- 17 Jan, 2021 2 commits
- 03 Jan, 2021 20 commits
-
-
Max Rees authored
-
Max Rees authored
In the future we will probably remove this entirely in favor of implementing something like fakeroot's -s/-i, but leave it here for now.
-
Max Rees authored
Makes it easier to think about how many -v are given
-
Max Rees authored
Files that haven't been previously touched by comped children will appear to have their real owner/group instead of rewriting them to root. Same as the fakeroot option.
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
This is more similar to fakeroot's dump format
-
- 18 Dec, 2020 4 commits
- 15 Dec, 2020 1 commit
-
-
Max Rees authored
-
- 14 Dec, 2020 7 commits
-
-
Max Rees authored
i.e. SCMP_SYS returns a negative number (a so-called "pseudo-syscall" by libseccomp) which thus cannot be an array index.
-
Max Rees authored
The p(err|warn)x? macros will be updated likewise later when they are changed to branch on a global "verbose" flag instead of using NDEBUG
-
Max Rees authored
-
Max Rees authored
Rename the former handle_chown_inner to record_chown
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
-
- 13 Dec, 2020 6 commits
-
-
Max Rees authored
-
Max Rees authored
-
Max Rees authored
The previous naive approach relied on setting up and loading the seccomp filter in the first process, then immediately executing the desired process. This had the unfortunate effect of causing deadlocks in the parent when part of its syscall emulation involved a syscall that was also part of the child's seccomp filter (after all, the filter was also active in the parent). Now we have a multi-stage approach: * The first process (stage 1) sets up a socketpair and produces a child * The child (stage 2) sets up the filter and sends the notification FD and PID of the end-user's process back to the stage 1 process, then exits. * Stage 2 is now over. Stage 1 can receive all seccomp notifications from the third process and its descendants without deadlocking if it itself calls those same syscalls. Part of the magic is taking advantage of SCM_RIGHTS to pass the notification FD around as well as PR_SET_CHILD_SUBREAPER to make sure none of the descendants escape. The latter will also be useful in the future when it is necessary to track the uid, euid, et al of the children.
-
Max Rees authored
file_upsert_path is useful if you need to add a new file override entry or update the existing one. In other cases we need to just check if there is already an entry (e.g. during stat(2) calls), which you can now use file_get for.
-
Max Rees authored
Now we can also write back to the tracee using tx_data(push=1). In the future if we need to rewrite only a pathname in a syscall we could also mutate pull_pathname into tx_pathname(push=). Use check_pathname to ensure PATH_MAX paths from tx_data() don't overflow. pull_pathname automatically calls this for you.
-
Max Rees authored
handle_chown_inner may be used at a later point by other syscalls so we will leave it with extern linkage for now
-