64 -o sandbox sandbox-environ.o |
108 |
sandbox-sandbox.o ../libsbutil/libsbutil.la -lmagic -m64 |
109 |
mkdir .libs |
110 |
/opt/SUNWspro/prod/bin/cc -DOUTSIDE_LIBSANDBOX -i -xO4 -xspace |
111 |
-xstrconst -Kpic -fast -xregs=no%frameptr -m64 -ztext -m64 -o sandbox |
112 |
sandbox-environ.o sandbox-sandbox.o -m64 ../libsbutil/.libs/libsbutil.a |
113 |
/usr/lib/libmagic.so -lz |
114 |
ld: fatal: file /usr/lib/libmagic.so: wrong ELF class: ELFCLASS32 |
115 |
ld: fatal: file processing errors. No output written to sandbox |
116 |
|
117 |
When I made libmagic.so multilib that's when this stopped working.. So |
118 |
it was only coincidence it was working before.. If you merge any |
119 |
changes I'll pick them up since I'm currently using git tip.. The error |
120 |
regarding |
121 |
|
122 |
ld.so.1: install: fatal: libsandbox.so: open failed: No such file or |
123 |
> directory |
124 |
|
125 |
is 99.9% because I'm missing the 32bit libsandbox.so.. |
126 |
|
127 |
sun cc flat out dies with -Wall. -v iirc is the equivalent and if it's |
128 |
turned on by default that's fine, but something that can be |
129 |
disabled/overridden would be great.. For the other stuff I'll |
130 |
investigate.. (I could also do some extra trickery with calls cw |
131 |
instead of cc so it translates gcc options and then invokes the |
132 |
compiler, but that I suspect would lead to even more complexity.) |
133 |
|
134 |
Thanks a lot for your help Mike.. |
135 |
|
136 |
./C |