From: Bodo Eggert <harvested.in.lkml@7eggert.dyndns.org>
To: Neil Brown <neilb@suse.de>, Mike Hearn <mike@plan99.net>,
linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] Add a /proc/self/exedir link
Date: Thu, 06 Apr 2006 13:39:49 +0200 [thread overview]
Message-ID: <E1FRSqP-0000g3-9i@be1.lrz> (raw)
In-Reply-To: 5XGOz-1eP-35@gated-at.bofh.it
Neil Brown <neilb@suse.de> wrote:
> On Tuesday April 4, mike@plan99.net wrote:
>> To clarify, I'm proposing this patch for eventual mainline inclusion.
>>
>> It adds a simple bit of API - a symlink in /proc/pid - which makes it
>> easy to build relocatable software:
>>
>> ./configure --prefix=/proc/self/exedir/..
[...]
> It strikes me that this is very fragile. If the application calls
> anything out of /bin or /usr/bin etc passing a path name which works
> for the application, it will break for the helper.
ACK.
> It also requires all binaries use by the application to live in the
> same directory. This would be OK for some applications, but not for
> everything.
>
> It sounds to me like you want a private, inherited, name space, and
> Linux provides those via CLONE_NEWNS, however you probably need root
> access to make that work, which isn't ideal.
This isn't going to rock either. If process A links
$PID->namespace:/const/exedir/ to /mnt/net/host_a/foo/bin and passes
/const/exedir/../lib/foo to process B, this process B must not
link it's $PID->namespace:/const/exedir/ to e.g. /opt/B/bin, but
exactly this is going to happen if you use a constant string.
> I think you'd have move luck (ab)using an environment variable.
> Make
> /proc/self/env_prefix
> be a symlink pointing to whatever the "PREFIX" environment variable
> stores.
Same problem.
IMO the program must be aware of the get-my-exedir feature, just configuring
--prefix=/proc/... is aiming for your feet.
/proc/pid/exedir may be a way to access the program files after changing the
namespace, but it may also be a security risk leaving the original namespace
accessible. Therefore I suggest abandoning the exedir idea and instead
1) change the programs to be aware of it's exedir:
(my $exedir=`cat /proc/self/exe`) =~ s,/[^/]+$,,);
if ($libdir !~ m,^/,) { $libdir = $exedir.'/'.$libdir };
- or -
ln -s /mnt/net/host_a/foo /usr/local/foo
(cd /usr/local/bin && for a in ../foo/bin; do ln -s "$a";done)
2) If you want access across namespaces, use fopen etc. on an open
directory handle
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
next parent reply other threads:[~2006-04-06 11:40 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5XGlt-GY-23@gated-at.bofh.it>
[not found] ` <5XGOz-1eP-35@gated-at.bofh.it>
2006-04-06 11:39 ` Bodo Eggert [this message]
2006-04-06 13:21 ` [PATCH] Add a /proc/self/exedir link Mike Hearn
2006-04-06 17:02 ` Bodo Eggert
2006-04-06 19:36 ` Mike Hearn
2006-04-07 18:40 ` Eric W. Biederman
[not found] ` <bda6d13a0604071201o36496a55o2eae6a65153a06c3@mail.gmail.com>
2006-04-07 19:01 ` Fwd: " Joshua Hudson
2006-04-07 19:17 ` John Stoffel
2006-04-07 19:22 ` Mike Hearn
2006-04-03 23:01 Mike Hearn
2006-04-03 23:26 ` Joshua Hudson
2006-04-03 23:30 ` Neil Brown
2006-04-04 15:54 ` Jan Engelhardt
2006-04-04 21:24 ` Nix
2006-04-05 20:39 ` Eric W. Biederman
2006-04-05 21:52 ` Mike Hearn
2006-04-06 23:33 ` Tony Luck
2006-04-07 7:52 ` Neil Brown
2006-04-07 9:15 ` Andreas Schwab
2006-04-07 19:10 ` Eric W. Biederman
2006-04-08 8:26 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1FRSqP-0000g3-9i@be1.lrz \
--to=harvested.in.lkml@7eggert.dyndns.org \
--cc=7eggert@gmx.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@plan99.net \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).