this repo has no description
More useful changes for vchroot
+180
-11
+38
-11
src/startup/darling.c
+38
-11
src/startup/darling.c
···
57
57
char *prefix;
58
58
uid_t g_originalUid, g_originalGid;
59
59
bool g_fixPermissions = false;
60
+
bool g_useVchroot = false;
60
61
char **g_argv, **g_envp;
61
62
char g_workingDirectory[4096];
62
63
···
88
89
89
90
if (!isModuleLoaded())
90
91
loadKernelModule();
92
+
93
+
{
94
+
const char* vchroot;
95
+
if (vchroot = getenv("VCHROOT"))
96
+
g_useVchroot = atoi(vchroot) != 0;
97
+
}
91
98
92
99
prefix = getenv("DPREFIX");
93
100
if (!prefix)
···
748
755
if (g_fixPermissions)
749
756
fixDirectoryPermissions(prefix);
750
757
751
-
snprintf(putOld, sizeof(putOld), "%s" SYSTEM_ROOT, prefix);
758
+
if (!g_useVchroot)
759
+
{
760
+
snprintf(putOld, sizeof(putOld), "%s" SYSTEM_ROOT, prefix);
752
761
753
-
if (syscall(SYS_pivot_root, prefix, putOld) != 0)
754
-
{
755
-
fprintf(stderr, "Cannot pivot_root: %s\n", strerror(errno));
756
-
exit(1);
757
-
}
762
+
if (syscall(SYS_pivot_root, prefix, putOld) != 0)
763
+
{
764
+
fprintf(stderr, "Cannot pivot_root: %s\n", strerror(errno));
765
+
exit(1);
766
+
}
758
767
759
-
// mount procfs for our new PID namespace
760
-
if (mount("proc", "/proc", "proc", 0, "") != 0)
768
+
// mount procfs for our new PID namespace
769
+
if (mount("proc", "/proc", "proc", 0, "") != 0)
770
+
{
771
+
fprintf(stderr, "Cannot mount procfs: %s\n", strerror(errno));
772
+
exit(1);
773
+
}
774
+
}
775
+
else
761
776
{
762
-
fprintf(stderr, "Cannot mount procfs: %s\n", strerror(errno));
763
-
exit(1);
777
+
snprintf(putOld, sizeof(putOld), "%s/proc", prefix);
778
+
779
+
// mount procfs for our new PID namespace
780
+
if (mount("proc", putOld, "proc", 0, "") != 0)
781
+
{
782
+
fprintf(stderr, "Cannot mount procfs: %s\n", strerror(errno));
783
+
exit(1);
784
+
}
764
785
}
765
786
766
787
// Drop the privileges. It's important to drop GID first, because
···
868
889
puts("Bootstrapping the container with launchd...");
869
890
870
891
// putenv("KQUEUE_DEBUG=1");
871
-
execl("/sbin/launchd", "launchd", NULL);
892
+
if (!g_useVchroot)
893
+
execl("/sbin/launchd", "launchd", NULL);
894
+
else
895
+
{
896
+
setenv("DYLD_ROOT_PATH", LIBEXEC_PATH, 1);
897
+
execl(LIBEXEC_PATH "/usr/libexec/darling/vchroot", "vchroot", prefix, "/sbin/launchd", NULL);
898
+
}
872
899
873
900
fprintf(stderr, "Failed to exec launchd: %s\n", strerror(errno));
874
901
abort();
+9
src/vchroot/CMakeLists.txt
+9
src/vchroot/CMakeLists.txt
+57
src/vchroot/vchroot.c
+57
src/vchroot/vchroot.c
···
1
+
#include <stdio.h>
2
+
#include <stdlib.h>
3
+
#include <unistd.h>
4
+
#include <fcntl.h>
5
+
#include <errno.h>
6
+
#include <lkm/api.h>
7
+
8
+
extern int lkm_call(int nr, ...);
9
+
10
+
int main(int argc, const char** argv)
11
+
{
12
+
if (argc < 3)
13
+
{
14
+
fprintf(stderr, "vchroot <dir> <binary> [args...]\n");
15
+
return 1;
16
+
}
17
+
18
+
char buf[4096];
19
+
sprintf(buf, "%s%s", argv[1], argv[2]);
20
+
21
+
if (access(buf, F_OK) != 0)
22
+
{
23
+
fprintf(stderr, "Target executable not found: %s\n", buf);
24
+
return 5;
25
+
}
26
+
27
+
int dfd = open(argv[1], O_RDONLY | O_DIRECTORY);
28
+
if (dfd == -1)
29
+
{
30
+
perror("open");
31
+
return 1;
32
+
}
33
+
34
+
if (fchdir(dfd) == -1)
35
+
{
36
+
perror("fchdir");
37
+
return 2;
38
+
}
39
+
40
+
if (lkm_call(NR_vchroot, dfd) == -1)
41
+
{
42
+
perror("vchroot");
43
+
return 3;
44
+
}
45
+
46
+
close(dfd);
47
+
48
+
// This is only needed for this binary and shouldn't be passed down
49
+
unsetenv("DYLD_ROOT_PATH");
50
+
51
+
// printf("Will execv %s\n", argv[2]);
52
+
execv(argv[2], (char * const *) argv+2);
53
+
perror("execv");
54
+
55
+
return 4;
56
+
}
57
+
+76
src/vchroot/vchroot_test.c
+76
src/vchroot/vchroot_test.c
···
1
+
#include <lkm/api.h>
2
+
#include <stdio.h>
3
+
#include <string.h>
4
+
#include <fcntl.h>
5
+
#include <sys/ioctl.h>
6
+
7
+
const char* TESTDIR = "/tmp";
8
+
//const char* TESTDIR = "/run/user/1000";
9
+
10
+
int main(int argc, const char** argv)
11
+
{
12
+
int lkm = open("/dev/mach", O_RDWR);
13
+
if (lkm == -1)
14
+
{
15
+
perror("open dev mach");
16
+
return 1;
17
+
}
18
+
int dfd = open(TESTDIR, O_RDONLY | O_DIRECTORY);
19
+
if (dfd == -1)
20
+
{
21
+
perror("open dfd");
22
+
return 1;
23
+
}
24
+
25
+
int rv = ioctl(lkm, NR_vchroot, dfd);
26
+
if (rv == -1)
27
+
{
28
+
perror("NR_vchroot");
29
+
return 1;
30
+
}
31
+
32
+
struct vchroot_expand_args expand;
33
+
34
+
//strcpy(expand.path, "link_to_dir_in_root/file"); // link_to_...
35
+
strcpy(expand.path, "/test2/file");
36
+
// strcpy(expand.path, "/proc/self/mounts");
37
+
expand.flags = 0;
38
+
expand.dfd = -100;
39
+
40
+
rv = ioctl(lkm, NR_vchroot_expand, &expand);
41
+
if (rv == -1)
42
+
{
43
+
perror("NR_vchroot_expand");
44
+
return 1;
45
+
}
46
+
47
+
printf("Path expanded to %s\n", expand.path);
48
+
49
+
// int testfilefd = open(expand.path, O_RDONLY);
50
+
// int testfilefd = open("/tmp/dev/null", O_RDONLY);
51
+
int testfilefd = 0;
52
+
if (testfilefd == -1)
53
+
{
54
+
perror("open test file");
55
+
return 1;
56
+
}
57
+
58
+
struct vchroot_fdpath_args fdpath;
59
+
60
+
fdpath.fd = testfilefd;
61
+
fdpath.path = malloc(512);
62
+
fdpath.maxlen = 512;
63
+
64
+
rv = ioctl(lkm, NR_vchroot_fdpath, &fdpath);
65
+
if (rv == -1)
66
+
{
67
+
perror("NR_vchroot_fdpath");
68
+
return 1;
69
+
}
70
+
71
+
printf("Reported fdpath: %s\n", fdpath.path);
72
+
73
+
return 0;
74
+
75
+
}
76
+