[Libreoffice-commits] online.git: 6 commits - loolwsd/LOOLSession.cpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp loolwsd/loolwsd-systemplate-setup
Tor Lillqvist
tml at collabora.com
Fri May 22 09:44:35 PDT 2015
loolwsd/LOOLSession.cpp | 20 +++++++++++++++++++-
loolwsd/LOOLWSD.cpp | 21 +++++++++++++--------
loolwsd/LOOLWSD.hpp | 8 ++++++++
loolwsd/loolwsd-systemplate-setup | 28 +++++++++++++++++++++++++++-
4 files changed, 67 insertions(+), 10 deletions(-)
New commits:
commit f7d001ed45dfd4500509ceda828062b0d38f8cb3
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 17:43:45 2015 +0100
Bin the uid debug output
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index a232727..201210e 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -618,7 +618,6 @@ int LOOLWSD::childMain()
if (childRoot != "")
throw IncompatibleOptionsException("childroot");
- logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
if (chroot(jail.c_str()) == -1)
{
logger().error("chroot(\"" + jail + "\") failed: " + strerror(errno));
@@ -702,7 +701,6 @@ int LOOLWSD::childMain()
int LOOLWSD::main(const std::vector<std::string>& args)
{
- logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
if (childMode())
return childMain();
@@ -712,8 +710,6 @@ int LOOLWSD::main(const std::vector<std::string>& args)
dropCapability();
#endif
- logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
-
if (access(LOOLWSD_CACHEDIR, R_OK | W_OK | X_OK) != 0)
{
std::cout << "Unable to access " << LOOLWSD_CACHEDIR <<
commit 180f8fcba02f4b22d22b01b243ed8c7cbf8d0d59
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 17:42:36 2015 +0100
Pass the --uid option to the child too
diff --git a/loolwsd/LOOLSession.cpp b/loolwsd/LOOLSession.cpp
index 8d0c4a5..bdf5051 100644
--- a/loolwsd/LOOLSession.cpp
+++ b/loolwsd/LOOLSession.cpp
@@ -382,6 +382,11 @@ void MasterProcessSession::preSpawn()
args.push_back("--jail=" + jail.toString());
args.push_back("--losubpath=" + LOOLWSD::loSubPath);
+#if ENABLE_DEBUG
+ if (LOOLWSD::runningAsRoot)
+ args.push_back("--uid=" + std::to_string(LOOLWSD::uid));
+#endif
+
const std::string executable = (LOOLWSD::runningAsRoot ? "/usr/bin/sudo" : Application::instance().commandPath());
Application::instance().logger().information(Util::logPrefix() + "Launching child: " + executable + " " + Poco::cat(std::string(" "), args.begin(), args.end()));
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 315c9ed..a232727 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -116,10 +116,6 @@ using Poco::Util::Option;
using Poco::Util::OptionSet;
using Poco::Util::ServerApplication;
-#if ENABLE_DEBUG
-uid_t uid = 0;
-#endif
-
class WebSocketRequestHandler: public HTTPRequestHandler
/// Handle a WebSocket connection.
{
@@ -404,6 +400,7 @@ std::string LOOLWSD::jail;
int LOOLWSD::_numPreSpawnedChildren = 10;
#if ENABLE_DEBUG
bool LOOLWSD::runningAsRoot = false;
+int LOOLWSD::uid = 0;
#endif
const std::string LOOLWSD::CHILD_URI = "/loolws/child/";
@@ -584,15 +581,15 @@ namespace
{
// Running under sudo, probably because being debugged? Let's drop super-user rights.
LOOLWSD::runningAsRoot = true;
- if (uid == 0)
+ if (LOOLWSD::uid == 0)
{
struct passwd *nobody = getpwnam("nobody");
if (nobody)
- uid = nobody->pw_uid;
+ LOOLWSD::uid = nobody->pw_uid;
else
- uid = 65534;
+ LOOLWSD::uid = 65534;
}
- if (setuid(uid) != 0) {
+ if (setuid(LOOLWSD::uid) != 0) {
Application::instance().logger().error(std::string("setuid() failed: ") + strerror(errno));
}
}
@@ -715,6 +712,8 @@ int LOOLWSD::main(const std::vector<std::string>& args)
dropCapability();
#endif
+ logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
+
if (access(LOOLWSD_CACHEDIR, R_OK | W_OK | X_OK) != 0)
{
std::cout << "Unable to access " << LOOLWSD_CACHEDIR <<
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index db99dd8..2e4b3ef 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -55,6 +55,7 @@ private:
#if ENABLE_DEBUG
public:
static bool runningAsRoot;
+ static int uid;
#endif
};
commit 94e29dab1e85e5f706fd3e7c6cb28a0b5cc3511c
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 16:55:05 2015 +0100
This approach will not work...
The amount of system frameworks (both public and private) needed by
the LO libraries is staggering. It will not work to try to list them
here. If you are crazy enough to want to run this on OS X, use some
other tool than this script to set up the system template for the
chroot jail. Like mkjail from https://github.com/glvnst/shlibs.
diff --git a/loolwsd/loolwsd-systemplate-setup b/loolwsd/loolwsd-systemplate-setup
index c473248..8af0517 100755
--- a/loolwsd/loolwsd-systemplate-setup
+++ b/loolwsd/loolwsd-systemplate-setup
@@ -40,16 +40,36 @@ cd / || exit 1
grep -v dynamic | cut -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | sed -e 's,^/,,'
else
find usr/lib/dyld \
- usr/lib/libauto.dylib \
- usr/lib/libc++abi.dylib \
+ usr/lib/*.dylib \
usr/lib/system/*.dylib \
+ System/Library/Frameworks/Accelerate.framework \
+ System/Library/Frameworks/ApplicationServices.framework \
+ System/Library/Frameworks/CFNetwork.framework \
+ System/Library/Frameworks/Carbon.framework \
+ System/Library/Frameworks/CoreFoundation.framework \
+ System/Library/Frameworks/CoreGraphics.framework \
+ System/Library/Frameworks/CoreServices.framework \
+ System/Library/Frameworks/CoreText.framework \
+ System/Library/Frameworks/DiskArbitration.framework \
+ System/Library/Frameworks/Foundation.framework \
+ System/Library/Frameworks/ImageIO.framework \
+ System/Library/Frameworks/IOKit.framework \
+ System/Library/Frameworks/IOSurface.framework \
+ System/Library/Frameworks/NetFS.framework \
+ System/Library/Frameworks/OpenDirectory.framework \
+ System/Library/Frameworks/Security.framework \
+ System/Library/Frameworks/SystemConfiguration.framework \
+ System/Library/PrivateFrameworks/DataDetectorsCore.framework \
+ System/Library/PrivateFrameworks/MultitouchSupport.framework \
+ System/Library/PrivateFrameworks/NetAuth.framework \
+ System/Library/PrivateFrameworks/login.framework \
-type f
find $INSTDIR -name '*.dylib' |
while read file; do
otool -L $file 2>/dev/null
done |
- sed -e 's/^[ ]//' | grep -E '^(/lib|/usr/lib)' | cut -d' ' -f1 | sort -u | sed -e 's,^/,,'
+ sed -e 's/^[ ]//' | grep -E '^/(lib|usr/lib)/' | cut -d' ' -f1 | sort -u | sed -e 's,^/,,'
fi
) |
commit 73505aa5503605ae2b1009d1d48b1070692a08a4
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 14:40:09 2015 +0100
On OS X libsofficeap.dylib is in Frameworks
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index cd521fa..315c9ed 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -649,7 +649,11 @@ int LOOLWSD::childMain()
try
{
+#ifdef __APPLE__
+ LibreOfficeKit *loKit(lok_init_2(("/" + loSubPath + "/Frameworks").c_str(), "file:///user"));
+#else
LibreOfficeKit *loKit(lok_init_2(("/" + loSubPath + "/program").c_str(), "file:///user"));
+#endif
if (!loKit)
{
commit 9af39d189a92092b252fdffd6200759055e5601f
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 14:34:21 2015 +0100
Add some fairly hackish things to make this run better on OS X
diff --git a/loolwsd/LOOLSession.cpp b/loolwsd/LOOLSession.cpp
index 03b7224..8d0c4a5 100644
--- a/loolwsd/LOOLSession.cpp
+++ b/loolwsd/LOOLSession.cpp
@@ -371,14 +371,27 @@ void MasterProcessSession::preSpawn()
_pendingPreSpawnedChildren.insert(childId);
Process::Args args;
+
+#if ENABLE_DEBUG
+ if (LOOLWSD::runningAsRoot)
+ args.push_back(Application::instance().commandPath());
+#endif
+
args.push_back("--child=" + std::to_string(childId));
args.push_back("--port=" + std::to_string(LOOLWSD::portNumber));
args.push_back("--jail=" + jail.toString());
args.push_back("--losubpath=" + LOOLWSD::loSubPath);
- Application::instance().logger().information(Util::logPrefix() + "Launching child: " + Poco::cat(std::string(" "), args.begin(), args.end()));
+ const std::string executable = (LOOLWSD::runningAsRoot ? "/usr/bin/sudo" : Application::instance().commandPath());
+ Application::instance().logger().information(Util::logPrefix() + "Launching child: " + executable + " " + Poco::cat(std::string(" "), args.begin(), args.end()));
+
+#if ENABLE_DEBUG
+ ProcessHandle child = Process::launch(executable, args);
+#else
ProcessHandle child = Process::launch(Application::instance().commandPath(), args);
+#endif
+
_childProcesses[child.id()] = childId;
}
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index fe17cda..cd521fa 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -402,6 +402,9 @@ std::string LOOLWSD::childRoot;
std::string LOOLWSD::loSubPath = "lo";
std::string LOOLWSD::jail;
int LOOLWSD::_numPreSpawnedChildren = 10;
+#if ENABLE_DEBUG
+bool LOOLWSD::runningAsRoot = false;
+#endif
const std::string LOOLWSD::CHILD_URI = "/loolws/child/";
LOOLWSD::LOOLWSD() :
@@ -580,6 +583,7 @@ namespace
if (geteuid() == 0 && getuid() == 0)
{
// Running under sudo, probably because being debugged? Let's drop super-user rights.
+ LOOLWSD::runningAsRoot = true;
if (uid == 0)
{
struct passwd *nobody = getpwnam("nobody");
@@ -617,6 +621,7 @@ int LOOLWSD::childMain()
if (childRoot != "")
throw IncompatibleOptionsException("childroot");
+ logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
if (chroot(jail.c_str()) == -1)
{
logger().error("chroot(\"" + jail + "\") failed: " + strerror(errno));
@@ -696,6 +701,7 @@ int LOOLWSD::childMain()
int LOOLWSD::main(const std::vector<std::string>& args)
{
+ logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid()));
if (childMode())
return childMain();
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index 0171ca9..db99dd8 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -10,6 +10,8 @@
#ifndef INCLUDED_LOOLWSD_HPP
#define INCLUDED_LOOLWSD_HPP
+#include "config.h"
+
#include <string>
#include <Poco/Util/OptionSet.h>
@@ -49,6 +51,11 @@ private:
bool _doTest;
Poco::UInt64 _childId;
static int _numPreSpawnedChildren;
+
+#if ENABLE_DEBUG
+public:
+ static bool runningAsRoot;
+#endif
};
#endif
commit 99b7fcdfa8113280b6a3cb0ba5a28a482b8c6ef4
Author: Tor Lillqvist <tml at collabora.com>
Date: Fri May 22 14:34:13 2015 +0100
Include dynamic loader and more system libraries on OS X
diff --git a/loolwsd/loolwsd-systemplate-setup b/loolwsd/loolwsd-systemplate-setup
index cdd3cdd..c473248 100755
--- a/loolwsd/loolwsd-systemplate-setup
+++ b/loolwsd/loolwsd-systemplate-setup
@@ -39,6 +39,12 @@ cd / || exit 1
done |
grep -v dynamic | cut -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | sed -e 's,^/,,'
else
+ find usr/lib/dyld \
+ usr/lib/libauto.dylib \
+ usr/lib/libc++abi.dylib \
+ usr/lib/system/*.dylib \
+ -type f
+
find $INSTDIR -name '*.dylib' |
while read file; do
otool -L $file 2>/dev/null
More information about the Libreoffice-commits
mailing list