diff options
| author |   Pacho Ramos <pacho@gentoo.org> | 2018-11-04 13:08:09 +0100 |
|---|---|---|
| committer | Pacho Ramos <pacho@gentoo.org> | 2018-11-04 13:33:54 +0100 |
| commit | b2d45cce35de863eb4ce529cfc5b161349aa3f4d (patch) | |
| tree | c01af743c6716c3902f497109e63326c063a98ec /app-misc/jail | |
| parent | net-proxy/http-replicator: Drop old (diff) | |
| download | gentoo-b2d45cce35de863eb4ce529cfc5b161349aa3f4d.tar.gz gentoo-b2d45cce35de863eb4ce529cfc5b161349aa3f4d.tar.bz2 gentoo-b2d45cce35de863eb4ce529cfc5b161349aa3f4d.zip | |
app-misc/jail: Lots of bugfixes
- Handle dirs with dots (#646116)
- support openat() syscall too (#668898)
- do not pass program parameters to ldd call (#668898)
- do not duplicate jail in shells file (#668898)
Thanks-to: Alexander Zubkov
Closes: https://bugs.gentoo.org/646116
Closes: https://bugs.gentoo.org/668898
Signed-off-by: Pacho Ramos <pacho@gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Diffstat (limited to 'app-misc/jail')
| -rw-r--r-- | app-misc/jail/files/jail-2.0-duplicate-jail.patch | 19 | ||||
| -rw-r--r-- | app-misc/jail/files/jail-2.0-fix-paths.patch | 21 | ||||
| -rw-r--r-- | app-misc/jail/files/jail-2.0-ldd-call.patch | 19 | ||||
| -rw-r--r-- | app-misc/jail/files/jail-2.0-openat-syscall.patch | 23 | ||||
| -rw-r--r-- | app-misc/jail/jail-2.0-r3.ebuild | 75 |
5 files changed, 157 insertions, 0 deletions
diff --git a/app-misc/jail/files/jail-2.0-duplicate-jail.patch b/app-misc/jail/files/jail-2.0-duplicate-jail.patch new file mode 100644 index 000000000000..1522f3aa99ec --- /dev/null +++ b/app-misc/jail/files/jail-2.0-duplicate-jail.patch @@ -0,0 +1,19 @@ +commit 984f62591b264aa8ed5c17f4033ec96dbba4bf5f +Author: Alexander Zubkov <green@qrator.net> +Date: Wed Oct 17 22:47:50 2018 +0200 + + do not duplicate jail in shells file + +diff --git a/lib/arch/generic/functions b/lib/arch/generic/functions +index b1fdbc8..89cd607 100755 +--- a/lib/arch/generic/functions ++++ b/lib/arch/generic/functions +@@ -823,7 +823,7 @@ sub add_jail_to_shells { + close(F); + + for $k (@elem) { +- if ($k =~ /^$INSTALL_DIR\/jail/) { ++ if ($k =~ /^$INSTALL_DIR\/bin\/jail/) { + $found = 1; + last; + } diff --git a/app-misc/jail/files/jail-2.0-fix-paths.patch b/app-misc/jail/files/jail-2.0-fix-paths.patch new file mode 100644 index 000000000000..e522828e286c --- /dev/null +++ b/app-misc/jail/files/jail-2.0-fix-paths.patch @@ -0,0 +1,21 @@ +commit 762cca3fd4aa754b266f928ec3fa2ad2261a831e +Author: Alexander Zubkov <green@qrator.net> +Date: Mon Oct 22 20:31:04 2018 +0200 + + honor standalone '.' in path, split jail dir on "/./" pattern + +diff --git a/src/jail.c b/src/jail.c +index 74f3eb1..3d649c4 100644 +--- a/src/jail.c ++++ b/src/jail.c +@@ -121,8 +121,9 @@ void make_jail_dir( char* dir ) + { + for( ; *dir != '\0'; ++dir ) + { +- if( *dir == '.' ) ++ if( dir[0] == '/' && dir[1] == '.' && dir[2] == '/' ) + { ++ ++dir; + *dir = '\0'; + break; + } diff --git a/app-misc/jail/files/jail-2.0-ldd-call.patch b/app-misc/jail/files/jail-2.0-ldd-call.patch new file mode 100644 index 000000000000..22b2152066e7 --- /dev/null +++ b/app-misc/jail/files/jail-2.0-ldd-call.patch @@ -0,0 +1,19 @@ +commit 87867b2a117eef19500600a1f88b9caf260cfe3b +Author: Alexander Zubkov <green@qrator.net> +Date: Wed Oct 17 22:38:13 2018 +0200 + + do not pass program parameters to ldd call + +diff --git a/lib/arch/generic/functions b/lib/arch/generic/functions +index 66653c3..b0c6572 100755 +--- a/lib/arch/generic/functions ++++ b/lib/arch/generic/functions +@@ -704,7 +704,7 @@ sub generate_dep { + return(); + } + +- $query = "($ldd_cmd $p_name $p_args </dev/null 2>&1)"; ++ $query = "($ldd_cmd $p_name </dev/null 2>&1)"; + local @res_a = `$query`; + + local @items = (); diff --git a/app-misc/jail/files/jail-2.0-openat-syscall.patch b/app-misc/jail/files/jail-2.0-openat-syscall.patch new file mode 100644 index 000000000000..f5f1e99f6ad2 --- /dev/null +++ b/app-misc/jail/files/jail-2.0-openat-syscall.patch @@ -0,0 +1,23 @@ +commit 0894cc54b5b385201cdcf7ce227c6ea03d765ef9 +Author: Alexander Zubkov <green@qrator.net> +Date: Wed Oct 17 22:45:24 2018 +0200 + + support openat() syscall too + +diff --git a/lib/arch/generic/functions b/lib/arch/generic/functions +index b0c6572..b1fdbc8 100755 +--- a/lib/arch/generic/functions ++++ b/lib/arch/generic/functions +@@ -647,9 +647,9 @@ sub extract_open_from_ldd { + + local $file; + local $val; +- if ($line =~ /^open\(\"(.+)\".+\)\s*=\s*([-]?\d+)/) { +- $file = $1; +- $val = $2; ++ if ($line =~ /^open(at)?\(\"(.+)\".+\)\s*=\s*([-]?\d+)/) { ++ $file = $2; ++ $val = $3; + return($file,$val); + } + return(); diff --git a/app-misc/jail/jail-2.0-r3.ebuild b/app-misc/jail/jail-2.0-r3.ebuild new file mode 100644 index 000000000000..fc4cdee1bb55 --- /dev/null +++ b/app-misc/jail/jail-2.0-r3.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit eutils flag-o-matic + +DESCRIPTION="Builds a chroot and configures all the required files, directories and libraries" +HOMEPAGE="https://github.com/spiculator/jail" +SRC_URI="https://github.com/spiculator/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="" + +RDEPEND=" + dev-lang/perl + dev-util/strace +" +DEPEND="" + +PATCHES=( + "${FILESDIR}"/${PN}-1.9-gentoo.patch + "${FILESDIR}"/${PN}-1.9-wrongshell.patch + "${FILESDIR}"/${PN}-1.9-multiuser-rsa.patch + "${FILESDIR}"/${PN}-1.9-ldflags.patch + "${FILESDIR}"/${PN}-2.0-sysmacros.patch + "${FILESDIR}"/${PN}-2.0-symlinks.patch #659094 + "${FILESDIR}"/${PN}-2.0-fix-paths.patch #646116 + # https://github.com/spiculator/jail/issues/2 + "${FILESDIR}"/${PN}-2.0-openat-syscall.patch + # https://github.com/spiculator/jail/issues/3 + "${FILESDIR}"/${PN}-2.0-ldd-call.patch + "${FILESDIR}"/${PN}-2.0-duplicate-jail.patch #668898 +) + +src_compile() { + # configuration files should be installed in /etc not /usr/etc + sed -i "s:\$4/etc:\${D}/etc:g" install.sh || die + + # the destination directory should be /usr not /usr/local + sed -i -e "s:usr/local:${D}/usr:g" \ + -e "s:^COPT =.*:COPT = -Wl,-z,no:g" src/Makefile || die + + emake -C src CC="$(tc-getCC)" CFLAGS="${CFLAGS}" +} + +src_install() { + emake -C src install + + # remove //var/tmp/portage/${P}/image//usr from files + FILES=( "${D}/usr/bin/mkjailenv" + "${D}/usr/bin/addjailsw" + "${D}/usr/bin/addjailuser" + "${D}/etc/jail.conf" + "${D}/usr/lib/libjail.pm" + "${D}/usr/lib/arch/generic/definitions" + "${D}/usr/lib/arch/generic/functions" + "${D}/usr/lib/arch/linux/definitions" + "${D}/usr/lib/arch/linux/functions" + "${D}/usr/lib/arch/freebsd/definitions" + "${D}/usr/lib/arch/freebsd/functions" + "${D}/usr/lib/arch/irix/definitions" + "${D}/usr/lib/arch/irix/functions" + "${D}/usr/lib/arch/solaris/definitions" + "${D}/usr/lib/arch/solaris/functions" ) + + for f in "${FILES[@]}"; do + sed -i "s:/${D}/usr:/usr:g" ${f} || die + done + + sed -i "s:/usr/etc:/etc:" "${D}"/usr/lib/libjail.pm || die + + dodoc doc/{CHANGELOG,INSTALL,README,SECURITY,VERSION} +} |