Commit | Line | Data |
---|---|---|
47a60325 | 1 | /* GNU Guix --- Functional package management for GNU |
2520059b | 2 | Copyright (C) 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> |
47a60325 LC |
3 | |
4 | This file is part of GNU Guix. | |
5 | ||
6 | GNU Guix is free software; you can redistribute it and/or modify it | |
7 | under the terms of the GNU General Public License as published by | |
8 | the Free Software Foundation; either version 3 of the License, or (at | |
9 | your option) any later version. | |
10 | ||
11 | GNU Guix is distributed in the hope that it will be useful, but | |
12 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | GNU General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU General Public License | |
17 | along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */ | |
18 | ||
19 | /* Make the given @WRAPPED_PROGRAM@ relocatable by executing it in a separate | |
20 | mount namespace where the store is mounted in its right place. | |
21 | ||
22 | We would happily do that in Scheme using 'call-with-container'. However, | |
23 | this very program needs to be relocatable, so it needs to be statically | |
24 | linked, which complicates things (Guile's modules can hardly be "linked" | |
25 | into a single executable.) */ | |
26 | ||
27 | #define _GNU_SOURCE | |
28 | #include <stdlib.h> | |
29 | #include <stdio.h> | |
30 | #include <unistd.h> | |
31 | #include <sched.h> | |
32 | #include <sys/mount.h> | |
33 | #include <errno.h> | |
34 | #include <libgen.h> | |
35 | #include <limits.h> | |
36 | #include <string.h> | |
37 | #include <assert.h> | |
38 | #include <sys/stat.h> | |
39 | #include <sys/types.h> | |
40 | #include <sys/wait.h> | |
41 | #include <fcntl.h> | |
42 | #include <dirent.h> | |
30da3173 | 43 | #include <sys/syscall.h> |
47a60325 | 44 | |
64562321 LC |
45 | /* Whether we're building the ld.so/libfakechroot wrapper. */ |
46 | #define HAVE_EXEC_WITH_LOADER \ | |
47 | (defined PROGRAM_INTERPRETER) && (defined LOADER_AUDIT_MODULE) \ | |
48 | && (defined FAKECHROOT_LIBRARY) | |
49 | ||
0cd13e72 LC |
50 | /* The original store, "/gnu/store" by default. */ |
51 | static const char original_store[] = "@STORE_DIRECTORY@"; | |
52 | ||
53 | ||
14928af2 LC |
54 | /* Like 'malloc', but abort if 'malloc' returns NULL. */ |
55 | static void * | |
56 | xmalloc (size_t size) | |
57 | { | |
58 | void *result = malloc (size); | |
59 | assert (result != NULL); | |
60 | return result; | |
61 | } | |
62 | ||
47a60325 LC |
63 | /* Concatenate DIRECTORY, a slash, and FILE. Return the result, which the |
64 | caller must eventually free. */ | |
65 | static char * | |
66 | concat (const char *directory, const char *file) | |
67 | { | |
14928af2 | 68 | char *result = xmalloc (strlen (directory) + 2 + strlen (file)); |
47a60325 LC |
69 | |
70 | strcpy (result, directory); | |
71 | strcat (result, "/"); | |
72 | strcat (result, file); | |
73 | return result; | |
74 | } | |
75 | ||
76 | static void | |
77 | mkdir_p (const char *directory) | |
78 | { | |
79 | if (strcmp (directory, "/") != 0) | |
80 | { | |
81 | char *parent = dirname (strdupa (directory)); | |
82 | mkdir_p (parent); | |
83 | int err = mkdir (directory, 0700); | |
84 | if (err < 0 && errno != EEXIST) | |
85 | assert_perror (errno); | |
86 | } | |
87 | } | |
88 | ||
89 | static void | |
90 | rm_rf (const char *directory) | |
91 | { | |
92 | DIR *stream = opendir (directory); | |
93 | ||
94 | for (struct dirent *entry = readdir (stream); | |
95 | entry != NULL; | |
96 | entry = readdir (stream)) | |
97 | { | |
98 | if (strcmp (entry->d_name, ".") == 0 | |
99 | || strcmp (entry->d_name, "..") == 0) | |
100 | continue; | |
101 | ||
102 | char *full = concat (directory, entry->d_name); | |
103 | ||
104 | int err = unlink (full); | |
105 | if (err < 0) | |
106 | { | |
107 | if (errno == EISDIR) | |
108 | /* Recurse (we expect a shallow directory structure so there's | |
109 | little risk of stack overflow.) */ | |
110 | rm_rf (full); | |
111 | else | |
112 | assert_perror (errno); | |
113 | } | |
114 | ||
115 | free (full); | |
116 | } | |
117 | ||
118 | closedir (stream); | |
119 | ||
120 | int err = rmdir (directory); | |
121 | if (err < 0 && errno != ENOENT) | |
122 | assert_perror (errno); | |
123 | } | |
124 | ||
64562321 LC |
125 | /* Make TARGET a bind-mount of SOURCE. Take into account ENTRY's type, which |
126 | corresponds to SOURCE. */ | |
127 | static int | |
128 | bind_mount (const char *source, const struct dirent *entry, | |
129 | const char *target) | |
130 | { | |
131 | if (entry->d_type == DT_DIR) | |
132 | { | |
133 | int err = mkdir (target, 0700); | |
134 | if (err != 0) | |
135 | return err; | |
136 | } | |
137 | else | |
138 | close (open (target, O_WRONLY | O_CREAT)); | |
139 | ||
140 | return mount (source, target, "none", | |
141 | MS_BIND | MS_REC | MS_RDONLY, NULL); | |
142 | } | |
143 | ||
144 | #if HAVE_EXEC_WITH_LOADER | |
145 | ||
146 | /* Make TARGET a symlink to SOURCE. */ | |
147 | static int | |
148 | make_symlink (const char *source, const struct dirent *entry, | |
149 | const char *target) | |
150 | { | |
151 | return symlink (source, target); | |
152 | } | |
153 | ||
154 | #endif | |
155 | ||
156 | /* Mirror with FIRMLINK all the top-level entries in SOURCE to TARGET. */ | |
47a60325 | 157 | static void |
64562321 LC |
158 | mirror_directory (const char *source, const char *target, |
159 | int (* firmlink) (const char *, const struct dirent *, | |
160 | const char *)) | |
47a60325 LC |
161 | { |
162 | DIR *stream = opendir (source); | |
163 | ||
164 | for (struct dirent *entry = readdir (stream); | |
165 | entry != NULL; | |
166 | entry = readdir (stream)) | |
167 | { | |
168 | /* XXX: Some file systems may not report a useful 'd_type'. Ignore them | |
169 | for now. */ | |
170 | assert (entry->d_type != DT_UNKNOWN); | |
171 | ||
172 | if (strcmp (entry->d_name, ".") == 0 | |
173 | || strcmp (entry->d_name, "..") == 0) | |
174 | continue; | |
175 | ||
176 | char *abs_source = concat (source, entry->d_name); | |
177 | char *new_entry = concat (target, entry->d_name); | |
178 | ||
179 | if (entry->d_type == DT_LNK) | |
180 | { | |
181 | char target[PATH_MAX]; | |
182 | ||
183 | ssize_t result = readlink (abs_source, target, sizeof target - 1); | |
184 | if (result > 0) | |
185 | { | |
186 | target[result] = '\0'; | |
187 | int err = symlink (target, new_entry); | |
188 | if (err < 0) | |
189 | assert_perror (errno); | |
190 | } | |
191 | } | |
192 | else | |
193 | { | |
194 | /* Create the mount point. */ | |
64562321 | 195 | int err = firmlink (abs_source, entry, new_entry); |
47a60325 LC |
196 | |
197 | /* It used to be that only directories could be bind-mounted. Thus, | |
198 | keep going if we fail to bind-mount a non-directory entry. | |
199 | That's OK because regular files in the root file system are | |
200 | usually uninteresting. */ | |
201 | if (err != 0 && entry->d_type != DT_DIR) | |
202 | assert_perror (errno); | |
203 | ||
204 | free (new_entry); | |
205 | free (abs_source); | |
206 | } | |
207 | } | |
208 | ||
209 | closedir (stream); | |
210 | } | |
211 | ||
30da3173 LC |
212 | /* Write the user/group ID map for PID to FILE, mapping ID to itself. See |
213 | user_namespaces(7). */ | |
214 | static void | |
215 | write_id_map (pid_t pid, const char *file, int id) | |
216 | { | |
217 | char id_map_file[100]; | |
218 | snprintf (id_map_file, sizeof id_map_file, "/proc/%d/%s", pid, file); | |
219 | ||
220 | char id_map[100]; | |
221 | ||
222 | /* Map root and the current user. */ | |
223 | int len = snprintf (id_map, sizeof id_map, "%d %d 1\n", id, id); | |
224 | int fd = open (id_map_file, O_WRONLY); | |
225 | if (fd < 0) | |
226 | assert_perror (errno); | |
227 | ||
228 | int n = write (fd, id_map, len); | |
229 | if (n < 0) | |
230 | assert_perror (errno); | |
231 | ||
232 | close (fd); | |
233 | } | |
234 | ||
235 | /* Disallow setgroups(2) for PID. */ | |
236 | static void | |
237 | disallow_setgroups (pid_t pid) | |
238 | { | |
239 | char file[100]; | |
240 | ||
241 | snprintf (file, sizeof file, "/proc/%d/setgroups", pid); | |
242 | ||
243 | int fd = open (file, O_WRONLY); | |
244 | if (fd < 0) | |
245 | assert_perror (errno); | |
246 | ||
247 | int err = write (fd, "deny", 5); | |
248 | if (err < 0) | |
249 | assert_perror (errno); | |
250 | ||
251 | close (fd); | |
252 | } | |
253 | ||
bdb9b4e8 LC |
254 | /* Run the wrapper program in a separate mount user namespace. Return only |
255 | upon failure. */ | |
256 | static void | |
257 | exec_in_user_namespace (const char *store, int argc, char *argv[]) | |
258 | { | |
259 | /* Spawn @WRAPPED_PROGRAM@ in a separate namespace where STORE is | |
260 | bind-mounted in the right place. */ | |
261 | int err; | |
262 | char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX")); | |
0cd13e72 | 263 | char *new_store = concat (new_root, original_store); |
bdb9b4e8 LC |
264 | char *cwd = get_current_dir_name (); |
265 | ||
266 | /* Create a child with separate namespaces and set up bind-mounts from | |
267 | there. That way, bind-mounts automatically disappear when the child | |
268 | exits, which simplifies cleanup for the parent. Note: clone is more | |
269 | convenient than fork + unshare since the parent can directly write | |
270 | the child uid_map/gid_map files. */ | |
271 | pid_t child = syscall (SYS_clone, SIGCHLD | CLONE_NEWNS | CLONE_NEWUSER, | |
272 | NULL, NULL, NULL); | |
273 | switch (child) | |
274 | { | |
275 | case 0: | |
276 | /* Note: Due to <https://bugzilla.kernel.org/show_bug.cgi?id=183461> | |
277 | we cannot make NEW_ROOT a tmpfs (which would have saved the need | |
278 | for 'rm_rf'.) */ | |
64562321 | 279 | mirror_directory ("/", new_root, bind_mount); |
bdb9b4e8 LC |
280 | mkdir_p (new_store); |
281 | err = mount (store, new_store, "none", MS_BIND | MS_REC | MS_RDONLY, | |
282 | NULL); | |
283 | if (err < 0) | |
284 | assert_perror (errno); | |
285 | ||
286 | chdir (new_root); | |
287 | err = chroot (new_root); | |
288 | if (err < 0) | |
289 | assert_perror (errno); | |
290 | ||
291 | /* Change back to where we were before chroot'ing. */ | |
292 | chdir (cwd); | |
293 | ||
294 | int err = execv ("@WRAPPED_PROGRAM@", argv); | |
295 | if (err < 0) | |
296 | assert_perror (errno); | |
297 | break; | |
298 | ||
299 | case -1: | |
300 | /* Failure: user namespaces not supported. */ | |
301 | fprintf (stderr, "%s: error: 'clone' failed: %m\n", argv[0]); | |
302 | rm_rf (new_root); | |
303 | break; | |
304 | ||
305 | default: | |
306 | { | |
307 | /* Map the current user/group ID in the child's namespace (the | |
308 | default is to get the "overflow UID", i.e., the UID of | |
309 | "nobody"). We must first disallow 'setgroups' for that | |
310 | process. */ | |
311 | disallow_setgroups (child); | |
312 | write_id_map (child, "uid_map", getuid ()); | |
313 | write_id_map (child, "gid_map", getgid ()); | |
314 | ||
315 | int status; | |
316 | waitpid (child, &status, 0); | |
317 | chdir ("/"); /* avoid EBUSY */ | |
318 | rm_rf (new_root); | |
319 | free (new_root); | |
320 | ||
321 | if (WIFEXITED (status)) | |
322 | exit (WEXITSTATUS (status)); | |
323 | else | |
324 | /* Abnormal termination cannot really be reproduced, so exit | |
325 | with 255. */ | |
326 | exit (255); | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
47a60325 | 331 | \f |
99aec37a LC |
332 | #ifdef PROOT_PROGRAM |
333 | ||
334 | /* Execute the wrapped program with PRoot, passing it ARGC and ARGV, and | |
335 | "bind-mounting" STORE in the right place. */ | |
336 | static void | |
337 | exec_with_proot (const char *store, int argc, char *argv[]) | |
338 | { | |
339 | int proot_specific_argc = 4; | |
340 | int proot_argc = argc + proot_specific_argc; | |
4a53c19a | 341 | char *proot_argv[proot_argc + 1], *proot; |
0cd13e72 | 342 | char bind_spec[strlen (store) + 1 + sizeof original_store]; |
99aec37a LC |
343 | |
344 | strcpy (bind_spec, store); | |
345 | strcat (bind_spec, ":"); | |
0cd13e72 | 346 | strcat (bind_spec, original_store); |
99aec37a LC |
347 | |
348 | proot = concat (store, PROOT_PROGRAM); | |
349 | ||
350 | proot_argv[0] = proot; | |
351 | proot_argv[1] = "-b"; | |
352 | proot_argv[2] = bind_spec; | |
353 | proot_argv[3] = "@WRAPPED_PROGRAM@"; | |
354 | ||
355 | for (int i = 0; i < argc; i++) | |
356 | proot_argv[i + proot_specific_argc] = argv[i + 1]; | |
357 | ||
358 | proot_argv[proot_argc] = NULL; | |
359 | ||
360 | /* Seccomp support seems to invariably lead to segfaults; disable it by | |
361 | default. */ | |
362 | setenv ("PROOT_NO_SECCOMP", "1", 0); | |
363 | ||
364 | int err = execv (proot, proot_argv); | |
365 | if (err < 0) | |
366 | assert_perror (errno); | |
367 | } | |
368 | ||
369 | #endif | |
370 | ||
371 | \f | |
64562321 LC |
372 | #if HAVE_EXEC_WITH_LOADER |
373 | ||
c6c0d5a2 LC |
374 | /* Traverse PATH, a NULL-terminated string array, and return a colon-separated |
375 | search path where each item of PATH has been relocated to STORE. The | |
376 | result is malloc'd. */ | |
377 | static char * | |
378 | relocated_search_path (const char *path[], const char *store) | |
379 | { | |
380 | char *new_path; | |
381 | size_t size = 0; | |
382 | ||
383 | for (size_t i = 0; path[i] != NULL; i++) | |
384 | size += strlen (store) + strlen (path[i]) + 1; /* upper bound */ | |
385 | ||
386 | new_path = xmalloc (size + 1); | |
387 | new_path[0] = '\0'; | |
388 | ||
389 | for (size_t i = 0; path[i] != NULL; i++) | |
390 | { | |
391 | if (strncmp (path[i], original_store, | |
392 | sizeof original_store - 1) == 0) | |
393 | { | |
394 | strcat (new_path, store); | |
395 | strcat (new_path, path[i] + sizeof original_store - 1); | |
396 | } | |
397 | else | |
398 | strcat (new_path, path[i]); /* possibly $ORIGIN */ | |
399 | ||
400 | strcat (new_path, ":"); | |
401 | } | |
402 | ||
403 | new_path[strlen (new_path) - 1] = '\0'; /* Remove trailing colon. */ | |
404 | ||
405 | return new_path; | |
406 | } | |
407 | ||
28dce8f0 LC |
408 | /* Concatenate PATH1 and PATH2 with a colon in between. The result is |
409 | potentially malloc'd. */ | |
410 | static char * | |
411 | concat_paths (const char *path1, const char *path2) | |
412 | { | |
413 | if (path1[0] == '\0') | |
414 | return (char *) path2; | |
415 | else | |
416 | { | |
417 | char *result = xmalloc (strlen (path1) + strlen (path2) + 2); | |
418 | strcpy (result, path1); | |
419 | strcat (result, ":"); | |
420 | strcat (result, path2); | |
421 | return result; | |
422 | } | |
423 | } | |
424 | ||
64562321 LC |
425 | /* Execute the wrapped program by invoking the loader (ld.so) directly, |
426 | passing it the audit module and preloading libfakechroot.so. */ | |
427 | static void | |
428 | exec_with_loader (const char *store, int argc, char *argv[]) | |
429 | { | |
c6c0d5a2 | 430 | static const char *audit_library_path[] = LOADER_AUDIT_RUNPATH; |
64562321 LC |
431 | char *loader = concat (store, |
432 | PROGRAM_INTERPRETER + sizeof original_store); | |
c6c0d5a2 | 433 | size_t loader_specific_argc = 8; |
64562321 LC |
434 | size_t loader_argc = argc + loader_specific_argc; |
435 | char *loader_argv[loader_argc + 1]; | |
436 | loader_argv[0] = argv[0]; | |
437 | loader_argv[1] = "--audit"; | |
438 | loader_argv[2] = concat (store, | |
439 | LOADER_AUDIT_MODULE + sizeof original_store); | |
c6c0d5a2 | 440 | |
28dce8f0 LC |
441 | /* The audit module depends on libc.so and libgcc_s.so so honor |
442 | AUDIT_LIBRARY_PATH. Additionally, honor $LD_LIBRARY_PATH if set. */ | |
c6c0d5a2 | 443 | loader_argv[3] = "--library-path"; |
28dce8f0 LC |
444 | loader_argv[4] = |
445 | concat_paths (getenv ("LD_LIBRARY_PATH") ?: "", | |
446 | relocated_search_path (audit_library_path, store)); | |
c6c0d5a2 LC |
447 | |
448 | loader_argv[5] = "--preload"; | |
449 | loader_argv[6] = concat (store, | |
64562321 | 450 | FAKECHROOT_LIBRARY + sizeof original_store); |
c6c0d5a2 | 451 | loader_argv[7] = concat (store, |
64562321 LC |
452 | "@WRAPPED_PROGRAM@" + sizeof original_store); |
453 | ||
454 | for (size_t i = 0; i < argc; i++) | |
455 | loader_argv[i + loader_specific_argc] = argv[i + 1]; | |
456 | ||
457 | loader_argv[loader_argc] = NULL; | |
458 | ||
459 | /* Set up the root directory. */ | |
460 | int err; | |
461 | char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX")); | |
462 | mirror_directory ("/", new_root, make_symlink); | |
463 | ||
c088aa29 LC |
464 | /* 'mirror_directory' created a symlink for the ancestor of ORIGINAL_STORE, |
465 | typically "/gnu". Remove that entry so we can create NEW_STORE | |
466 | below. */ | |
467 | const char *slash = strchr (original_store + 1, '/'); | |
468 | const char *top = slash != NULL | |
469 | ? strndupa (original_store, slash - original_store) | |
470 | : original_store; | |
471 | char *new_store_top = concat (new_root, top); | |
472 | unlink (new_store_top); | |
473 | ||
474 | /* Now create the store under NEW_ROOT. */ | |
64562321 LC |
475 | char *new_store = concat (new_root, original_store); |
476 | char *new_store_parent = dirname (strdup (new_store)); | |
477 | mkdir_p (new_store_parent); | |
c088aa29 LC |
478 | err = symlink (store, new_store); |
479 | if (err < 0) | |
480 | assert_perror (errno); | |
64562321 LC |
481 | |
482 | #ifdef GCONV_DIRECTORY | |
483 | /* Tell libc where to find its gconv modules. This is necessary because | |
484 | gconv uses non-interposable 'open' calls. */ | |
485 | char *gconv_path = concat (store, | |
486 | GCONV_DIRECTORY + sizeof original_store); | |
487 | setenv ("GCONV_PATH", gconv_path, 1); | |
488 | free (gconv_path); | |
489 | #endif | |
490 | ||
491 | setenv ("FAKECHROOT_BASE", new_root, 1); | |
492 | ||
493 | pid_t child = fork (); | |
494 | switch (child) | |
495 | { | |
496 | case 0: | |
497 | err = execv (loader, loader_argv); | |
498 | if (err < 0) | |
499 | assert_perror (errno); | |
500 | exit (EXIT_FAILURE); | |
501 | break; | |
502 | ||
503 | case -1: | |
504 | assert_perror (errno); | |
505 | exit (EXIT_FAILURE); | |
506 | break; | |
507 | ||
508 | default: | |
509 | { | |
510 | int status; | |
511 | waitpid (child, &status, 0); | |
512 | chdir ("/"); /* avoid EBUSY */ | |
513 | rm_rf (new_root); | |
514 | free (new_root); | |
515 | ||
516 | close (2); /* flushing stderr should be silent */ | |
517 | ||
518 | if (WIFEXITED (status)) | |
519 | exit (WEXITSTATUS (status)); | |
520 | else | |
521 | /* Abnormal termination cannot really be reproduced, so exit | |
522 | with 255. */ | |
523 | exit (255); | |
524 | } | |
525 | } | |
526 | } | |
527 | ||
528 | #endif | |
529 | ||
530 | \f | |
fde2aec3 LC |
531 | /* Execution engines. */ |
532 | ||
533 | struct engine | |
534 | { | |
535 | const char *name; | |
536 | void (* exec) (const char *, int, char **); | |
537 | }; | |
538 | ||
539 | static void | |
540 | buffer_stderr (void) | |
541 | { | |
542 | static char stderr_buffer[4096]; | |
543 | setvbuf (stderr, stderr_buffer, _IOFBF, sizeof stderr_buffer); | |
544 | } | |
545 | ||
64562321 | 546 | /* The default engine: choose a robust method. */ |
fde2aec3 LC |
547 | static void |
548 | exec_default (const char *store, int argc, char *argv[]) | |
549 | { | |
550 | /* Buffer stderr so that nothing's displayed if 'exec_in_user_namespace' | |
551 | fails but 'exec_with_proot' works. */ | |
552 | buffer_stderr (); | |
553 | ||
554 | exec_in_user_namespace (store, argc, argv); | |
555 | #ifdef PROOT_PROGRAM | |
556 | exec_with_proot (store, argc, argv); | |
557 | #endif | |
558 | } | |
559 | ||
64562321 LC |
560 | /* The "performance" engine: choose performance over robustness. */ |
561 | static void | |
562 | exec_performance (const char *store, int argc, char *argv[]) | |
563 | { | |
564 | buffer_stderr (); | |
565 | ||
566 | exec_in_user_namespace (store, argc, argv); | |
567 | #if HAVE_EXEC_WITH_LOADER | |
568 | exec_with_loader (store, argc, argv); | |
569 | #endif | |
570 | } | |
571 | ||
fde2aec3 LC |
572 | /* List of supported engines. */ |
573 | static const struct engine engines[] = | |
574 | { | |
575 | { "default", exec_default }, | |
64562321 | 576 | { "performance", exec_performance }, |
fde2aec3 LC |
577 | { "userns", exec_in_user_namespace }, |
578 | #ifdef PROOT_PROGRAM | |
579 | { "proot", exec_with_proot }, | |
64562321 LC |
580 | #endif |
581 | #if HAVE_EXEC_WITH_LOADER | |
582 | { "fakechroot", exec_with_loader }, | |
fde2aec3 LC |
583 | #endif |
584 | { NULL, NULL } | |
585 | }; | |
586 | ||
587 | /* Return the "execution engine" to use. */ | |
588 | static const struct engine * | |
589 | execution_engine (void) | |
590 | { | |
591 | const char *str = getenv ("GUIX_EXECUTION_ENGINE"); | |
592 | ||
593 | if (str == NULL) | |
594 | str = "default"; | |
595 | ||
596 | try: | |
597 | for (const struct engine *engine = engines; | |
598 | engine->name != NULL; | |
599 | engine++) | |
600 | { | |
601 | if (strcmp (engine->name, str) == 0) | |
602 | return engine; | |
603 | } | |
604 | ||
605 | fprintf (stderr, "%s: unsupported Guix execution engine; ignoring\n", | |
606 | str); | |
607 | str = "default"; | |
608 | goto try; | |
609 | } | |
610 | ||
611 | \f | |
47a60325 LC |
612 | int |
613 | main (int argc, char *argv[]) | |
614 | { | |
615 | ssize_t size; | |
616 | char self[PATH_MAX]; | |
617 | size = readlink ("/proc/self/exe", self, sizeof self - 1); | |
618 | assert (size > 0); | |
619 | ||
620 | /* SELF is something like "/home/ludo/.local/gnu/store/…-foo/bin/ls" and we | |
621 | want to extract "/home/ludo/.local/gnu/store". */ | |
622 | size_t index = strlen (self) | |
0cd13e72 | 623 | - strlen ("@WRAPPED_PROGRAM@") + strlen (original_store); |
47a60325 LC |
624 | char *store = strdup (self); |
625 | store[index] = '\0'; | |
626 | ||
627 | struct stat statbuf; | |
628 | ||
629 | /* If STORE is already at the "right" place, we can execute | |
630 | @WRAPPED_PROGRAM@ right away. This is not just an optimization: it's | |
631 | needed when running one of these wrappers from within an unshare'd | |
632 | namespace, because 'unshare' fails with EPERM in that context. */ | |
0cd13e72 | 633 | if (strcmp (store, original_store) != 0 |
47a60325 LC |
634 | && lstat ("@WRAPPED_PROGRAM@", &statbuf) != 0) |
635 | { | |
fde2aec3 LC |
636 | const struct engine *engine = execution_engine (); |
637 | engine->exec (store, argc, argv); | |
47a60325 | 638 | |
fde2aec3 LC |
639 | /* If we reach this point, that's because ENGINE failed to do the |
640 | job. */ | |
bdb9b4e8 | 641 | fprintf (stderr, "\ |
30da3173 LC |
642 | This may be because \"user namespaces\" are not supported on this system.\n\ |
643 | Consequently, we cannot run '@WRAPPED_PROGRAM@',\n\ | |
644 | unless you move it to the '@STORE_DIRECTORY@' directory.\n\ | |
645 | \n\ | |
646 | Please refer to the 'guix pack' documentation for more information.\n"); | |
bdb9b4e8 | 647 | return EXIT_FAILURE; |
47a60325 LC |
648 | } |
649 | ||
650 | /* The executable is available under @STORE_DIRECTORY@, so we can now | |
651 | execute it. */ | |
652 | int err = execv ("@WRAPPED_PROGRAM@", argv); | |
653 | if (err < 0) | |
654 | assert_perror (errno); | |
655 | ||
656 | return EXIT_FAILURE; | |
657 | } |