[oe] RFC Virtual Chroot
Holger Freyther
zecke at selfish.org
Sun Mar 18 13:10:32 UTC 2007
Hi Freaks,
inspired by one of the Project Ideas of MacPorts here is an idea we
could use. When compiling, configuring, installing software we, the
developers, have a pretty good idea where the buildsystem is allowed
to look at. Sometimes the crappy buildsystemd have different ideas.
What I propose is that we define a whitelist and an additional
blacklist of directories for each task and configuration. E.g. if we
build packages we whitelist the directories from PATH, but blacklist
the various possible libraries directors. We whitelist the
STAGING_LIBDIR and the S directory. On native builds we could
whitelist the various /lib directories as well.
This could be implemented on FreeBSD and Linux using LD_PRELOAD. The
code below, which is not yet completed, tries to reimplement the open
method to apply white and blacklisting. BitBake/OE would need to
export the LD_PRELOAD variable and the OE_WHITE_LIST and
OE_BLACK_LIST variable. This tool will enforce this.
Ideas, Comments, Feedback, Code?
z.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vchroot.c
Type: application/octet-stream
Size: 3494 bytes
Desc: not available
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20070318/640285c9/attachment-0002.obj>
More information about the Openembedded-devel
mailing list