-
Notifications
You must be signed in to change notification settings - Fork 15
/
TODO
63 lines (50 loc) · 1.97 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
try out tracing on *BSD and Solaris
trace static children of static children
cache results of filesystem checks
review erealpath vs realpath usage
wrappers for execl{,l,p} ... unfortunately, we'll probably have to basically
reimplement the functions (building up argv[] and then call the execv* ver)
wrappers for open funcs:
- freopen
- freopen64
- name_to_handle_at
- open_by_handle_at
- __open
- __open64
wrappers for 64-bit time funcs
https://bugs.gentoo.org/751241
wrappers for syscalls that modify non-filesystem resources ?
how would we `addpredict` these ?
is it worth checking for these in the first place ? unittests sometimes do
terrible things to systems.
- clock_settime
- create_module
- setdomainname
- settimeofday
erealpath() might deref symlinks when working with unreadable paths as non-root
even when working on funcs that do not deref funcs themselves ... this isnt a
real big issue though
threaded apps conflict with shared state:
- sandbox_lib
- sandbox_on
- trace_pid
- etc...
handle multiple processing writing to log simultaneously
- could move log to a fifo that the main sandbox process would consume
- not that big of a deal as log generally only gets written with failures
doesnt seem to work quite right:
echo $(./vfork-0 ./mkdir_static-0 2>&1)
messaging still needs a little work. consider:
- user is running as root
- user does `emerge foo`
- emerge's stderr is connected to root's tty
- FEATURES=userpriv is enabled so portage drops root
- sandbox starts up and sets message path to its stderr
- that path is owned by root only
- attempts to open it by path fail with permission denied
really only way around this would be to have sandbox set up
a named pipe in $T and set the message path to that. then
it would poll that for data and take care of writing it to
its open stderr.
sparc32 tracing under sparc64 doesn't work quite right. we need to reload the
syscall table after the exec call finishes. not sure any other port needs this.