Neil Brown <[email protected]> wrote:
> On Tuesday April 4, [email protected] wrote:
>> To clarify, I'm proposing this patch for eventual mainline inclusion.
>>
>> It adds a simple bit of API - a symlink in /proc/pid - which makes it
>> easy to build relocatable software:
>>
>> ./configure --prefix=/proc/self/exedir/..
[...]
> It strikes me that this is very fragile. If the application calls
> anything out of /bin or /usr/bin etc passing a path name which works
> for the application, it will break for the helper.
ACK.
> It also requires all binaries use by the application to live in the
> same directory. This would be OK for some applications, but not for
> everything.
>
> It sounds to me like you want a private, inherited, name space, and
> Linux provides those via CLONE_NEWNS, however you probably need root
> access to make that work, which isn't ideal.
This isn't going to rock either. If process A links
$PID->namespace:/const/exedir/ to /mnt/net/host_a/foo/bin and passes
/const/exedir/../lib/foo to process B, this process B must not
link it's $PID->namespace:/const/exedir/ to e.g. /opt/B/bin, but
exactly this is going to happen if you use a constant string.
> I think you'd have move luck (ab)using an environment variable.
> Make
> /proc/self/env_prefix
> be a symlink pointing to whatever the "PREFIX" environment variable
> stores.
Same problem.
IMO the program must be aware of the get-my-exedir feature, just configuring
--prefix=/proc/... is aiming for your feet.
/proc/pid/exedir may be a way to access the program files after changing the
namespace, but it may also be a security risk leaving the original namespace
accessible. Therefore I suggest abandoning the exedir idea and instead
1) change the programs to be aware of it's exedir:
(my $exedir=`cat /proc/self/exe`) =~ s,/[^/]+$,,);
if ($libdir !~ m,^/,) { $libdir = $exedir.'/'.$libdir };
- or -
ln -s /mnt/net/host_a/foo /usr/local/foo
(cd /usr/local/bin && for a in ../foo/bin; do ln -s "$a";done)
2) If you want access across namespaces, use fopen etc. on an open
directory handle
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
