Re: [PATCH] Add a /proc/self/exedir link

Neil Brown <[email protected]> wrote:
> On Tuesday April 4, [email protected] wrote:

>> To clarify, I'm proposing this patch for eventual mainline inclusion.
>> 
>> It adds a simple bit of API - a symlink in /proc/pid - which makes it
>> easy to build relocatable software:
>> 
>>    ./configure --prefix=/proc/self/exedir/..

[...]

> It strikes me that this is very fragile.  If the application calls
> anything out of /bin or /usr/bin etc passing a path name which works
> for the application, it will break for the helper.

ACK.

> It also requires all binaries use by the application to live in the
> same directory.  This would be OK  for some applications, but not for
> everything.
> 
> It sounds to me like you want a private, inherited, name space, and
> Linux provides those via CLONE_NEWNS, however you probably need root
> access to make that work, which isn't ideal.

This isn't going to rock either. If process A links
$PID->namespace:/const/exedir/ to /mnt/net/host_a/foo/bin and passes
/const/exedir/../lib/foo to process B, this process B must not
link it's $PID->namespace:/const/exedir/ to e.g. /opt/B/bin, but
exactly this is going to happen if you use a constant string.

> I think you'd have move luck (ab)using an environment variable.
> Make
>    /proc/self/env_prefix
> be a symlink pointing to whatever the "PREFIX" environment variable
> stores.

Same problem.


IMO the program must be aware of the get-my-exedir feature, just configuring
--prefix=/proc/... is aiming for your feet.

/proc/pid/exedir may be a way to access the program files after changing the
namespace, but it may also be a security risk leaving the original namespace
accessible. Therefore I suggest abandoning the exedir idea and instead

1) change the programs to be aware of it's exedir:
   (my $exedir=`cat /proc/self/exe`) =~ s,/[^/]+$,,);
   if ($libdir !~ m,^/,) { $libdir = $exedir.'/'.$libdir };
 - or -
   ln -s /mnt/net/host_a/foo /usr/local/foo
   (cd /usr/local/bin && for a in ../foo/bin; do ln -s "$a";done)
2) If you want access across namespaces, use fopen etc. on an open
   directory handle
-- 
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] Add a /proc/self/exedir link
  - From: Mike Hearn <[email protected]>

Prev by Date: Re: Header Sanitizing Project
Next by Date: Re: about ll_rw_blk.c of void generic_make_request(struct bio *bio)
Previous by thread: Re: [PATCH] Add a /proc/self/exedir link
Next by thread: Re: [PATCH] Add a /proc/self/exedir link
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]