aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludovic.courtes@inria.fr>2020-07-28 10:48:50 +0200
committerLudovic Courtès <ludo@gnu.org>2020-07-28 14:41:04 +0200
commitc6c0d5a22c2ee3d7164dab0129b2e4852a4ae76c (patch)
tree366c2a3fccf91bc032e50692bf1dcf62ffa9ad1b /gnu
parent8b221b64a552d31e241701aa5c6d339287a7a15b (diff)
downloadguix-c6c0d5a22c2ee3d7164dab0129b2e4852a4ae76c.tar
guix-c6c0d5a22c2ee3d7164dab0129b2e4852a4ae76c.tar.gz
pack: "fakechroot" execution engine can load its audit module.
Fixes <https://bugs.gnu.org/42558>. Until now, loading 'pack-audit.so' in a truly non-Guix environment would usually fail because 'pack-audit.so' depends on 'libgcc_s.so' and 'libc.so', none of which could be found. Furthermore, the test was not working as expected: the trick unshare -mrf sh -c 'mount -t tmpfs none /gnu ; ...' would allow the fakechroot engine to make its store available as /gnu/store as a result of another bug. * gnu/packages/aux-files/run-in-namespace.c (relocated_search_path): New function. (exec_with_loader): Pass "--library-path" to the loader. * guix/scripts/pack.scm (wrapped-package)[build](runpath): New procedure. (elf-loader-compile-flags): Pass "-DLOADER_AUDIT_RUNPATH". * tests/guix-pack-relocatable.sh: Remove 'STORE_PARENT'. (run_without_store): New function. Erase $NIX_STORE_DIR instead of $STORE_PARENT. Use 'run_without_store' throughout.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/aux-files/run-in-namespace.c48
1 files changed, 44 insertions, 4 deletions
diff --git a/gnu/packages/aux-files/run-in-namespace.c b/gnu/packages/aux-files/run-in-namespace.c
index 5a6b932b87..7f7e5c6885 100644
--- a/gnu/packages/aux-files/run-in-namespace.c
+++ b/gnu/packages/aux-files/run-in-namespace.c
@@ -371,24 +371,64 @@ exec_with_proot (const char *store, int argc, char *argv[])
#if HAVE_EXEC_WITH_LOADER
+/* Traverse PATH, a NULL-terminated string array, and return a colon-separated
+ search path where each item of PATH has been relocated to STORE. The
+ result is malloc'd. */
+static char *
+relocated_search_path (const char *path[], const char *store)
+{
+ char *new_path;
+ size_t size = 0;
+
+ for (size_t i = 0; path[i] != NULL; i++)
+ size += strlen (store) + strlen (path[i]) + 1; /* upper bound */
+
+ new_path = xmalloc (size + 1);
+ new_path[0] = '\0';
+
+ for (size_t i = 0; path[i] != NULL; i++)
+ {
+ if (strncmp (path[i], original_store,
+ sizeof original_store - 1) == 0)
+ {
+ strcat (new_path, store);
+ strcat (new_path, path[i] + sizeof original_store - 1);
+ }
+ else
+ strcat (new_path, path[i]); /* possibly $ORIGIN */
+
+ strcat (new_path, ":");
+ }
+
+ new_path[strlen (new_path) - 1] = '\0'; /* Remove trailing colon. */
+
+ return new_path;
+}
+
/* Execute the wrapped program by invoking the loader (ld.so) directly,
passing it the audit module and preloading libfakechroot.so. */
static void
exec_with_loader (const char *store, int argc, char *argv[])
{
+ static const char *audit_library_path[] = LOADER_AUDIT_RUNPATH;
char *loader = concat (store,
PROGRAM_INTERPRETER + sizeof original_store);
- size_t loader_specific_argc = 6;
+ size_t loader_specific_argc = 8;
size_t loader_argc = argc + loader_specific_argc;
char *loader_argv[loader_argc + 1];
loader_argv[0] = argv[0];
loader_argv[1] = "--audit";
loader_argv[2] = concat (store,
LOADER_AUDIT_MODULE + sizeof original_store);
- loader_argv[3] = "--preload";
- loader_argv[4] = concat (store,
+
+ /* The audit module depends on libc.so and libgcc_s.so. */
+ loader_argv[3] = "--library-path";
+ loader_argv[4] = relocated_search_path (audit_library_path, store);
+
+ loader_argv[5] = "--preload";
+ loader_argv[6] = concat (store,
FAKECHROOT_LIBRARY + sizeof original_store);
- loader_argv[5] = concat (store,
+ loader_argv[7] = concat (store,
"@WRAPPED_PROGRAM@" + sizeof original_store);
for (size_t i = 0; i < argc; i++)