[prev in list] [next in list] [prev in thread] [next in thread]
List: klik-devel
Subject: [klik-devel] [klikclient commit] r1280 - in
From: codesite-noreply () google ! com
Date: 2008-02-29 3:03:55
Message-ID: 00163646ce7804474349f19286424987 () google ! com
[Download RAW message or body]
Author: KillerKiwi2005
Date: Thu Feb 28 19:02:36 2008
New Revision: 1280
Added:
trunk/virtualization/CLONE NEWNS/
trunk/virtualization/CLONE NEWNS/Makefile
trunk/virtualization/CLONE NEWNS/README
trunk/virtualization/CLONE NEWNS/debian/
trunk/virtualization/CLONE NEWNS/debian/changelog
trunk/virtualization/CLONE NEWNS/debian/compat
trunk/virtualization/CLONE NEWNS/debian/control
trunk/virtualization/CLONE NEWNS/debian/copyright
trunk/virtualization/CLONE NEWNS/debian/dirs
trunk/virtualization/CLONE NEWNS/debian/docs
trunk/virtualization/CLONE NEWNS/debian/rules (contents, props changed)
trunk/virtualization/CLONE NEWNS/examples/
trunk/virtualization/CLONE NEWNS/examples/.klik (contents, props changed)
trunk/virtualization/CLONE NEWNS/examples/.zAppRun (contents,
props changed)
trunk/virtualization/CLONE NEWNS/fuse/
trunk/virtualization/CLONE NEWNS/fuse/funionfs_klik (contents,
props changed)
trunk/virtualization/CLONE NEWNS/klik-overlay (contents, props changed)
trunk/virtualization/CLONE NEWNS/klik_suid.c
trunk/virtualization/CLONE NEWNS/patches/
trunk/virtualization/CLONE NEWNS/patches/README
trunk/virtualization/CLONE NEWNS/patches/fuse-client.diff
Log:
add CLONE NEWNS
Added: trunk/virtualization/CLONE NEWNS/Makefile
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/Makefile Thu Feb 28 19:02:36 2008
@@ -0,0 +1,19 @@
+.PHONY: install all clean distclean
+
+CFLAGS=-Werror
+VERSION=0.5
+
+klik_suid: klik_suid.o
+ gcc klik_suid.o -o klik_suid
+
+all: klik_suid
+
+install: all
+ install -m4755 klik_suid $(DESTDIR)/usr/bin
+ install -m755 klik-overlay $(DESTDIR)/usr/bin
+ install -m755 fuse/funionfs_klik $(DESTDIR)/usr/bin
+ mkdir -p $(DESTDIR)/usr/share/doc/klik-overlay/examples/
+ install -m755 examples/.klik examples/.zAppRun \
$(DESTDIR)/usr/share/doc/klik-overlay/examples/ +
+clean distclean:
+ rm -f klik_suid *.o
Added: trunk/virtualization/CLONE NEWNS/README
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/README Thu Feb 28 19:02:36 2008
@@ -0,0 +1,6 @@
+To use this wrapper insmod aufs or unionfs or fuse and replace your
~/.klik and ~/.zAppRun
+scripts with the hacked versions from /usr/share/doc/klik-overlay/examples/.
+
+The experience should be completely seamless.
+
+- Fabian
Added: trunk/virtualization/CLONE NEWNS/debian/changelog
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/changelog Thu Feb 28
19:02:36 2008
@@ -0,0 +1,25 @@
+klik-overlay (0.5-3) unstable; urgency=low
+
+ * Added fuse support.
+ * Added new command prepare|mount to klik-overlay.
+ * Added funionfs_klik static binary.
+ * Added patch for fuse/lib/mount.c to source file.
+ * Fixed making of /klik_run_<nr> for fuse.
+
+ -- Fabian Franz <klik@fabian-franz.de> Sat, 24 Feb 2007 04:37:56 +0100
+
+klik-overlay (0.5-2) unstable; urgency=low
+
+ * Added exit if mount failed.
+ * Added check for overlayed dirs.
+ * Fixed hardcoded -t aufs.
+ * Fixed .klik wrapper example for libpcre*.
+
+ -- Fabian Franz <klik@fabian-franz.de> Tue, 20 Feb 2007 08:08:12 +0100
+
+klik-overlay (0.5-1) unstable; urgency=low
+
+ * Initial release.
+
+ -- Fabian Franz <klik@fabian-franz.de> Tue, 20 Feb 2007 05:49:26 +0100
+
Added: trunk/virtualization/CLONE NEWNS/debian/compat
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/compat Thu Feb 28 19:02:36 2008
@@ -0,0 +1 @@
+5
Added: trunk/virtualization/CLONE NEWNS/debian/control
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/control Thu Feb 28 19:02:36 2008
@@ -0,0 +1,16 @@
+Source: klik-overlay
+Section: admin
+Priority: extra
+Maintainer: Fabian Franz <klik@fabian-franz.de>
+Build-Depends: debhelper (>= 5)
+Standards-Version: 3.7.2
+
+Package: klik-overlay
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Klik seamless application overlay.
+ This package contains a suid wrapper, which sets
+ up a new namespace and overlays the klik *.cmg via
+ aufs or unionfs into this new namespace.
+ .
+ If you are paranoid about security, don't install this package.
Added: trunk/virtualization/CLONE NEWNS/debian/copyright
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/copyright Thu Feb 28
19:02:36 2008
@@ -0,0 +1,13 @@
+This package was debianized by Fabian Franz <klik@fabian-franz.de> on
+Tue, 20 Feb 2007 05:49:26 +0100.
+
+It was downloaded from: http://studwww.ira.uka.de/~s_franz2/klik/
+
+Upstream Author: Fabian Franz <klik@fabian-franz.de>
+
+Copyright: 2006 by Fabian Franz.
+
+License: GPL, see `/usr/share/common-licenses/GPL'.
+
+The Debian packaging is (C) 2007, Fabian Franz <klik@fabian-franz.de> and
+is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
Added: trunk/virtualization/CLONE NEWNS/debian/dirs
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/dirs Thu Feb 28 19:02:36 2008
@@ -0,0 +1 @@
+usr/bin
Added: trunk/virtualization/CLONE NEWNS/debian/docs
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/docs Thu Feb 28 19:02:36 2008
@@ -0,0 +1 @@
+README
Added: trunk/virtualization/CLONE NEWNS/debian/rules
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/debian/rules Thu Feb 28 19:02:36 2008
@@ -0,0 +1,98 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+
+
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ # Add here commands to configure the package.
+
+ touch configure-stamp
+
+
+build: build-stamp
+
+build-stamp: configure-stamp
+ dh_testdir
+
+ # Add here commands to compile the package.
+ $(MAKE)
+ #docbook-to-man debian/klik-overlay.sgml > klik-overlay.1
+
+ touch $@
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+
+ # Add here commands to clean up after the build process.
+ -$(MAKE) clean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/klik-overlay.
+ $(MAKE) DESTDIR=$(CURDIR)/debian/klik-overlay install
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples
+# dh_install
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installpam
+# dh_installmime
+# dh_python
+# dh_installinit
+# dh_installcron
+# dh_installinfo
+ dh_installman
+ dh_link
+ dh_strip
+ dh_compress
+# dh_fixperms
+# dh_perl
+# dh_makeshlibs
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
Added: trunk/virtualization/CLONE NEWNS/examples/.klik
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/examples/.klik Thu Feb 28 19:02:36 2008
@@ -0,0 +1,100 @@
+#!/bin/bash
+
+# klik client 0.2
+# GPL
+# point-and-klik KDE software installation
+# by probono at myrealbox dot com
+# thanks to bfree for non-KDE part
+
+export PATH=/sbin:$PATH # Fedora needs this
+
+# try to get the human-readable version of the host OS
+export VERSION=$(cat /etc/*-version 2>/dev/null | head -n 1)
+
+#
+# support different types of dialog, thanks bfree
+#
+
+if [ -z "$DIALOG" ] ; then
+# Determine which dialog to use in which situation:
+# Xdialog (in all other cases)
+DIALOG=Xdialog
+# kdialog (in case there is no console available and we are running KDE)
+pidof -x kdeinit >/dev/null && DIALOG=kdialog
+# GNOME
+pidof -x gnome-panel >/dev/null && DIALOG=zenity
+# dialog (in case there is a console available)
+GUIMODE=$(tty)
+( echo $GUIMODE | grep /dev/tty[:digit:] >/dev/null ) && DIALOG=dialog
+fi
+
+# by Alexey
+if test "$DISPLAY" == ""; then
+DIALOG=dialog
+fi
+
+export DIALOG
+
+# Setup defaults for whatever dialog we are using
+case $DIALOG in
+ kdialog)
+ DIALOG_OPTIONS=" --caption klik" ;
+ KLIKDIR=":klikdir" ;;
+ Xdialog|dialog)
+ DIALOG_H=12
+ DIALOG_W=60
+ DIALOG_OPTIONS=" $DIALOG_H $DIALOG_W" ;
+ KLIKDIR="~" ;;
+esac
+
+dmsgbox(){
+ $DIALOG --msgbox "$1" $DIALOG_OPTIONS
+}
+dyesno(){
+ $DIALOG --yesno "$1" $DIALOG_OPTIONS
+}
+dwarningyesno(){
+ case $DIALOG in
+ kdialog)
+ $DIALOG --warningyesno "$1" $DIALOG_OPTIONS
+ ;;
+ Xdialog|dialog)
+ $DIALOG --yesno "Warning: $1" $DIALOG_OPTIONS
+ ;;
+ esac
+}
+derror(){
+ case $DIALOG in
+ zenity)
+ zenity --error --text="$1" --title="klik"
+ ;;
+ kdialog)
+ $DIALOG --error "$1" $DIALOG_OPTIONS
+ ;;
+ Xdialog|dialog)
+ $DIALOG --msgbox "ERROR: $1" $DIALOG_OPTIONS
+ ;;
+ esac
+}
+dexistingdir(){
+ case $DIALOG in
+ kdialog)
+ $DIALOG --getexistingdirectory $KLIKDIR $DIALOG_OPTIONS
+ ;;
+ Xdialog)
+ $DIALOG --dselect $KLIKDIR $DIALOG_OPTIONS
+ ;;
+ dialog)
+ $DIALOG --fselect $KLIKDIR $DIALOG_OPTIONS
+ ;;
+ esac
+}
+
+# important to export those variables so that they can be accessed by
the recipes
+##export SUSE=$(cat /etc/SuSE-release 2>/dev/null | head -n 1 | cut -d
\( -f 1) 2>/dev/null
+UBUNTU=$(zcat /usr/share/doc/ubuntu-base/changelog.gz 2>/dev/null |
head -n 1 | cut -d \; -f 1 ) 2>/dev/null
+export UBUNTU=$(echo ${UBUNTU/ubuntu-meta/Ubuntu})
+##export FEDORA=$(cat /etc/fedora-release 2>/dev/null | head -n 1)
+export FEDORA=$(cat /etc/*release 2>/dev/null | tr -d [[:cntrl:]] 2>/dev/null)
+export RUN=`echo $1 | sed s@klik:\/\/@@` && (wget -q
http://134.169.172.48/apt/?package=$RUN -U "klik/0.1.3cli (`uname -a`
@$VERSION$UBUNTU$SUSE$FEDORA@)" -O - | sed 's|^ln -s /usr/lib/libpcre|#|
g; s/^intellipatch \$APPDIR$/#/g' | bash || derror "Error while trying
to run $RUN" )
+
Added: trunk/virtualization/CLONE NEWNS/examples/.zAppRun
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/examples/.zAppRun Thu Feb 28
19:02:36 2008
@@ -0,0 +1,188 @@
+#!/bin/bash
+
+# by probono at myrealbox dot com
+# thanks to bfree
+# GPL
+
+export PATH=/sbin:$PATH # Fedora needs this
+
+#
+# ok we need dialogs now
+#
+if [ -z "$DIALOG" ] ; then
+# Determine which dialog to use in which situation:
+# Xdialog (in all other cases)
+export DIALOG=Xdialog
+# kdialog (in case there is no console available and we are running KDE)
+pidof -x kdeinit >/dev/null && export DIALOG=kdialog
+pidof -x gnome-panel > /dev/null && export DIALOG=zenity
+# dialog (in case there is a console available)
+GUIMODE=$(tty)
+( echo $GUIMODE | grep /dev/tty[:digit:] >/dev/null ) && export DIALOG=dialog
+fi
+
+# by Alexey
+if test "$DISPLAY" == ""; then
+DIALOG=dialog
+fi
+
+# Setup defaults for whatever dialog we are using
+case $DIALOG in
+ kdialog)
+ DIALOG_OPTIONS=" --caption klik" ;
+ KLIKDIR=":klikdir" ;;
+ Xdialog|dialog)
+ DIALOG_H=12
+ DIALOG_W=60
+ DIALOG_OPTIONS=" $DIALOG_H $DIALOG_W" ;
+ KLIKDIR="~" ;;
+esac
+
+derror(){
+ case $DIALOG in
+ zenity)
+ $DIALOG --error --text "$1" --title="klik"
+ ;;
+ kdialog)
+ $DIALOG --error "$1" $DIALOG_OPTIONS
+ ;;
+ Xdialog|dialog)
+ $DIALOG --msgbox "ERROR: $1" $DIALOG_OPTIONS
+ ;;
+ esac
+}
+
+# check fstab and warn if neccessary entries are not there
+# better use /media/klik according to FSH?
+if [ -z "$(cat /etc/fstab | grep app/7)" ]
+then
+ derror "Your /etc/fstab is not yet prepared for mounting .cmg images.
+ As root, please make /tmp/app writeable and add the following lines:
+
+ ################################################################
+/tmp/app/1/image /tmp/app/1 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/2/image /tmp/app/2 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/3/image /tmp/app/3 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/4/image /tmp/app/4 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/5/image /tmp/app/5 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/6/image /tmp/app/6 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+/tmp/app/7/image /tmp/app/7 cramfs,iso9660 user,noauto,ro,loop,exec 0 0
+################################################################"
+ exit 1
+fi
+
+# rewrite cmdline to use absolute instead of relative paths, thanks bfree
+NEWCMD=$(perl -e '$newcmd=shift(@ARGV);foreach $arg (@ARGV){
@part=split(/\=/,$arg); foreach $part (@part){ (-e "$ENV{PWD}/$part")
&& ($part="$ENV{PWD}/$part");}$newcmd.=" ".join ("=",@part);}
print "$newcmd";' $@)
+set -- $NEWCMD
+
+# if no arguments are passed and
+# there is a .cmg in the same directory as this
+# script, then use the .cmg
+DIRNAME=$(dirname $0)
+if [ -z $1 ]
+then
+ CMG=$(find "$DIRNAME" -iname '*.cmg'|head -n 1) || exit 1
+ echo "Found $CMG, using it"
+else
+ CMG="$1"
+ shift
+fi
+
+# make path to CMG absolute, thanks bfree
+case $CMG in
+/*) ;;
+*) CMG=$(pwd)/$CMG ;;
+esac
+
+# determine which filesystem is used as .cmg
+#file $CMG | grep ": data" >/dev/null && FS=squash # who knows a
better way to recognize it?
+##file $CMG | grep "Compressed ROM" >/dev/null && FS=cram
+##file $CMG | grep "ISO 9660" >/dev/null && FS=iso
+
+##if [ -n "$FS" ]
+##then
+ NUMBERS="7 6 5 4 3 2 1"
+ for NUMBER in $NUMBERS
+ do
+ [ -e "/tmp/app/$NUMBER" ] || MNTNUM=$NUMBER
+ done
+ case $FS in
+ squash) MOUNT=/tmp/squash/$MNTNUM ;;
+ *) MOUNT=/tmp/app/$MNTNUM ;;
+ esac
+ mkdir -p $MOUNT || exit 1
+ ln -s $CMG $MOUNT/image || exit 1
+ mount $MOUNT || derror "Unable to mount $MOUNT"
+##else
+## # NOTE: exit now cause our cmg isn't mounted
+## derror "$CMG does not appear to be either a squashfs, iso9660 or a
cramfs file"
+## exit 1
+##fi
+
+ #
+ # execute the wrapper
+ # the wrapper should take care to keep running until its app closes
+ #
+
+ # HACK: Use killall instead of pidof
+ # because the scope of pidof is too big.
+ #
+ # First we wait for the app to complete normally via wait.
+ #
+ # Usage of killall -w saves performance as it just tries to kill the
pid again
+ # and again and not searches proc each time.
+ #
+ # A generic sleep 1 is needed afterwards to prevent busy loop devices.
+
+ cp -af $MOUNT/wrapper /tmp/app_rw/$MNTNUM/wrapper
+ perl -pi -e 's|^while pidof -x $BINARY.*|wait "\$!"; killall -0 -w
\$BINARY >/dev/null 2>/dev/null; while killall -0 \$BINARY >/dev/null
2>/dev/null; do sleep 1; done; sleep 1|' /tmp/app_rw/$MNTNUM/wrapper
+
+ # we need this so that on the cmdline, pipes etc work
+ CMDLINE="yes"
+ ( tty | grep ^/dev/tty >/dev/null ) && CMDLINE=""
+ ( tty | grep ^/dev/pts >/dev/null ) && CMDLINE=""
+ if [ "$CMDLINE" = "yes" ] ; then
+ RESULT=$(klik_suid "$MNTNUM" /klik_run_$MNTNUM/wrapper "$@" 2>&1) |
> derror "$RESULT"
+ else
+ klik_suid "$MNTNUM" /klik_run_$MNTNUM/wrapper "$@"
+ fi
+
+ # kill all child processes
+ # kill $(pidof -x -o %PPID $!) # 2>/dev/null
+
+ # unmount and clean up
+ umount $MOUNT
+ rm -f $MOUNT/image
+ rm -r $MOUNT/
+
+ ##################
+ # update klik menu
+
+ CMGDIR=$(dirname $CMG)
+ [ x"$KDEHOME" = x ] && KDEHOME=$HOME/.kde
+
+ # find cmg files
+ CMGFILES=$(find $CMGDIR/*.cmg 2>/dev/null)
+
+ # remove old menu entries
+ rm -rf ${KDEHOME}/share/applnk/klik/*.cmg.desktop
+
+ # create new menu entries
+ for CMGFILE in $CMGFILES
+ do
+ #echo $CMGFILE
+ BASENAME=$(basename "$CMGFILE")
+ APPNAME=$(echo $BASENAME | sed 's/.cmg//g' | cut -d _ -f 1)
+ firstchar=${APPNAME:0:1} # First character.
+ restchar=${APPNAME:1} # Rest of string(s).
+ firstchar=$(echo "$firstchar" | tr a-z A-Z)
+ APPNAME=$firstchar$restchar
+ cat > $KDEHOME/share/applnk/klik/$BASENAME.desktop <<EOmooF
+ [Desktop Entry]
+ Encoding=UTF-8
+ Type=Application
+ Exec=$HOME/.zAppRun $CMGFILE
+ Icon=
+ Name=$APPNAME
+EOmooF
+ done
Added: trunk/virtualization/CLONE NEWNS/fuse/funionfs_klik
==============================================================================
Binary file. No diff available.
Added: trunk/virtualization/CLONE NEWNS/klik-overlay
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/klik-overlay Thu Feb 28 19:02:36 2008
@@ -0,0 +1,181 @@
+#!/bin/sh
+#
+# klik-overlay - Simple script to setup a fairly secure overlay sandbox.
+#
+# Copright (c) 2007 by Fabian Franz.
+#
+# License: GPL, v2
+#
+# version: 0.5
+
+CMD=$1
+KLIK_NR=$2
+KUSER=""
+[ -n "$3" ] && KUSER=$(getent passwd $3 | cut -d: -f1)
+[ -n "$4" ] && _FUSE_COMMFD="$4"
+
+#
+# Check for overlay module.
+#
+
+LIVE=""
+MODULE=""
+
+egrep -q "^unionfs" /proc/modules && MODULE="unionfs"
+egrep -q "^fuse" /proc/modules && MODULE="fuse"
+egrep -q "^aufs" /proc/modules && MODULE="aufs"
+
+if [ -z "$MODULE" ]
+then
+ echo "Error: No suitable overlay found." 1>&2
+ echo " Need either aufs or fuse (funionfs) or unionfs." 1>&2
+ exit 1
+fi
+
+# This is needed for live cds like KNOPPIX, where we already have an
overlay on /
+
+[ -d "/UNIONFS" -a -d "/KNOPPIX" ] && LIVE=1
+
+#
+# check for all overlayed dirs
+#
+
+if [ ! -d /tmp/app_rw/$KLIK_NR ]
+then
+ echo "Error: /tmp/app_rw/$KLIK_NR does not exist." 1>&2
+ exit 1
+fi
+
+if [ ! -d /tmp/app/$KLIK_NR ]
+then
+ echo "Error: /tmp/app/$KLIK_NR does not exist." 1>&2
+ exit 1
+fi
+
+#
+# Setup the overlay
+#
+
+mkdir -p /klik_overlay
+BRANCHES="/tmp/app_rw/$KLIK_NR=rw:/tmp/app/$KLIK_NR=ro"
+
+if [ -n "$LIVE" ]
+then
+ mkdir -p /KNOPPIX2
+ BRANCHES="$BRANCHES:/ramdisk=ro:/KNOPPIX=ro:/KNOPPIX2=ro"
+else
+ BRANCHES="$BRANCHES:/=ro"
+fi
+
+
+[ "$CMD" == "prepare" -a $MODULE != "fuse" ] && exit 0
+
+# do the overlaying
+
+if [ $MODULE = "fuse" ]
+then
+ export _FUSE_COMMFD
+ if [ "$CMD" == "prepare" ]
+ then
+ # FIXME: This should be unnecessary here, but mkdir -p did not work below.
+ mkdir -p /klik_run_${KLIK_NR}
+ # FIXME: Fix funionfs_klik and remove single thread behaviour
+ funionfs_klik none /klik_overlay -o dirs=$BRANCHES -s &
+ PID=$!
+ disown $PID
+ LC_ALL=C sleep 0.2
+ # if we are still there we have succeeded
+ kill -0 $PID 2>/dev/null
+ else
+ /bin/mount -n -t fuse -o
allow_other,default_permissions,nosuid,nodev "fusermount" /klik_overlay
+ fi
+else
+ BR="br"
+ [ $MODULE = "unionfs" ] && BR="dirs"
+
+ /bin/mount -n -t $MODULE -o nosuid,nodev,$BR=$BRANCHES $TYPE /klik_overlay
+fi
+
+[ $? -ne 0 ] && exit 1
+
+# End of preparations
+[ "$CMD" == "prepare" ] && exit 0
+
+#
+# Fix mounts in overlay
+#
+
+# pivot_root into our new directory
+
+cd /klik_overlay
+mkdir -p old
+pivot_root . old
+
+# move all mounts into the right place
+
+# we do this manually as it is of vital importance that no suid,dev filesystems
+# are mounted.
+
+# move /proc
+mount -n --move /old/proc/ /proc
+
+# move /sys if mounted
+egrep -q "/sys /old/sys sysfs" /proc/mounts && mount -n --move
/old/sys/ /sys
+
+# move /dev if mounted
+
+if cut -d" " -f2 /proc/mounts | egrep -q "^/old/dev"
+then
+ # move it
+ mount -n --move /old/dev /dev
+else
+ # bind mount it
+ [ -z "$LIVE" ] && mount -n --bind /old/dev /dev
+fi
+
+# move all mounts with nosuid,nodev
+
+for i in $(cat /proc/mounts | grep "nosuid,nodev" | cut -d" " -f2 |
grep ^/old/)
+do
+ [ -d "$i" ] || continue
+ mkdir -p $(echo "$i" | sed 's|^/old||')
+ mount -n --move "$i" $(echo "$i" | sed 's|^/old||')
+done
+
+#
+# Fix sockets like X11 ...
+#
+
+# move /ramdisk for the X11 fix to work
+
+if [ -n "$LIVE" ]
+then
+ mkdir -p /ramdisk
+ mount -n --move /old/ramdisk /ramdisk
+fi
+
+# do not union /tmp/.X11-unix/
+mount -n --bind /old/tmp/.X11-unix/ /tmp/.X11-unix/
+
+# do not union /tmp/.ICE-unix/
+mount -n --bind /old/tmp/.ICE-unix/ /tmp/.ICE-unix/
+
+# do not union /tmp/ksocket-$KUSER
+[ -n "$KUSER" -a -d "/old/tmp/ksocket-$KUSER/" ] && mount -n --bind \
"/old/tmp/ksocket-$KUSER/" "/tmp/ksocket-$KUSER/" +
+# do not union /tmp/orbit-$KUSER
+[ -n "$KUSER" -a -d "/old/tmp/orbit-$KUSER/" ] && mount -n --bind \
"/old/tmp/orbit-$KUSER/" "/tmp/orbit-$KUSER/" +
+# move it back
+[ -n "$LIVE" ] && mount -n --move /ramdisk /old/ramdisk
+
+#
+# Umount all potentially suid mounted filesystems
+#
+
+# lazy umount /old, because we are still using it
+umount -n -l /old
+
+# ABSOLUTE hack to let pidof -x / killall -0 in klik wrapper work correctly.
+mkdir -p /klik_run_${KLIK_NR}
+mount -n --bind / /klik_run_${KLIK_NR}
Added: trunk/virtualization/CLONE NEWNS/klik_suid.c
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/klik_suid.c Thu Feb 28 19:02:36 2008
@@ -0,0 +1,188 @@
+/*
+ * suid wrapper for klik seamless application overlay
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <sched.h>
+#include <signal.h>
+#include <errno.h>
+#include <limits.h>
+
+/* This is run suid root! */
+
+int do_mount(char* command, int klik_nr, int uid, int fuse_fd)
+{
+ char* args[255];
+ char* envp[255];
+
+ char s_klik_nr[256];
+ char s_uid[256];
+ char s_fuse_fd[256];
+
+ int i=0;
+
+ snprintf(s_klik_nr, 255, "%d", klik_nr);
+ snprintf(s_uid, 255, "%d", uid);
+ snprintf(s_fuse_fd, 255, "%d", fuse_fd);
+
+ args[i++]="/usr/bin/klik-overlay";
+ args[i++]=command;
+ args[i++]=s_klik_nr;
+ args[i++]=s_uid;
+ args[i++]=s_fuse_fd;
+ args[i++]=NULL;
+
+ /* Clear environment to be secure */
+ envp[0]=NULL;
+
+ execve(args[0], args, envp);
+
+ perror("execv");
+ exit(255);
+}
+
+void do_command(char *command, int uid, int fuse_fd, int argc, char* argv[])
+{
+ pid_t pid;
+ int status = 255;
+ int klik_nr;
+
+ /* FIXME: Safely get klik_nr */
+
+ if (!argv || !argv[0] || !argv[1])
+ exit(255);
+
+ klik_nr=(int)(argv[1][0]-'0');
+
+ if (klik_nr < 0 || klik_nr > 9)
+ exit(255);
+
+ /* Spawn the mount/prepare command and wait for it */
+
+ pid=fork();
+
+ if (pid < 0)
+ {
+ perror("fork");
+ exit(1);
+ }
+
+ if (pid == 0)
+ {
+ do_mount(command, klik_nr, uid, fuse_fd);
+ exit(255);
+ }
+
+ /* Wait for our child */
+
+ wait(&status);
+
+ /* Mount failed? */
+ if (status != 0)
+ {
+ fprintf(stderr, "%s failed. Exiting ...\n", command);
+ exit(255);
+ }
+}
+
+/* This is also run suid root */
+
+int newns_main(int uid, int fuse_fd, int argc, char* argv[])
+{
+ do_command("mount", uid, fuse_fd, argc, argv);
+
+ /* Drop privileges */
+ setuid(uid);
+ seteuid(getuid());
+
+/* Now we are the calling user again ------------- SECURE SECTION */
+
+ /* Drop argv[0] we don't need it */
+ argv++;
+ argc--;
+
+ /* Skip klik_nr */
+ argv++;
+ argc--;
+
+ /* Exec program */
+ execv(argv[0], argv);
+
+ /* Should never reach here */
+ perror("execv");
+ exit(255);
+
+/* END OF ----------------- SECURE SECTION */
+}
+
+/* This part is run suid root, so be careful about security */
+
+int main(int argc, char* argv[])
+{
+ pid_t pid;
+ int status;
+ int uid;
+ int fds[2];
+
+ if (argc < 3)
+ {
+ /* Do not use argv[0] here, because we cannot trust it! */
+ fprintf(stderr, "Usage: klik_suid <appdir nr> <program> [args]\n");
+ exit(1);
+ }
+
+ if (geteuid() != 0)
+ {
+ fprintf(stderr, "klik_suid needs to be suid root\n");
+ exit(1);
+ }
+
+ /* FIXME: Close all filedescriptors and reopen stdin, stdout, stderr from
+ * /dev/tty. Else this program can be used to break out of a
chroot jail.
+ */
+
+ /* Gain root */
+ uid=getuid();
+ setuid(0);
+
+ /* Prepare fuse_fd */
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0)
+ {
+ perror("socketpair");
+ exit(255);
+ }
+
+ /* Prepare filesystem */
+ do_command("prepare", uid, fds[0], argc, argv);
+
+ /* Change namespace */
+
+ pid=(pid_t)syscall(SYS_clone, SIGCHLD | CLONE_NEWNS, NULL);
+
+ if (pid < 0)
+ {
+ perror("sys_clone");
+ exit(1);
+ }
+ if (pid == 0)
+ {
+ /* child */
+ newns_main(uid, fds[1], argc, argv);
+
+ /* Should never be reached */
+ exit(255);
+ }
+
+ /* Parent waits for its child */
+
+ wait(&status);
+
+ return status;
+}
Added: trunk/virtualization/CLONE NEWNS/patches/README
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/patches/README Thu Feb 28 19:02:36 2008
@@ -0,0 +1,4 @@
+This patch is for libfuse to allow a client/server model. You need to
rebuild funionfs and link it statically
+against this binary like:
+
+gcc -static -g -O2 -D_FILE_OFFSET_BITS=64 -DFUSE_USE_VERSION=25
-DHAVE_SETXATTR -o funionfs_klik main.o control.o path.o
util.o ../fuse-2.6.2/lib/.libs/libfuse.a -lpthread -lrt
Added: trunk/virtualization/CLONE NEWNS/patches/fuse-client.diff
==============================================================================
--- (empty file)
+++ trunk/virtualization/CLONE NEWNS/patches/fuse-client.diff Thu Feb
28 19:02:36 2008
@@ -0,0 +1,37 @@
+--- lib/mount.c.old 2007-01-02 18:10:33.000000000 +0100
++++ lib/mount.c 2007-02-24 04:08:58.000000000 +0100
+@@ -234,7 +234,7 @@
+ fprintf(stderr, "fuse: missing mountpoint\n");
+ return -1;
+ }
+-
++#if 0
+ res = socketpair(PF_UNIX, SOCK_STREAM, 0, fds);
+ if(res == -1) {
+ perror("fuse: socketpair() failed");
+@@ -276,6 +276,25 @@
+ rv = receive_fd(fds[1]);
+ close(fds[1]);
+ waitpid(pid, NULL, 0); /* bury zombie */
++#endif
++ int sock;
++ char* env;
++
++ env=getenv(FUSE_COMMFD_ENV);
++
++ if (env)
++ sock=atoi(env);
++
++
++ if (env == NULL || sock <= 0)
++ {
++ perror("fuse: Need open socket in 'FUSE_COMMFD_ENV'");
++ return -1;
++ }
++
++ rv = receive_fd(sock);
++
++ close(sock);
+
+ return rv;
+ }
_______________________________________________
klik-devel mailing list
klik-devel@kde.org
https://mail.kde.org/mailman/listinfo/klik-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic