Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* libsandbox: add wrappers for _FORTIFY_SOURCE funcsv1.3.8Mike Frysinger2009-02-205-0/+79
| | | | | | | | | | When glibc is compiled with optimization and higher _FORTIFY_SOURCE levels, the headers redirect dynamic calls to the open*() functions to the __open*_2() functions. The latter provides runtime checking. But this means we also need to wrap the latter forms in order to get sandbox checking on the open() functions. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* scripts: disable wrappers for weak __XXX symbolsMike Frysinger2009-02-202-0/+12
| | | | | | | | | | Since there doesn't seem to be a use for wrapping the __XXX weak symbols, and things aren't using these in normal glibc/uClibc code, stop attempting to handle them. This should work around the FreeBSD infinite recursion issue as well (their getcwd() calls __getcwd(), both of which are public symbols). Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* do not fail autogen step if autoconf-archive is not installedMike Frysinger2009-02-181-3/+3
| | | | | | Rework the shell code slightly so a missed grep does not trigger the -e. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: use $AWK rather than awkMike Frysinger2009-02-182-1/+2
| | | | | | | The configure scripts will try hard to set up AWK as GNU awk which is what we want/need in the sb_printf test. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* add configure checks for the 64bit lfs funcs as wellMike Frysinger2009-02-185-0/+8
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* add checks for signal() return typesMike Frysinger2009-02-182-0/+11
| | | | | | | | | Some systems use sighandler_t while others use sig_t. Add a configure check so that we can assume sighandler_t is always available. URL: http://bugs.gentoo.org/259507 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Javier Villavicencio <the_paya@gentoo.org>
* include the m4 files from the autoconf-archive packageMike Frysinger2009-02-187-0/+327
| | | | | | | | Not everyone has the autoconf-archive package installed, so have the autogen.sh script automatically update the local copies and include them in the tree. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: lock main syscall code with a mutexMike Frysinger2009-02-183-0/+11
| | | | | | | | | Since the main sandbox code maintains state with global variables (like sbcontext), make sure we use a pthread mutex to prevent multiple threads from corrupting each other. In the non-threaded case this shouldn't be a problem as the C library provides redirection stubs in its own code. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: shuffle/unify local prototypesMike Frysinger2009-02-183-21/+17
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: avoid recursion by using sb_unwrapped_access()Mike Frysinger2009-02-182-1/+3
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: convert internal open func to sb_unwrapped_foo styleMike Frysinger2009-02-185-48/+45
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: convert internal getcwd func to sb_unwrapped_foo styleMike Frysinger2009-02-184-18/+20
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: create hidden targets for most functionsMike Frysinger2009-02-182-4/+14
| | | | | | | | In case we want to access a standard function unwrapped, create hidden functions that do just that. This creates a standard for most functions of the form sb_unwrapped_foo(). Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: simplify WRAPPER_PRE_CHECKS() a bitMike Frysinger2009-02-184-10/+13
| | | | | | | Remove some of the ugly indirection in the WRAPPER_PRE_CHECKS() defines so it operates like a normal C function -- much easier to work with those. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: tweak errno handling in fopen() wrapperMike Frysinger2009-02-181-2/+5
| | | | | | | No point in saving/restoring the errno value if we don't make any C lib function calls. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: do save/restore errno in sym lookupMike Frysinger2009-02-181-2/+0
| | | | | | | | If the symbol lookup function failed, then we abort. If the lookup worked, then errno is not touched. In either case, there is no need to save/restore the errno value. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* drop unused local GLIBC_MINOR defineMike Frysinger2009-02-171-2/+0
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* fix environ checkMike Frysinger2009-02-171-1/+1
| | | | | | | | | AC_CHECK_DECL will always create the relevant define and only differ in the actual value (0 or 1). URL: http://bugs.gentoo.org/258365 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Javier Villavicencio <the_paya@gentoo.org>
* libsandbox: update ENAMETOOLONG comments to match egetcwd() changesMike Frysinger2009-02-152-4/+2
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: convert more code to stdbool to simplify thingsMike Frysinger2009-02-154-69/+61
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: calculate longest symbol name dynamicallyMike Frysinger2009-02-153-12/+16
| | | | | | | | The longest wrapped symbol name has hit the hard limit of 10 chars, so rather than manually bump it up, calculate it on the fly with the awk scripts. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: make sure all mknod symbols are wrappedMike Frysinger2009-02-155-0/+19
| | | | | | | The mknodat() symbol on glibc is rewritten to __xmknodat(), so we need to wrap that and check for all of them in the check_access() code. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: simplify clean_env_entries a bitMike Frysinger2009-02-141-13/+14
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fixup egetcwd() a bitMike Frysinger2009-02-141-11/+8
| | | | | | | If lstat() worked, it won't clear errno for us, so we have to do it. Also unify the error code paths. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: move cached_env_vars into .bssMike Frysinger2009-02-141-10/+5
| | | | | | | No point to allocating cached_env_vars dynamically since we allocate it once during init and it's only 4 pointers. Stick it into the bss instead. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: handle ENAMETOOLONG properly with getcwd()Mike Frysinger2009-02-141-14/+11
| | | | | | | | | | | The core libsandbox code was checking for ENAMETOOLONG when working with getcwd() and doing the right thing, but it never passed this error back up to the caller. This would make some tests (like the getcwd tests in many gnulib/autotool based packages like coreutils) to keep on trying since it did not detect the expected failure conditions. So now when we hit the ENAMETOOLONG error, we pass this specific error back up to the caller. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* bump to sandbox-1.3.8Mike Frysinger2009-02-141-1/+1
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: do not call x*() memory funcs in memory replacement codev1.3.7Mike Frysinger2009-02-131-5/+17
| | | | | | | | | | | As Maximilian points out, the internal memory funcs in libsandbox are already called by the x*() type funcs which means error checking occurs at the higher level. So we don't want to do it at the inner level either as that will lose the real file/location where the memory allocation occured. URL: http://bugs.gentoo.org/257179 Signed-off-by: Maximilian Grothusmann <maxi-gentoo@own-hero.de> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: simplify script-2.sh a bitMike Frysinger2009-02-121-6/+0
| | | | | | | Since the autotest framework automatically creates private dirs for each test, we don't need to do it ourself. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox: do not dist sandbox.sh and clean up error messagesMike Frysinger2009-02-122-6/+6
| | | | | | | | | | | The sandbox.sh file is generated now, so do not mark it as a dist target. To make this kind of error easier to figure out in the future, have all sandbox errors related to files include the full filename that is causing an error. URL: http://bugs.gentoo.org/258690 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Alexis Ballier <aballier@gentoo.org>
* disable tests for unavailable funcsMike Frysinger2009-02-1219-0/+43
| | | | | | | Not all systems implement the full range of functions we wrap, so we shouldn't require them in the test suite either. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox: check signal returns and allow SIGHUP to be ignoredMike Frysinger2009-02-121-5/+16
| | | | | | | | | | | If the SIGHUP signal is already set to SIG_IGN, then do not replace it with our own handler as most likely this means the user is using `nohup`. As for the other signals, check the return value and warn if something weird happens (like they aren't all set to SIG_DFL). URL: http://bugs.gentoo.org/217898 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Ken Bloom <kbloom@gmail.com>
* add testcase for old PATH bugMike Frysinger2009-02-124-3/+36
| | | | | | | | | Also fix common script execution code to remove debug "moo" string and disable pointless sleep code in sandbox. URL: http://bugs.gentoo.org/139591 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
* bump to sandbox-1.3.7Mike Frysinger2009-02-101-1/+1
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* provide environ decl if system sucks and doesn't do it for usv1.3.6Mike Frysinger2009-02-092-0/+6
| | | | | | URL: http://bugs.gentoo.org/258365 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Dan Coats <admin@easyshellz.com>
* tests: get scripts working in sandbox.shMike Frysinger2009-02-0812-10/+76
| | | | | | | | | Make sure we source the local sandbox.{bashrc,conf} and we always make the helper functions available when testing even if we aren't interactive. Now we can run `make check` and test the local version of sandbox even when we are running under another sandbox env. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_printf: get z modifier working and fixup testsMike Frysinger2009-02-083-63/+45
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: let real funcs handle non-existent paths (part 2)Mike Frysinger2009-02-071-12/+15
| | | | | | Let real funcs do their magic even before predicted paths. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* bump to sandbox-1.3.6Mike Frysinger2009-02-071-1/+1
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fix sandbox /proc/self/fd regressionv1.3.5Mike Frysinger2009-02-071-9/+9
| | | | | | | | | | | The optimize changes added after 1.3.2 were not entirely correct. The sandbox /proc/self/fd check was changed to check for the dir itself rather than allowing all paths that started with the dir. So let's comment more about what's going on and fix it up. URL: http://bugs.gentoo.org/257418 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Ryan Hill <dirtyepic@gentoo.org>
* libsandbox: fix sandbox log dir regressionMike Frysinger2009-02-071-2/+7
| | | | | | | | | The optimize changes added after 1.3.2 were not entirely correct. The sandbox log dir check was changed to check for the dir itself rather than blacklisting all paths that started with the dir. So let's comment more about what's going on and fix it up. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: add some more test scriptsMike Frysinger2009-02-073-0/+40
| | | | | | | Some helper scripts for automating git bisection, and add a test case for /dev/fd/ regression. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox: fix typo in struct sandbox_info_t declMike Frysinger2009-02-071-1/+1
| | | | | | | | | | | A "typedef" was missing when declaring the sandbox_info_t struct resulting in a large unused "sandbox_info_t" object showing up everywhere. Normally this isn't a problem (other than resource waste), but some systems don't like multiply defined objects even if they're in the .bss section. URL: http://bugs.gentoo.org/258031 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Timo Kamph <timo@kamph.org>
* bump to sandbox-1.3.5Mike Frysinger2009-02-071-1/+1
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: ignore *.py[co] files for nowv1.3.4Mike Frysinger2009-02-071-0/+14
| | | | | | | | | | A very common bug (apparently) is for .py[co] files to fall out of sync with their .py source files. Rather than trigger a hard failure, let's just whine about it. Once python itself gets sorted out, we can drop this. URL: http://bugs.gentoo.org/256953 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fix call to backtrace()Mike Frysinger2009-02-071-1/+1
| | | | | | | The size argument to backtrace() is the number of elements, not the number of bytes. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fix minor memleak from cmdline simplificationMike Frysinger2009-02-071-2/+3
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* gen_symbol_version_map.awk: filter out more symbolsMike Frysinger2009-02-052-2/+7
| | | | | | | Ignore symbols that are not functions, or do not have the proper binding and/or visibility for us to override. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* pull in siginfo.h when availableMike Frysinger2009-02-052-0/+4
| | | | | | Some systems define psignal() in siginfo.h, so use it when available. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: detect linker flag for version scriptsMike Frysinger2009-02-052-1/+15
| | | | | | Support --version-script and -M flags for passing version scripts. Signed-off-by: Mike Frysinger <vapier@gentoo.org>