Added native utilities to mount/umount/chroot via capabilities(7).

Three new helpers will now be installed into ${libexecdir}:
 - xbps-src-capchroot needs to have set CAP_SYS_CHROOT ep.
 - xbps-src-chroot-cap{,u}mount: needs to have set CAP_SYS_ADMIN ep.

That means that libcap and setcap(8) are now required to install
xbps-src and use it as normal user.

--HG--
extra : convert_revision : 586d6526079e085f86bf3e393459d429f6f0ef99
This commit is contained in:
Juan RP 2010-04-26 14:15:49 +02:00
parent 6673252679
commit e3dc3e3066
9 changed files with 293 additions and 34 deletions

View file

@ -10,6 +10,7 @@ all:
-e "s|@@XBPS_INSTALL_ETCDIR@@|$(ETCDIR)|g" \
-e "s|@@XBPS_INSTALL_SHAREDIR@@|$(SHAREDIR)|g" \
-e "s|@@XBPS_INSTALL_SBINDIR@@|$(SBINDIR)|g" \
-e "s|@@XBPS_INSTALL_LIBEXECDIR@@|$(LIBEXECDIR)|g" \
$$bin.sh.in > $$bin; \
done
for dir in $(SUBDIRS); do \

View file

@ -44,19 +44,10 @@ XBPS_COMPRESS_CMD=xz
#XBPS_PREFER_BINPKG_DEPS=yes
#
# Build packages with your unprivileged user in the chroot
# via capchroot. The only required steps with privileges are
# the bind mounts, a helper script (xbps-src-chroot-helper) needs
# to be run with sudo for this task.
# Build packages with your unprivileged user in the chroot thanks
# to POSIX.1e Capabilities as explained in capabilities(7) on GNU/Linux.
#
# fakeroot is only used for the installation stage via the helper
# script xbps-src-doinst-helper.
#
# capchroot allows ordinary users to use the chroot(2) syscall.
# To make this work, uncomment this option and run the following
# commands (as root):
#
# $ setcap cap_sys_chroot=ep /usr/bin/capchroot
# $ echo "/path/to/masterdir $(whoami)" >> /etc/capchroot.allow
#
#XBPS_USE_CAPCHROOT=yes

View file

@ -1,30 +1,58 @@
include ../vars.mk
BINS = xbps-src-chroot-helper xbps-src-doinst-helper
SH_BINS = xbps-src-chroot-helper xbps-src-doinst-helper
MOUNT_BIN = xbps-src-chroot-capmount
UMOUNT_BIN = xbps-src-chroot-capumount
CHROOT_BIN = xbps-src-capchroot
BINS = $(CHROOT_BIN) $(MOUNT_BIN) $(UMOUNT_BIN)
WFLAGS = -Wall -Werror
LDFLAGS = -lcap
ifdef IN_CHROOT
BINS =
endif
.PHONY: all
all:
for bin in $(BINS); do \
all: $(BINS)
for bin in $(SH_BINS); do \
sed -e "s|@@XBPS_INSTALL_PREFIX@@|$(PREFIX)|g" \
-e "s|@@XBPS_INSTALL_ETCDIR@@|$(ETCDIR)|g" \
-e "s|@@XBPS_INSTALL_SHAREDIR@@|$(SHAREDIR)|g" \
-e "s|@@XBPS_INSTALL_SBINDIR@@|$(SBINDIR)|g" \
-e "s|@@XBPS_INSTALL_LIBEXECDIR@@|$(LIBEXECDIR)|g" \
$$bin.sh.in > $$bin; \
done
.PHONY: clean
clean:
-rm -f $(BINS)
-rm -f $(BINS) $(SH_BINS)
.PHONY: install
install: all
install -d $(DESTDIR)$(LIBEXECDIR)
for bin in $(BINS); do \
install -m 755 $$bin $(DESTDIR)$(LIBEXECDIR); \
for bin in $(SH_BINS); do \
install -m755 $$bin $(DESTDIR)$(LIBEXECDIR); \
done
ifdef BINS
install -m755 $(MOUNT_BIN) $(DESTDIR)$(LIBEXECDIR)
setcap cap_sys_admin=ep $(DESTDIR)$(LIBEXECDIR)/$(MOUNT_BIN)
install -m755 $(UMOUNT_BIN) $(DESTDIR)$(LIBEXECDIR)
setcap cap_sys_admin=ep $(DESTDIR)$(LIBEXECDIR)/$(UMOUNT_BIN)
install -m755 $(CHROOT_BIN) $(DESTDIR)$(LIBEXECDIR)
setcap cap_sys_chroot=ep $(DESTDIR)$(LIBEXECDIR)/$(CHROOT_BIN)
endif
.PHONY: uninstall
uninstall:
for bin in $(BINS); do \
for bin in $(BINS) $(SH_BINS); do \
rm -f $(DESTDIR)$(LIBEXECDIR)/$$bin; \
done
$(MOUNT_BIN):
$(CC) $(WFLAGS) $(LDFLAGS) mount.c -o $@
$(UMOUNT_BIN):
$(CC) $(WFLAGS) $(LDFLAGS) umount.c -o $@
$(CHROOT_BIN):
$(CC) $(WFLAGS) $(LDFLAGS) chroot.c -o $@

97
xbps-src/libexec/chroot.c Normal file
View file

@ -0,0 +1,97 @@
/*
* chroot() to target directory by using the CAP_CHROOT
* capability set on the file.
*
* Juan RP - 2010/04/26 - Public Domain.
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <limits.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <sys/capability.h>
void
usage(void)
{
fprintf(stderr, "Usage: xbps-src-capchroot <newroot> <args>\n");
exit(EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
cap_t cap;
cap_flag_value_t effective, permitted;
struct stat st;
char *path;
if (argc < 3)
usage();
cap = cap_get_proc();
if (cap == NULL) {
fprintf(stderr, "cap_get_proc() returned %s!\n",
strerror(errno));
exit(EXIT_FAILURE);
}
cap_get_flag(cap, CAP_SYS_CHROOT, CAP_EFFECTIVE, &effective);
cap_get_flag(cap, CAP_SYS_CHROOT, CAP_PERMITTED, &permitted);
if ((effective != CAP_SET) && (permitted != CAP_SET)) {
fprintf(stderr, "ERROR: missing 'cap_sys_chroot' capability!\n"
"Please set it with: setcap cap_sys_chroot=ep %s'\n",
argv[0]);
cap_free(cap);
exit(EXIT_FAILURE);
}
cap_free(cap);
if ((path = realpath(argv[1], NULL)) == NULL) {
fprintf(stderr, "ERROR: realpath() %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
/* Disallow chroot to '/' */
if (strcmp(path, "/") == 0) {
fprintf(stderr, "ERROR: chroot to / is not allowed!\n");
exit(EXIT_FAILURE);
}
/*
* Check that uid/gid owns the dir and has rx perms on the
* new target root and it is a directory.
*/
if (stat(path, &st) == -1) {
fprintf(stderr, "ERROR: stat() on %s: %s\n",
path, strerror(errno));
exit(EXIT_FAILURE);
}
if (S_ISDIR(st.st_mode) == 0) {
fprintf(stderr, "ERROR: '%s' not a directory!\n", path);
exit(EXIT_FAILURE);
}
if ((st.st_uid != getuid()) && (st.st_gid != getgid()) &&
(st.st_mode & (S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP))) {
fprintf(stderr, "ERROR: wrong permissions on %s!\n", path);
exit(EXIT_FAILURE);
}
/* All ok, change root and process argv on the target root dir. */
if (chroot(path) == -1) {
fprintf(stderr, "ERROR: chroot() on %s: %s\n", argv[1],
strerror(errno));
exit(EXIT_FAILURE);
}
if (chdir("/") == -1) {
fprintf(stderr, "ERROR: chdir(): %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
argv += 2;
(void)execvp(argv[0], argv);
exit(EXIT_FAILURE);
}

78
xbps-src/libexec/mount.c Normal file
View file

@ -0,0 +1,78 @@
/*
* Bind mounts a filesystem mountpoint into the target directory,
* by using the CAP_SYS_ADMIN capability set on the file.
*
* Juan RP - 2010/04/26 - Public Domain.
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mount.h>
#include <sys/capability.h>
void
usage(void)
{
fprintf(stderr, "Usage: xbps-src-capbmount [-w] <orig> <dest>\n");
exit(EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
cap_t cap;
cap_flag_value_t effective, permitted;
unsigned long flags;
int c, rv;
bool dowrite = false;
while ((c = getopt(argc, argv, "w")) != -1) {
switch (c) {
case 'w':
dowrite = true;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 2)
usage();
cap = cap_get_proc();
if (cap == NULL) {
fprintf(stderr, "cap_get_proc() returned %s!\n",
strerror(errno));
exit(EXIT_FAILURE);
}
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &effective);
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_PERMITTED, &permitted);
if ((effective != CAP_SET) && (permitted != CAP_SET)) {
fprintf(stderr, "E: missing 'cap_sys_admin' capability!\n"
"Please set it with: setcap cap_sys_admin=ep %s'\n",
argv[0]);
cap_free(cap);
exit(EXIT_FAILURE);
}
cap_free(cap);
flags = MS_BIND;
if (!dowrite)
flags |= MS_RDONLY;
rv = mount(argv[0], argv[1], "none", flags, NULL);
if (rv != 0) {
fprintf(stderr, "E: cannot mount %s into %s: %s\n", argv[0],
argv[1], strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}

58
xbps-src/libexec/umount.c Normal file
View file

@ -0,0 +1,58 @@
/*
* Umounts a previously bind mounted filesystem mountpoint,
* by using the CAP_SYS_ADMIN capability set on the file.
*
* Juan RP - 2010/04/26 - Public Domain.
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mount.h>
#include <sys/capability.h>
void
usage(void)
{
fprintf(stderr, "Usage: xbps-src-capbumount <dest>\n");
exit(EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
cap_t cap;
cap_flag_value_t effective, permitted;
int rv;
if (argc != 2)
usage();
cap = cap_get_proc();
if (cap == NULL) {
fprintf(stderr, "cap_get_proc() returned %s!\n",
strerror(errno));
exit(EXIT_FAILURE);
}
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &effective);
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_PERMITTED, &permitted);
if ((effective != CAP_SET) && (permitted != CAP_SET)) {
fprintf(stderr, "E: missing 'cap_sys_admin' capability!\n"
"Please set it with: setcap cap_sys_admin=ep %s'\n",
argv[0]);
cap_free(cap);
exit(EXIT_FAILURE);
}
cap_free(cap);
if ((rv = umount(argv[1])) != 0) {
fprintf(stderr, "E: cannot umount %s: %s\n", argv[0],
strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}

View file

@ -35,20 +35,26 @@ REQFS="sys proc dev xbps"
mount_chroot_fs()
{
local cnt f blah
local cnt f blah dowrite
for f in ${REQFS}; do
if [ ! -f ${XBPS_MASTERDIR}/.${f}_mount_bind_done ]; then
unset dowrite
echo -n "=> Mounting /${f} in chroot... "
if [ ! -d ${XBPS_MASTERDIR}/${f} ]; then
mkdir -p ${XBPS_MASTERDIR}/${f}
fi
case ${f} in
xbps) blah=${XBPS_DISTRIBUTIONDIR};;
xbps)
blah=${XBPS_DISTRIBUTIONDIR}
dowrite="-w"
;;
*) blah=/${f};;
esac
[ ! -d ${blah} ] && echo "failed." && continue
mount --bind ${blah} ${XBPS_MASTERDIR}/${f}
@@XBPS_INSTALL_LIBEXECDIR@@/xbps-src-chroot-capmount \
${dowrite} ${blah} ${XBPS_MASTERDIR}/${f} \
2>/dev/null
if [ $? -eq 0 ]; then
echo 1 > ${XBPS_MASTERDIR}/.${f}_mount_bind_done
echo "done."
@ -75,7 +81,8 @@ umount_chroot_fs()
echo ${cnt} > ${XBPS_MASTERDIR}/.${fs}_mount_bind_done
else
echo -n "=> Unmounting ${fs} from chroot... "
umount -f ${XBPS_MASTERDIR}/${fs}
@@XBPS_INSTALL_LIBEXECDIR@@/xbps-src-chroot-capumount \
${XBPS_MASTERDIR}/${fs} 2>/dev/null
if [ $? -eq 0 ]; then
rm -f ${XBPS_MASTERDIR}/.${fs}_mount_bind_done
echo "done."

View file

@ -38,8 +38,6 @@ if [ "${chroot_cmd}" = "chroot" ]; then
echo "Root permissions are required for the chroot, try again."
exit 1
fi
else
chroot_cmd_args="--"
fi
. $XBPS_SHUTILSDIR/builddep_funcs.sh
@ -154,7 +152,7 @@ prepare_binpkg_repos()
{
if [ ! -f "$XBPS_MASTERDIR/.xbps_added_local_repo" ]; then
msg_normal "Registering local binpkg repo..."
${chroot_cmd} $XBPS_MASTERDIR ${chroot_cmd_args} \
${chroot_cmd} $XBPS_MASTERDIR \
xbps-repo.static add /xbps_packagesdir
[ $? -eq 0 ] && touch -f $XBPS_MASTERDIR/.xbps_added_local_repo
fi
@ -233,12 +231,12 @@ xbps_chroot_handler()
# Reinstall xbps-src in the chroot
if [ ! -f $XBPS_MASTERDIR/usr/local/sbin/xbps-src ]; then
env in_chroot=yes LANG=C PATH=$path \
${chroot_cmd} $XBPS_MASTERDIR ${chroot_cmd_args} sh -c \
"cd /xbps/xbps-src && make install clean"
${chroot_cmd} $XBPS_MASTERDIR sh -c \
"cd /xbps/xbps-src && make IN_CHROOT=1 install clean"
fi
if [ "$action" = "chroot" ]; then
env in_chroot=yes LANG=C PATH=$path \
env in_chroot=yes IN_CHROOT=1 LANG=C PATH=$path \
${chroot_cmd} $XBPS_MASTERDIR /bin/sh
else
local lenv
@ -247,8 +245,7 @@ xbps_chroot_handler()
[ -n "$norm_builddir" ] && \
action="-C $action"
env in_chroot=yes LANG=C PATH=$path \
${lenv} ${chroot_cmd} $XBPS_MASTERDIR \
${chroot_cmd_args} sh -c \
${lenv} ${chroot_cmd} $XBPS_MASTERDIR sh -c \
"cd /xbps/srcpkgs/$pkg && xbps-src $action"
fi
msg_normal "Exiting from the chroot on $XBPS_MASTERDIR."

View file

@ -163,8 +163,14 @@ set_defvars
. $XBPS_SHUTILSDIR/common_funcs.sh
if [ -n "$XBPS_USE_CAPCHROOT" ]; then
chroot_cmd="@@XBPS_INSTALL_LIBEXECDIR@@/xbps-src-capchroot"
unset sudo_cmd
fi
if [ "$(id -u)" -eq 0 ]; then
# disable sudo and fakeroot if uid==0
chroot_cmd="chroot"
unset sudo_cmd
if [ -n "$in_chroot" ]; then
unset fakeroot_cmd
@ -172,10 +178,6 @@ if [ "$(id -u)" -eq 0 ]; then
fi
fi
if [ -n "$XBPS_USE_CAPCHROOT" ]; then
chroot_cmd="capchroot"
fi
# Main switch
case "$target" in
build|configure)