Nested sandboxes not working
CategoryFixed. Fixed in: 620, 644 for release 1.19
- Found in: Plash 1.18
Python pola-run
Problem 1
With the Python implementation of pola-run:
$ pola-run -fw / -e echo Hello Hello $ pola-run -fw / -e pola-run -fw / -e echo Hello [Errno 22] Invalid argument execve failed
The cause is not that execve() fails, but that it fails to close file descriptors before calling execve(), because PlashGlibc blocks closing the FD for its connection. The solution is to call plash_libc_reset_connection() first.
Problem 2
Having fixed problem 1, the following happens when running the installed pola-run (i.e. not through ./run-uninstalled.sh):
$ pola-run -fw / -e pola-run -fw / -e echo Hello run-as-anonymous: exec: /bin/echo: No such file or directory
The cause is that python/plash/process.py is not putting /special/ld-linux.so.2 into the command line, and is invoking /bin/echo directly.
C pola-run
With the C implementation of pola-run:
$ ./run-uninstalled.sh pola-run-c -fw / -e echo Hello Hello $ ./run-uninstalled.sh pola-run-c -fw / -e pola-run-c -fw / -e echo Hello Segmentation fault (core dumped)
The cause is that the nested pola-run is invoking ld.so with ld.so as the executable, which ld.so cannot handle; for example:
$ /lib/ld-linux.so.2 /lib/ld-linux.so.2 Segmentation fault
pola-run is doing this because it is using PLASH_SANDBOX_PROG inside the sandbox, when it should be using PLASH_P_SANDBOX_PROG.