diff options
author | Colin Walters <walters@verbum.org> | 2012-01-06 09:59:06 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2012-01-06 09:59:06 -0500 |
commit | b9be7501b7a85e9d4c2ea50daea2630cf44b6f4b (patch) | |
tree | af23e535372244484a299fb7efa02e55218c7f85 | |
download | linux-user-chroot-b9be7501b7a85e9d4c2ea50daea2630cf44b6f4b.tar.gz |
Split this binary out from ostree
-rw-r--r-- | .gitignore | 37 | ||||
-rw-r--r-- | COPYING | 340 | ||||
-rw-r--r-- | Makefile-docbook-man.am | 33 | ||||
-rw-r--r-- | Makefile-stub.am | 73 | ||||
-rw-r--r-- | Makefile-user-chroot.am | 22 | ||||
-rw-r--r-- | Makefile.am | 22 | ||||
-rwxr-xr-x | autogen.sh | 20 | ||||
-rw-r--r-- | configure.ac | 31 | ||||
-rw-r--r-- | linux-user-chroot.doap | 25 | ||||
-rw-r--r-- | src/linux-user-chroot.c | 346 |
10 files changed, 949 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5af346a --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Standard C/Automake goo +.deps +.libs +*.typelib +*.la +*.lo +*.o +*.pyc +*.stamp +*~ +Makefile +Makefile.in +aclocal.m4 +autom4te.cache +compile +config.guess +config.h +config.h.in +config.log +config.status +config.sub +configure +depcomp +gtk-doc.make +INSTALL +install-sh +libtool +ltmain.sh +missing +stamp-h1 +ylwrap +py-compile +config +m4 +po +ABOUT-NLS +_build @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/Makefile-docbook-man.am b/Makefile-docbook-man.am new file mode 100644 index 0000000..4bdb501 --- /dev/null +++ b/Makefile-docbook-man.am @@ -0,0 +1,33 @@ +# Docbook generation copied from systemd/Makefile.am +# +# Copyright 2010 Lennart Poettering +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with systemd; If not, see <http://www.gnu.org/licenses/>. + +XML_FILES = \ + ${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}} +EXTRA_DIST += $(XML_FILES) + +dist_man_MANS = $(MANPAGES) + +XSLTPROC_FLAGS = \ + --nonet \ + --param funcsynopsis.style "'ansi'" + +XSLTPROC_PROCESS_MAN = \ + $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \ + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< + +doc/%.1: doc/%.xml + $(XSLTPROC_PROCESS_MAN) diff --git a/Makefile-stub.am b/Makefile-stub.am new file mode 100644 index 0000000..dfce235 --- /dev/null +++ b/Makefile-stub.am @@ -0,0 +1,73 @@ +# Copyright (C) 2011 Colin Walters <walters@verbum.org> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} +AM_CPPFLAGS = -DDATADIR='"$(datadir)"' -DLIBEXECDIR='"$(libexecdir)"' +AM_CFLAGS = $(WARN_CFLAGS) + +NULL = +BUILT_SOURCES = +MANPAGES = +CLEANFILES = +EXTRA_DIST = +bin_PROGRAMS = +bin_SCRIPTS = +libexec_PROGRAMS = +noinst_LTLIBRARIES = +noinst_PROGRAMS = +privlibdir = $(pkglibdir) +privlib_LTLIBRARIES = + +# Docbook generation copied from systemd/Makefile.am +# +# Copyright 2010 Lennart Poettering +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with systemd; If not, see <http://www.gnu.org/licenses/>. + +XML_FILES = \ + ${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}} +EXTRA_DIST += $(XML_FILES) + +if HAVE_XSLTPROC + +dist_man_MANS = $(MANPAGES) + +XSLTPROC_FLAGS = \ + --nonet \ + --param funcsynopsis.style "'ansi'" + +XSLTPROC_PROCESS_MAN = \ + $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \ + $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< + +doc/%.1: doc/%.xml + $(XSLTPROC_PROCESS_MAN) + +endif + + diff --git a/Makefile-user-chroot.am b/Makefile-user-chroot.am new file mode 100644 index 0000000..5d29a2c --- /dev/null +++ b/Makefile-user-chroot.am @@ -0,0 +1,22 @@ +# Copyright (C) 2011 Colin Walters <walters@verbum.org> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +bin_PROGRAMS += linux-user-chroot + +linux_user_chroot_SOURCES = src/linux-user-chroot.c + +linux_user_chroot_CFLAGS = $(AM_CFLAGS) diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..af22885 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,22 @@ +# Copyright (C) 2011 Colin Walters <walters@verbum.org> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +include Makefile-stub.am +include Makefile-user-chroot.am +if HAVE_XSLTPROC +include Makefile-docbook-man.am +endif diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..6035bc0 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +test -n "$srcdir" || srcdir=`dirname "$0"` +test -n "$srcdir" || srcdir=. + +olddir=`pwd` +cd $srcdir + +AUTORECONF=`which autoreconf` +if test -z $AUTORECONF; then + echo "*** No autoreconf found, please intall it ***" + exit 1 +fi + +mkdir -p m4 + +autoreconf --force --install --verbose + +cd $olddir +test -n "$NOCONFIGURE" || "$srcdir/configure" "$@" diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..0161e60 --- /dev/null +++ b/configure.ac @@ -0,0 +1,31 @@ +AC_PREREQ([2.63]) +AC_INIT([linux-user-chroot], [0], [walters@verbum.org]) +AC_CONFIG_HEADER([config.h]) +AC_CONFIG_MACRO_DIR([m4]) +AC_CONFIG_AUX_DIR([build-aux]) + +AM_INIT_AUTOMAKE([1.11 -Wno-portability foreign no-define tar-ustar no-dist-gzip dist-xz]) +AM_MAINTAINER_MODE([enable]) +AM_SILENT_RULES([yes]) + +AC_PROG_CC +AM_PROG_CC_C_O + +changequote(,)dnl +if test "x$GCC" = "xyes"; then + WARN_CFLAGS="-Wall -Werror=missing-prototypes" +fi +changequote([,])dnl +AC_SUBST(WARN_CFLAGS) + +# Initialize libtool +LT_PREREQ([2.2.4]) +LT_INIT([disable-static]) + +AC_PATH_PROG([XSLTPROC], [xsltproc]) +AM_CONDITIONAL(HAVE_XSLTPROC, test x"$XSLTPROC" != x) + +AC_CONFIG_FILES([ +Makefile +]) +AC_OUTPUT diff --git a/linux-user-chroot.doap b/linux-user-chroot.doap new file mode 100644 index 0000000..aa776b2 --- /dev/null +++ b/linux-user-chroot.doap @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Project xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" + xmlns:foaf="http://xmlns.com/foaf/0.1/" + xmlns:gnome="http://api.gnome.org/doap-extensions#" + xmlns="http://usefulinc.com/ns/doap#"> + + <name>linux-user-chroot</name> + + <shortdesc xml:lang="en">setuid helper for making bind mounts and chrooting</shortdesc> + + <homepage rdf:resource="http://live.gnome.org/GnomeOS/Building" /> + <license rdf:resource="http://usefulinc.com/doap/licenses/gpl" /> + + <programming-language>C</programming-language> + + <maintainer> + <foaf:Person> + <foaf:name>Colin Walters</foaf:name> + <foaf:mbox rdf:resource="mailto:walters@verbum.org"/> + <gnome:userid>walters</gnome:userid> + </foaf:Person> + </maintainer> + +</Project> diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c new file mode 100644 index 0000000..e9ceaa0 --- /dev/null +++ b/src/linux-user-chroot.c @@ -0,0 +1,346 @@ +/* -*- mode: c; tab-width: 2; indent-tabs-mode: nil -*- + * + * linux-user-chroot: A setuid program that allows non-root users to safely chroot(2) + * + * "safely": I believe that this program, when deployed as setuid on a + * typical "distribution" such as RHEL or Debian, does not, even when + * used in combination with typical software installed on that + * distribution, allow privilege escalation. + * + * Copyright 2011,2012 Colin Walters <walters@verbum.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it would be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#define _GNU_SOURCE +#include <unistd.h> +#include <stdio.h> +#include <fcntl.h> +#include <stdarg.h> +#include <string.h> +#include <assert.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/prctl.h> +#include <sys/mount.h> +#include <sys/syscall.h> +#include <sys/wait.h> +#include <linux/securebits.h> +#include <sched.h> + +static void fatal (const char *message, ...) __attribute__ ((noreturn)) __attribute__ ((format (printf, 1, 2))); +static void fatal_errno (const char *message) __attribute__ ((noreturn)); + +static void +fatal (const char *fmt, + ...) +{ + va_list args; + + va_start (args, fmt); + + vfprintf (stderr, fmt, args); + putc ('\n', stderr); + + va_end (args); + exit (1); +} + +static void +fatal_errno (const char *message) +{ + perror (message); + exit (1); +} + +typedef enum { + MOUNT_SPEC_BIND, + MOUNT_SPEC_READONLY, + MOUNT_SPEC_PROCFS +} MountSpecType; + +typedef struct _MountSpec MountSpec; +struct _MountSpec { + MountSpecType type; + + const char *source; + const char *dest; + + MountSpec *next; +}; + +static MountSpec * +reverse_mount_list (MountSpec *mount) +{ + MountSpec *prev = NULL; + + while (mount) + { + MountSpec *next = mount->next; + mount->next = prev; + prev = mount; + mount = next; + } + + return prev; +} + +int +main (int argc, + char **argv) +{ + const char *argv0; + const char *chroot_dir; + const char *program; + uid_t ruid, euid, suid; + gid_t rgid, egid, sgid; + int after_mount_arg_index; + unsigned int n_mounts = 0; + const unsigned int max_mounts = 50; /* Totally arbitrary... */ + char **program_argv; + MountSpec *bind_mounts = NULL; + MountSpec *bind_mount_iter; + int unshare_ipc = 0; + int unshare_net = 0; + int unshare_pid = 0; + int clone_flags = 0; + int child_status = 0; + pid_t child; + + if (argc <= 0) + return 1; + + argv0 = argv[0]; + argc--; + argv++; + + if (argc < 1) + fatal ("ROOTDIR argument must be specified"); + + after_mount_arg_index = 0; + while (after_mount_arg_index < argc) + { + const char *arg = argv[after_mount_arg_index]; + MountSpec *mount = NULL; + + if (n_mounts >= max_mounts) + fatal ("Too many mounts (maximum of %u)", n_mounts); + n_mounts++; + + if (strcmp (arg, "--mount-bind") == 0) + { + if ((argc - after_mount_arg_index) < 3) + fatal ("--mount-bind takes two arguments"); + + mount = malloc (sizeof (MountSpec)); + mount->type = MOUNT_SPEC_BIND; + mount->source = argv[after_mount_arg_index+1]; + mount->dest = argv[after_mount_arg_index+2]; + mount->next = bind_mounts; + + bind_mounts = mount; + after_mount_arg_index += 3; + } + else if (strcmp (arg, "--mount-readonly") == 0) + { + MountSpec *mount; + + if ((argc - after_mount_arg_index) < 2) + fatal ("--mount-readonly takes one argument"); + + mount = malloc (sizeof (MountSpec)); + mount->type = MOUNT_SPEC_READONLY; + mount->source = NULL; + mount->dest = argv[after_mount_arg_index+1]; + mount->next = bind_mounts; + + bind_mounts = mount; + after_mount_arg_index += 2; + } + else if (strcmp (arg, "--mount-proc") == 0) + { + MountSpec *mount; + + if ((argc - after_mount_arg_index) < 2) + fatal ("--mount-proc takes one argument"); + + mount = malloc (sizeof (MountSpec)); + mount->type = MOUNT_SPEC_PROCFS; + mount->source = NULL; + mount->dest = argv[after_mount_arg_index+1]; + mount->next = bind_mounts; + + bind_mounts = mount; + after_mount_arg_index += 2; + } + else if (strcmp (arg, "--unshare-ipc") == 0) + { + unshare_ipc = 1; + after_mount_arg_index += 1; + } + else if (strcmp (arg, "--unshare-pid") == 0) + { + unshare_pid = 1; + after_mount_arg_index += 1; + } + else if (strcmp (arg, "--unshare-net") == 0) + { + unshare_net = 1; + after_mount_arg_index += 1; + } + else + break; + } + + bind_mounts = reverse_mount_list (bind_mounts); + + if ((argc - after_mount_arg_index) < 2) + fatal ("usage: %s [--unshare-ipc] [--unshare-pid] [--unshare-net] [--mount-proc DIR] [--mount-readonly DIR] [--mount-bind SOURCE DEST] ROOTDIR PROGRAM ARGS...", argv0); + chroot_dir = argv[after_mount_arg_index]; + program = argv[after_mount_arg_index+1]; + program_argv = argv + after_mount_arg_index + 1; + + if (getresgid (&rgid, &egid, &sgid) < 0) + fatal_errno ("getresgid"); + if (getresuid (&ruid, &euid, &suid) < 0) + fatal_errno ("getresuid"); + + if (ruid == 0) + fatal ("error: ruid is 0"); + if (rgid == 0) + rgid = ruid; + + /* CLONE_NEWNS makes it so that when we create bind mounts below, + * we're only affecting our children, not the entire system. This + * way it's harmless to bind mount e.g. /proc over an arbitrary + * directory. + */ + clone_flags = SIGCHLD | CLONE_NEWNS; + /* CLONE_NEWIPC and CLONE_NEWUTS are avenues of communication that + * might leak outside the container; any IPC can be done by setting + * up a bind mount and using files or sockets there, if desired. + */ + if (unshare_ipc) + clone_flags |= (CLONE_NEWIPC | CLONE_NEWUTS); + /* CLONE_NEWPID helps ensure random build or test scripts don't kill + * processes outside of the container. + */ + if (unshare_pid) + clone_flags |= CLONE_NEWPID; + + /* Isolated networking */ + if (unshare_net) + clone_flags |= CLONE_NEWNET; + + if ((child = syscall (__NR_clone, clone_flags, NULL)) < 0) + perror ("clone"); + + if (child == 0) + { + /* + * SECBIT_NOROOT helps close the main historical reason why only + * uid 0 can chroot(2) - because unprivileged users can create + * hard links to setuid binaries, and possibly confuse them into + * looking at data (or loading libraries) that they don't + * expect, and thus elevating privileges. With this, executing + * a setuid program doesn't gain us any new Linux capabilities + * (but it still changes uid). See below for where we create a + * MS_NOSUID bind mount. + */ + if (prctl (PR_SET_SECUREBITS, + SECBIT_NOROOT | SECBIT_NOROOT_LOCKED) < 0) + fatal_errno ("prctl (SECBIT_NOROOT)"); + + /* This is necessary to undo the damage "sandbox" creates on Fedora + * by making / a shared mount instead of private. This isn't + * totally correct because the targets for our bind mounts may still + * be shared, but really, Fedora's sandbox is broken. + */ + if (mount (NULL, "/", "none", MS_PRIVATE | MS_REC, NULL) < 0) + fatal_errno ("mount(/, MS_PRIVATE | MS_REC)"); + + /* I had thought that SECBIT_NOROOT was enough to be safe, but Serge E. Hallyn + * pointed out that setuid binaries still change uid to 0. So let's just + * disallow them at the rootfs level. + */ + if (mount (NULL, "/", "none", MS_PRIVATE | MS_REMOUNT | MS_NOSUID, NULL) < 0) + fatal_errno ("mount(/, MS_PRIVATE | MS_REC | MS_NOSUID)"); + + /* Now let's set up our bind mounts */ + for (bind_mount_iter = bind_mounts; bind_mount_iter; bind_mount_iter = bind_mount_iter->next) + { + char *dest; + + asprintf (&dest, "%s%s", chroot_dir, bind_mount_iter->dest); + + if (bind_mount_iter->type == MOUNT_SPEC_READONLY) + { + if (mount (dest, dest, + NULL, MS_BIND | MS_PRIVATE, NULL) < 0) + fatal_errno ("mount (MS_BIND)"); + if (mount (dest, dest, + NULL, MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, NULL) < 0) + fatal_errno ("mount (MS_BIND | MS_RDONLY)"); + } + else if (bind_mount_iter->type == MOUNT_SPEC_BIND) + { + if (mount (bind_mount_iter->source, dest, + NULL, MS_BIND | MS_PRIVATE, NULL) < 0) + fatal_errno ("mount (MS_BIND)"); + } + else if (bind_mount_iter->type == MOUNT_SPEC_PROCFS) + { + if (mount ("proc", dest, + "proc", MS_MGC_VAL | MS_PRIVATE, NULL) < 0) + fatal_errno ("mount (\"proc\")"); + } + else + assert (0); + free (dest); + } + + /* Actually perform the chroot. */ + if (chroot (chroot_dir) < 0) + fatal_errno ("chroot"); + if (chdir ("/") < 0) + fatal_errno ("chdir"); + + /* Switch back to the uid of our invoking process. These calls are + * irrevocable - see setuid(2) */ + if (setgid (rgid) < 0) + fatal_errno ("setgid"); + if (setuid (ruid) < 0) + fatal_errno ("setuid"); + + if (execv (program, program_argv) < 0) + fatal_errno ("execv"); + } + + /* Let's also setuid back in the parent - there's no reason to stay uid 0, and + * it's just better to drop privileges. */ + if (setgid (rgid) < 0) + fatal_errno ("setgid"); + if (setuid (ruid) < 0) + fatal_errno ("setuid"); + + /* Kind of lame to sit around blocked in waitpid, but oh well. */ + if (waitpid (child, &child_status, 0) < 0) + fatal_errno ("waitpid"); + + if (WIFEXITED (child_status)) + return WEXITSTATUS (child_status); + else + return 1; +} |