Re: [Plash] Using plash to overlay a filesystem

[Thomas Leonard]

2008/7/11 Mark Seaborn <address@hidden>:
> Thomas Leonard <address@hidden> wrote:
>
>> I'm trying to use Plash to implement an overlay (like Klik). Some questions:
>>
>> Some programs don't like running with a different user ID. e.g.
>>
>> (gedit:12710): GLib-WARNING **: getpwuid_r(): failed due to unknown
>> user id (2092094)
>
> PlashGlibc has a facility for faking the UID/GID returned from
> getuid() and similar calls.  You need to use that.  See
> set_fake_uids() in python/plash/pola_run_args.py, which pola-run uses.
> It sets the environment variables PLASH_FAKE_{E,}{U,G}ID.

Using 1.19, I see these variables get set, but I still get:

$ pola-run -fw / --log -e ./gnome-inform7
...
#1: [r.] open: /etc/nsswitch.conf, flags=0o0, mode=0o0: ok
#1: [r.] open: /usr/lib/plash/lib/libnss_compat.so.2, flags=0o0, mode=0o0: ok
#1: [r.] open: /usr/lib/plash/lib/libnss_nis.so.2, flags=0o0, mode=0o0: ok
#1: [r.] open: /usr/lib/plash/lib/libnss_files.so.2, flags=0o0, mode=0o0: ok
#1: [r!] open: /etc/passwd, flags=0o2000000, mode=0o0: fail: Invalid argument
#1: [r!] open: /etc/passwd, flags=0o2000000, mode=0o0: fail: Invalid argument
#1: [r!] open: /etc/passwd, flags=0o2000000, mode=0o0: fail: Invalid argument
#1: [r!] open: /etc/passwd, flags=0o2000000, mode=0o0: fail: Invalid argument
(gnome-inform7:7398): GLib-WARNING **: getpwuid_r(): failed due to:
Invalid argument.
...
#1: [r.] dirlist: /tmp: ok
#1: [r.] stat: /tmp/orbit-somebody-d0d0d8d: ok
#1: [r.] stat: /tmp/orbit-somebody-f1713111: ok

** (gnome-inform7:7398): WARNING **: Owner of
/tmp/orbit-somebody-d0d0d8d is not the current user

#1: [r.] stat: /tmp/orbit-somebody-87472717: ok

** (gnome-inform7:7398): WARNING **: Owner of
/tmp/orbit-somebody-f1713111 is not the current user

#1: [r.] stat: /tmp/orbit-somebody-42c282a2: ok

** (gnome-inform7:7398): WARNING **: Owner of
/tmp/orbit-somebody-87472717 is not the current user

(it then creates a huge number of temporary directories until I kill it)

>> I tried disabling the PID change with:
[...]
> Yes, that won't work completely because execve() calls will still work
> as if they are inside the chroot+setuid jail, where they have to
> explicitly invoke the ELF chainloader and/or ld.so.  That can be
> overridden with environment variables.  See run-uninstalled.sh.

OK, this works - thanks!

$ export PLASH_LDSO_PATH=/var/lib/plash-chroot-jail/special/ld-linux.so.2

> That shouldn't be necessary though if you set up the fake UID/GIDs.

Yes, I'd like to get the full support working eventually. The other
issue with switching UIDs is having a reliable way to kill sandboxed
processes.

>> Is it possible to have writes go to the lower level?
>
> Yes, that's what the COW (copy-on-write) directory wrapper is for.
> Writes go to one layer, reads can come from either layer.
>
> It's accessible through plash.namespace.make_cow_dir().
>
> It's slightly misnamed because the actual copy-on-write part isn't
> implemented: if a file is present in the read layer, opening it for
> writing is rejected.  A complete implementation would copy the file
> and hand you back a file descriptor to the copy.

Aha! Thanks; I'll give it a try...


-- 
Dr Thomas Leonard       ROX desktop / Zero Install
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1