Gentoo Archives: gentoo-alt

From: "C. Bergström" <cbergstrom@×××××××××.com>
To: Mike Frysinger <vapier@g.o>
Cc: gentoo-alt@l.g.o
Subject: Re: [gentoo-alt] Any interest in sandbox on (open)solaris?
Date: Thu, 29 Jan 2009 09:12:43
In Reply to: Re: [gentoo-alt] Any interest in sandbox on (open)solaris? by Mike Frysinger
Mike Frysinger wrote:
> On Wednesday 28 January 2009 19:01:07 C. Bergström wrote: > >> It builds.. it runs.. and now trying to get it to run correctly.. >> (forgive the verbose post please) I've been building everything as >> 64bit.. and wonder if I need a 32bit as well? (I need to >> fix scanelf as it's been broken, but that wouldn't account for why rm >> gave the same error) >> > > you need a binary version for whatever you want to protect. if you arent > running 32bit programs during normal build/install, then you wont need a 32bit > libsandbox. not sure multilib will even work atm with non-standard lib paths > though. > > >> Small note.. this seems to be needed.. >> SANDBOX_WRITE="/dev/fd:/proc/self/fd:/dev/dtrace/helper" >> > > i'm guessing you're only talking about /dev/dtrace/helper ... in that case, > you should be able to drop that into /etc/sandbox.d/ > > >> install: fatal: open failed: No such file or >> directory >> > > this should be fixed in latest sandbox already ... so make sure you're using > sandbox-1.3.3 or newer > > >> "../libsbutil/sbutil.h", line 101: warning: attribute parameter >> "__printf__" is undefined >> > > i imagine there's an autoconf test somewhere for this i can steal. or we just > ignore it. > > >> "wrapper-funcs/__wrapper_simple.c", line 31: >> warning: assignment type mismatch: pointer to function(pointer to const >> char, unsigned long) returning int "=" pointer to void >> "symbols.h", line 30: warning: syntax error: empty declaration >> > > could you post symbols.h as an attachment ? this is generated on the fly, so > line numbers are useless w/out the generated file. > > >> "wrapper-funcs/__wrapper_simple.c", line 21: syntax error before or at: >> __off64_t >> > > will have to figure out how LFS is handled on opensolaris ... maybe assuming > the __XXX form exists is bad mojo. >
A few small and more recent patches I had to add.. --- libsandbox/memory.c.old 2009-01-29 07:28:47.312601827 -0800 +++ libsandbox/memory.c 2009-01-29 07:30:55.834594791 -0800 @@ -11,6 +11,8 @@ #include "libsandbox.h" #include "sbutil.h" +#define MIN(x, y) ((x) < (y) ? (x) : (y)) + #define SB_MALLOC_TO_MMAP(ptr) ((void*)(((size_t*)ptr) - 1)) #define SB_MMAP_TO_MALLOC(ptr) ((void*)(((size_t*)ptr) + 1)) #define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) --- libsbutil/get_tmp_dir.c.old 2009-01-29 07:08:59.114359101 -0800 +++ libsbutil/get_tmp_dir.c 2009-01-29 07:09:31.921878506 -0800 @@ -17,7 +17,7 @@ { save_errno(); - if (NULL == realpath(getenv(ENV_TMPDIR) ? : TMPDIR, path)) + if (NULL == realpath(getenv(ENV_TMPDIR) ? getenv(ENV_TMPDIR) : TMPDIR, path)) if (NULL == realpath(TMPDIR, path)) return -1; I have some missing symbols and end up adding 'LIBS=-lmagic' Which I think is causing further problems.. (Not sure this is correct and then ultimately causing the error below, but fixed a similar problem) --- libsandbox/ 2009-01-29 23:41:03.071332311 -0800 +++ libsandbox/ 2009-01-29 23:41:31.923431471 -0800 @@ -291,7 +291,7 @@ rm -f "$${dir}/so_locations"; \ done $(libsandbox_la_OBJECTS) $(libsandbox_la_DEPENDENCIES) - $(libsandbox_la_LINK) -rpath $(libdir) $(libsandbox_la_OBJECTS) $(libsandbox_la_LIBADD) $(LIBS) + $(libsandbox_la_LINK) --use-libtool-rpath $(libsandbox_la_OBJECTS) $(libsandbox_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) /bin/sh ../libtool --tag=CC --mode=link /opt/SUNWspro/prod/bin/cc -DOUTSIDE_LIBSANDBOX -i -xO4 -xspace -xstrconst -Kpic -fast -xregs=no%frameptr -m64 -ztext -m64 -o sandbox sandbox-environ.o sandbox-sandbox.o ../libsbutil/ -lmagic -m64 mkdir .libs /opt/SUNWspro/prod/bin/cc -DOUTSIDE_LIBSANDBOX -i -xO4 -xspace -xstrconst -Kpic -fast -xregs=no%frameptr -m64 -ztext -m64 -o sandbox sandbox-environ.o sandbox-sandbox.o -m64 ../libsbutil/.libs/libsbutil.a /usr/lib/ -lz ld: fatal: file /usr/lib/ wrong ELF class: ELFCLASS32 ld: fatal: file processing errors. No output written to sandbox When I made multilib that's when this stopped working.. So it was only coincidence it was working before.. If you merge any changes I'll pick them up since I'm currently using git tip.. The error regarding install: fatal: open failed: No such file or
> directory
is 99.9% because I'm missing the 32bit sun cc flat out dies with -Wall. -v iirc is the equivalent and if it's turned on by default that's fine, but something that can be disabled/overridden would be great.. For the other stuff I'll investigate.. (I could also do some extra trickery with calls cw instead of cc so it translates gcc options and then invokes the compiler, but that I suspect would lead to even more complexity.) Thanks a lot for your help Mike.. ./C


File name MIME type
symbols.h-32bit-bad text/plain
symbols.h-64bit-good text/plain


Subject Author
Re: [gentoo-alt] Any interest in sandbox on (open)solaris? Mike Frysinger <vapier@g.o>