path: root/pseudo.h
AgeCommit message (Collapse)AuthorFilesLines
2015-08-20Initial profiling implementation.Peter Seebach1-0/+10
A partially-implemented profiler for client time, which basically just inserts (optional) gettimeofday calls in various places and stashes data in a flat file containing one data block per pid. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2015-01-14Make --without-passwd-fallback workPeter Seebach1-1/+1
This is derived in significant part from contributions to oe-core by Peter A. Bigot. I reworked the path routine a bit to use an already duplicated string instead of allocating copies of parts of it. The first issue was just that there was a missing antimagic() around some of the path operations. The second is that we wanted to have a way to provide a fallback password file which isn't the host's, but which can be used in the case where the target filesystem hasn't got a password yet, for bootstrapping purposes. (So there's a minimal password file that just has root, basically.) Also, I noticed a design flaw, which is that if you ended up calling pseudo_pwd_lck_open() twice in a row, the second time through, pseudo would first check whether it had a path name for the file (it does), and thus not allocate one, then call the close routine (which frees it and nulls the pointer), then open a new one... and not have a file name, so the next attempt to close it wouldn't unlink the file. This shouldn't ever come up in real code, but it was bugging me. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-05-16pseudo_has_unload: add functionPeter Seebach1-0/+1
Various wrappers checked for a non-null pseudo_get_value("PSEUDO_UNLOAD") to determine whether the environment should include the pseudo variables. None of those checks freed the returned value when it was not null. The new check function does. The new check function also sees whether PSEUDO_UNLOAD was defined in the environment that should be used in the wrapped system call. This allows pkg_postinst scripts to strip out the LD_PRELOAD setting, for example before invoking qemu to execute commands in an environment that does not have libpseudo.so. [YOCTO #4843] Signed-off-by: Peter A. Bigot <pab@pabigot.com> Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-22xattr support and other path stuff: reduce allocation and copyingPeter Seebach1-0/+9
The xattr first-pass implementation was allocating a buffer to hold the name and value for a set operation, then pseudo_client was allocating *another* buffer to hold the path and those two values. pseudo_client_op develops more nuanced argument handling, and also uses a static buffer for the extended paths it sometimes needs. So for the typical use case, only occasional operations will need to reallocate/expand the buffer, and we'll be down to copying things into that buffer once per operation, instead of having two alloc/free pairs and two copies. And of course, that wasn't two alloc/free pairs, it was one alloc/free pair and one alloc without a free. Whoops. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-21Initial draft xattr supportPeter Seebach1-0/+8
Initial, incomplete, support for extended attributes. Extended attributes are implemented fairly naively, using a second table in the file database using the primary file table's id as a foreign key. The ON DELETE CASCADE behavior requires sqlite 3.6.19 or later with foreign key and trigger support compiled in. To reduce round-trips, the client does not check for existing attributes, but rather, sends three distinct set messages; OP_SET_XATTR, OP_CREATE_XATTR, OP_REPLACE_XATTR. A SET message always succeeds, a CREATE fails if the attribute already exists, and a REPLACE fails if the attribute does not already exist. The /* flags */ feature of makewrappers is used to correct path names appropriately, so all functions are already working with complete paths, and can always use functions that work on links; if they were supposed to dereference, the path fixup code got that. The xattr support is enabled, for now, conditional on whether getfattr --help succeeds. Not yet implemented: Translation for system.posix_acl_access, which is used by "cp -a" (or "cp --preserve-all") on some systems to try to copy modes. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-01-22Don't automatically fall back to /etc/passwd.Peter Seebach1-2/+1
In some cases, we'd rather pseudo fail than fall back to using /etc/passwd or /etc/group. Make the determination of what to fall back to when neither PSEUDO_PASSWD nor a chroot directory contains passwd/group files controllable by a configure-time flag, controlled by --with-passwd-fallback= or --without-passwd-fallback.
2013-06-25Change debugging to use flags rather than levelsPeter Seebach1-3/+12
This is a moderately intrusive change. The basic overall effect: Debugging messages are now controlled, not by a numeric "level", but by a series of flags, which are expressed as a string of letters. Each flag has a single-letter form used for string specifications, a name, a description, a numeric value (1 through N), and a flag value (which is 1 << the numeric value). (This does mean that no flag has the value 1, so we only have 31 bits available. Tiny violins play.) The other significant change is that the pseudo_debug calls are now implemented with a do/while macro containing a conditional, so that computationally-expensive arguments are never evaluated if the corresponding debug flags weren't set. The assumption is that in the vast majority of cases (specifically, all of them so far) the debug flags for a given call are a compile-time constant, so the nested conditional will never actually show up in code when compiled with optimization; we'll just see the appropriate conditional test. The VERBOSE flag is magical, in that if the VERBOSE flag is used in a message, the debug flags have to have both VERBOSE and at least one other flag for the call to be made. This should dramatically improve performance for a lot of cases without as much need for PSEUDO_NDEBUG, and improve the ability of users to get coherent debugging output that means something and is relevant to a given case. It's also intended to set the stage for future development work involving improving the clarity and legibility of pseudo's diagnostic messages in general. Old things which used numeric values for PSEUDO_DEBUG will sort of continue to work, though they will almost always be less verbose than they used to. There should probably be a pass through adding "| PDBGF_CONSISTENCY" to a lot of the messages that are specific to some other type.
2013-02-26PSEUDO_ALLOW_FSYNC: Allow fsync()pseudo-1.5PSEUDO_1_5Peter Seebach1-0/+1
Some filesystems have buggy semantics where stat(2) will return incorrect sizes for files for a while after some changes, sometimes, unless they've been fsync'd. We still want to disable fsync most of the time, but enabling it for specific programs can be useful. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2013-02-26completely remove pseudo_debugcalls when -DNDEBUGPeter Seebach1-3/+6
2012-12-12bitrot and linkat() fixes for Darwin.SEEBS_TESTINGPeter Seebach1-4/+5
2012-12-12add linkat() implementationPeter Seebach1-0/+8
We never had an implementation for linkat() because no one used it; now someone uses it. link() is now implemented on top of linkat(). Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
2011-03-25Merge in ports workPeter Seebach1-3/+6
This is a spiffied-up rebase of a bunch of intermediate changes, presented as a whole because it is, surprisingly, less confusing that way. The basic idea is to separate the guts code into categories ranging from generic stuff that can be the same everywhere and specific variants. The big scary one is the Darwin support, which actually seems to run okay on 64-bit OS X 10.6. (No other variants were tested.) The other example given is support for the old clone() syscall on RHEL 4, which affects some wrlinux use cases. There's a few minor cleanup bits here, such as a function with inconsistent calling conventions, but nothing really exciting.
2010-12-13Further amend the system to enable/disable sudo during fork/exec.Mark Hatle1-3/+5
2010-12-09: * (mhatle) Add doc/program_flow to attempt to explain startup/running * (mhatle) guts/* minor cleanup * (mhatle) Reorganize into a new constructor for libpseudo ONLY pseudo main() now manually calls the util init new / revised init for client, wrappers and utils * (mhatle) Add central "reinit" function * (mhatle) Add manul execv* functions * (mhatle) rename pseudo_populate_wrappers to pseudo_check_wrappers Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2010-12-07This is a merge of several commits from a tree which turned out toPeter Seebach1-4/+6
be out of sync in a very inconvenient way. Changes include: * Some whitespace fixes, also move the pseudo_variables definition into pseudo_util.c since it's not used anywhere else. * Further improvements in the fork() support: We now recognize both positive and negative forms of PSEUDO_DISABLED, so we can distinguish between "it was removed from the environment by env -i" (restore the old value) and "it was intentionally turned off" (the new value wins). * clone(2) support. This is a little primitive, and programs might still fail horribly due to clone's semantics, but at least it's there and passes easy test cases. Plus a big patch from Mark Hatle: Cleanup fork/clone and PSEUDO_DISABLED guts/fork.c: * cleanup function and make it more robust * be sure to call pseudo_setupenv prior to pseudo_client_reset to match exec behavior pseudo_wrappers.c: * fix mismatched type in execl_to_v call via typecast * Simplify fork call via single call to wrap_fork() * be sure to save pseudo_disabled * be sure to call pseudo_setupenv prior to pseudo_client_reset to match exec behavior tests: * Add a test of whether pseudo can be disabled/enabled on a fork. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2010-11-30Major shift: All the id_t types have been reworked so that theyPeter Seebach1-88/+1
are generated from text files and templates, making it now (we hope) impossible for the list of strings to get out of sync with the enum.
2010-08-27We got bitten AGAIN by hard-coded lengths in memcmp, so we've swappedPeter Seebach1-0/+3
that for a macro that does it correctly. Why not just use strcmp, you ask? Because we aren't doing a string compare, we're looking for a prefix.
2010-08-17Draft one effort at making unlink more robust and fixing an obviousseebs1-0/+3
bug in the speculative-unlink operation. The intent is to mark and then confirm or cancel the delete. This removes the quirk where we tried to stash old database entries, which didn't handle directories anyway; "rmdir non-empty-directory" is a bit too common a case to dismiss as unthinkable.
2010-08-11Enable local variable cacheMark Hatle1-2/+10
Add local variable cache via get_value and set_value. The local cache is setup at constructor time (or soon after). Rewrite the pseudo_setupenv and pseudo_dropenv routines, add a new pseudo_setupenvp and pseudo_dropenvp as well to handle the execve cases. We can now successfully use /usr/bin/env -i env and get pseudo values back!
2010-08-04Add new environment values to allow easy override of default locationsMark Hatle1-5/+22
Add PSEUDO_BINDIR, PSEUDO_LIBDIR, and PSEUDO_LOCALSTATEDIR to allow for more easy customization of PSEUDO components at run-time. If these are not set they will be automatically generated based on the existing PSEUDO_PREFIX path. PSEUDO_BINDIR = PSEUDO_PREFIX /bin PSEUDO_LIBDIR = PSEUDO_PREFIX /lib PSEUDO_LOCALSTATEDIR = PSEUDO_PREFIX /var/pseudo Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2010-04-30Improve PSEUDO_DEBUG_FILE.Peter Seebach1-0/+1
The PSEUDO_DEBUG_FILE feature is enhanced, and is now also used by the pseudo server.
2010-04-26Handle execve() betterPeter Seebach1-2/+2
You can't use setenv() to modify the environment that will be passed to a child process through execve()... Also, fix the setupenv() to use PSEUDO_SUFFIX if defined. Use execve() to spawn child processes, so we can use setupenv() and dropenv().
2010-04-26Updates/improvements for loggingPeter Seebach1-2/+2
Send program name (program_invocation_name from glibc) along with the tag. Along the way, restructure the fds/pids/tags arrays to be an array of client structures in pseudo_server, and add the message type to the set of things logged -- logging that a message was a ping is more useful than appending the text "ping" to it. Add support for type and program to pseudolog. Add deletion to pseudolog. Handle usage message formatting when there's an odd number of known specifiers for pseudolog. Conflicts: ChangeLog.txt pseudo_server.c
2010-04-26Add lckpwdf()/ulckpwdf().Peter Seebach1-2/+2
It's not enough to rely on the usual chroot() stuff affecting the file open, not least because these use the glibc-internal __open which is not currently intercepted, but also because we want to use the PSEUDO_PASSWD path when that's set but there's no chroot(). There's some extra magic in pseudo_etc_file to support these operations, since they can legitimately create a file rather than opening an existing one.
2010-03-29Add password/group call emulation.Peter Seebach1-0/+3
This is a first pass at handling password/group calls, allowing the use of custom password/group files. In particular, when chroot()ed to a particular directory, pseudo picks files in that directory by default, to improve support for the typical use case where pseudo uses chroot() only to jump into a virtual target filesystem.
2010-03-26Add support for intercepting execve()Peter Seebach1-0/+4
This allows us to track execution, although the tracking for it requires some additional thought -- the basic assumption is that we don't want to canonicalize names into the chroot() directory, but since all the filename canonicalization assumes that we want this, that will take some sneaking. It's a little useful as is, though, so I'm running with it.
2010-03-26Track file open flagsPeter Seebach1-0/+1
This patch adds support for checking whether a file was opened for reading, writing, or both, as well as tracking append flags. It is not very well tested. This is preparation for improved host contamination checking.
2010-03-25initial chroot() supportPeter Seebach1-1/+27
Add chroot() and a large number of things needed to make it work. The list of intercepted calls is large but not exhaustive.
2010-03-24Prep for chroot handling:Peter Seebach1-0/+2
* Improve makewrappers handling of function pointer arguments. * Regenerate wrappers when makewrappers is touched. * Move path resolution from pseudo_client_op into wrapper functions. * Eliminate dependency on PATH_MAX. * Related cleanup, such as tracking CWD better, and using the tracked value for getcwd().
2010-03-16initial public releasePeter Seebach1-0/+128