[Libreoffice-commits] online.git: 4 commits - kit/Kit.cpp loolwsd-systemplate-setup Makefile.am wsd/LOOLWSD.cpp
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Fri Aug 3 03:31:15 UTC 2018
Makefile.am | 16 +++++++-------
kit/Kit.cpp | 52 +++++++++++++++++++++++-----------------------
loolwsd-systemplate-setup | 6 ++---
wsd/LOOLWSD.cpp | 23 ++++++++++++--------
4 files changed, 52 insertions(+), 45 deletions(-)
New commits:
commit 1f5d779ef859733b75a8f93780ad88da58a4effc
Author: Jan Holesovsky <kendy at collabora.com>
AuthorDate: Fri Aug 3 05:29:27 2018 +0200
Commit: Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri Aug 3 05:29:27 2018 +0200
Fix systemplate creation when running make with -j.
Change-Id: Ifcf45b01fdba9b502b1a88190d6a0d4cb316c566
diff --git a/Makefile.am b/Makefile.am
index 5b1767bcd..a40bc999a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -254,7 +254,7 @@ clean-local:
if test "z at SYSTEMPLATE_PATH@" != "z"; then rm -rf "@SYSTEMPLATE_PATH@"; fi
if test "z at TILECACHE_PATH@" != "z"; then rm -rf "@TILECACHE_PATH@"; fi
-run: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
+run: all @TILECACHE_PATH@ @JAILS_PATH@
@echo "Launching loolwsd"
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
@@ -268,7 +268,7 @@ run: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
--o:admin_console.username=admin --o:admin_console.password=admin \
--o:logging.file[@enable]=true --o:logging.level=trace
-run-valgrind: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
+run-valgrind: all @TILECACHE_PATH@ @JAILS_PATH@
@echo "Launching loolwsd under valgrind (but not forkit/loolkit, yet)"
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
@@ -282,7 +282,7 @@ run-valgrind: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
--o:admin_console.username=admin --o:admin_console.password=admin \
--o:logging.file[@enable]=false --o:logging.level=trace
-run-gdb: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
+run-gdb: all @TILECACHE_PATH@ @JAILS_PATH@
@echo "Launching loolwsd under valgrind's callgrind"
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
@@ -297,7 +297,7 @@ run-gdb: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
--o:admin_console.username=admin --o:admin_console.password=admin \
--o:logging.file[@enable]=false --o:logging.level=error
-run-callgrind: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
+run-callgrind: all @TILECACHE_PATH@ @JAILS_PATH@
@echo "Launching loolwsd under valgrind's callgrind"
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
@@ -312,7 +312,7 @@ run-callgrind: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
--o:admin_console.username=admin --o:admin_console.password=admin \
--o:logging.file[@enable]=false --o:logging.level=error
-run-strace: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
+run-strace: all @TILECACHE_PATH@ @JAILS_PATH@
@echo "Launching loolwsd under strace"
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
commit ac7d67f43e2b82dcc841ca2ecae91e668eb90613
Author: Jan Holesovsky <kendy at collabora.com>
AuthorDate: Fri Aug 3 05:12:14 2018 +0200
Commit: Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri Aug 3 05:22:03 2018 +0200
Fix networking in the chroot.
The needed files were not copied, and consequently the hostname
resolution did not work in the chroot.
Change-Id: Id3dccc4f70cd1deeddb83c8e672f240e06748e34
diff --git a/kit/Kit.cpp b/kit/Kit.cpp
index a6e386243..5a2148afa 100644
--- a/kit/Kit.cpp
+++ b/kit/Kit.cpp
@@ -190,6 +190,27 @@ namespace
}
}
+ void linkOrCopyFile(const char *fpath, Path newPath)
+ {
+ if (linkOrCopyVerboseLogging)
+ LOG_INF("Linking file \"" << fpath << "\" to \"" << newPath.toString() << "\"");
+ if (link(fpath, newPath.toString().c_str()) == -1)
+ {
+ LOG_INF("link(\"" << fpath << "\", \"" <<
+ newPath.toString() << "\") failed. Will copy.");
+ try
+ {
+ File(fpath).copyTo(newPath.toString());
+ }
+ catch (const std::exception& exc)
+ {
+ LOG_ERR("Copying of '" << fpath << "' to " << newPath.toString() <<
+ " failed: " << exc.what() << ". Exiting.");
+ std::_Exit(Application::EXIT_SOFTWARE);
+ }
+ }
+ }
+
int linkOrCopyFunction(const char *fpath,
const struct stat* /*sb*/,
int typeflag,
@@ -221,25 +242,7 @@ namespace
File(newPath.parent()).createDirectories();
if (shouldLinkFile(relativeOldPath))
- {
- if (linkOrCopyVerboseLogging)
- LOG_INF("Linking file \"" << fpath << "\" to \"" << newPath.toString() << "\"");
- if (link(fpath, newPath.toString().c_str()) == -1)
- {
- LOG_INF("link(\"" << fpath << "\", \"" <<
- newPath.toString() << "\") failed. Will copy.");
- try
- {
- File(fpath).copyTo(newPath.toString());
- }
- catch (const std::exception& exc)
- {
- LOG_ERR("Copying of '" << fpath << "' to " << newPath.toString() <<
- " failed: " << exc.what() << ". Exiting.");
- std::_Exit(Application::EXIT_SOFTWARE);
- }
- }
- }
+ linkOrCopyFile(fpath, newPath);
break;
case FTW_D:
{
@@ -2208,16 +2211,15 @@ void lokit_main(const std::string& childRoot,
bLoopMounted ? LinkOrCopyType::NoUsr : LinkOrCopyType::All);
linkOrCopy(loTemplate, jailLOInstallation, LinkOrCopyType::LO);
- // We need this because sometimes the hostname is not resolved
- const std::initializer_list<const char*> networkFiles = {"/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"};
- for (const auto& filename : networkFiles)
+ // Copy some needed files - makes the networking work in the
+ // chroot
+ const std::initializer_list<const char*> files = {"/etc/passwd", "/etc/group", "/etc/host.conf", "/etc/hosts", "/etc/nsswitch.conf", "/etc/resolv.conf"};
+ for (const auto& filename : files)
{
const Poco::Path etcPath = Path(jailPath, filename);
const std::string etcPathString = etcPath.toString();
if (File(filename).exists() && !File(etcPathString).exists() )
- {
- linkOrCopy( filename, etcPath, LinkOrCopyType::All );
- }
+ linkOrCopyFile(filename, etcPath);
}
LOG_DBG("Initialized jail files.");
diff --git a/loolwsd-systemplate-setup b/loolwsd-systemplate-setup
index 3eed41ae6..986a83aee 100755
--- a/loolwsd-systemplate-setup
+++ b/loolwsd-systemplate-setup
@@ -21,10 +21,9 @@ cd / || exit 1
# into the template tree of system files for the chroot jails.
# First essential files and shared objects
-find etc/passwd etc/group etc/hosts \
- etc/resolv.conf \
- etc/ld.so.* \
+find etc/ld.so.* \
lib/ld-* lib64/ld-* \
+ lib64/libnss_* \
var/cache/fontconfig \
etc/fonts \
etc/localtime \
@@ -38,6 +37,7 @@ find etc/passwd etc/group etc/hosts \
find etc/fonts \
lib/ld-* lib64/ld-* \
+ lib64/libnss_* \
-type l 2>/dev/null
# Go through the LO shared objects and check what system libraries
commit 521afe2e982378f821f01a81c265bc6b0ce4600a
Author: Jan Holesovsky <kendy at collabora.com>
AuthorDate: Fri Aug 3 04:57:04 2018 +0200
Commit: Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri Aug 3 05:21:25 2018 +0200
Add possibility to strace loolforkit if necessary for debugging.
Needs a rebuild with STRACE_LOOLFORKIT defined, and setting the
appropriate capabilities for the strace binary.
Change-Id: I43d45fbafa3868f6ae42f740a773ad9ed7add668
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 1ddc041c1..fc1f83013 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1354,6 +1354,16 @@ bool LOOLWSD::createForKit()
std::unique_lock<std::mutex> newChildrenLock(NewChildrenMutex);
std::vector<std::string> args;
+#ifdef STRACE_LOOLFORKIT
+ // if you want to use this, you need to setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/strace
+ args.push_back("-o");
+ args.push_back("strace.log");
+ args.push_back("-f");
+ args.push_back("-tt");
+ args.push_back("-s");
+ args.push_back("256");
+ args.push_back(Path(Application::instance().commandPath()).parent().toString() + "loolforkit");
+#endif
args.push_back("--losubpath=" + std::string(LO_JAIL_SUBPATH));
args.push_back("--systemplate=" + SysTemplate);
args.push_back("--lotemplate=" + LoTemplate);
@@ -1381,8 +1391,11 @@ bool LOOLWSD::createForKit()
if (NoSeccomp)
args.push_back("--noseccomp");
+#ifdef STRACE_LOOLFORKIT
+ std::string forKitPath = "strace";
+#else
std::string forKitPath = Path(Application::instance().commandPath()).parent().toString() + "loolforkit";
-
+#endif
// Always reap first, in case we haven't done so yet.
if (ForKitProcId != -1)
commit 6ab7acc6d6b28f2e33858fd9ff64f578a821384b
Author: Jan Holesovsky <kendy at collabora.com>
AuthorDate: Wed Aug 1 19:20:05 2018 +0200
Commit: Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri Aug 3 05:20:56 2018 +0200
wsd: Kill --nocaps, and use --o:security.capabilities="false" instead.
The --nocaps apparently stopped working when the security.capabilities was
introduced.
Change-Id: Ieee173e97b62eb4e254667bd105826486e6bdbcb
diff --git a/Makefile.am b/Makefile.am
index d12a8f24f..5b1767bcd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -287,7 +287,7 @@ run-gdb: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
gdb --tui --args \
- ./loolwsd --nocaps \
+ ./loolwsd --o:security.capabilities="false" \
--o:sys_template_path="@SYSTEMPLATE_PATH@" --o:lo_template_path="@LO_PATH@" \
--o:child_root_path="@JAILS_PATH@" --o:storage.filesystem[@allow]=true \
--o:tile_cache_path="@TILECACHE_PATH@" \
@@ -302,7 +302,7 @@ run-callgrind: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
valgrind --tool=callgrind --simulate-cache=yes --dump-instr=yes --num-callers=50 --error-limit=no --trace-children=yes \
- ./loolwsd --nocaps \
+ ./loolwsd --o:security.capabilities="false" \
--o:sys_template_path="@SYSTEMPLATE_PATH@" --o:lo_template_path="@LO_PATH@" \
--o:child_root_path="@JAILS_PATH@" --o:storage.filesystem[@allow]=true \
--o:tile_cache_path="@TILECACHE_PATH@" \
@@ -317,7 +317,7 @@ run-strace: all @TILECACHE_PATH@ @JAILS_PATH@ @SYSTEMPLATE_PATH@/system_stamp
@fc-cache "@LO_PATH@"/share/fonts/truetype
@cp $(abs_top_srcdir)/test/data/hello.odt $(abs_top_srcdir)/test/data/hello-world.odt
strace -o strace.log -f -tt -s 256 \
- ./loolwsd --nocaps \
+ ./loolwsd --o:security.capabilities="false" \
--o:sys_template_path="@SYSTEMPLATE_PATH@" --o:lo_template_path="@LO_PATH@" \
--o:child_root_path="@JAILS_PATH@" --o:storage.filesystem[@allow]=true \
--o:tile_cache_path="@TILECACHE_PATH@" \
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 3b47fac4e..1ddc041c1 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -1113,10 +1113,6 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
.required(false)
.repeatable(false)
.argument("seconds"));
-
- optionSet.addOption(Option("nocaps", "", "Use a non-privileged forkit, with increase in security problems.")
- .required(false)
- .repeatable(false));
#endif
#ifdef FUZZER
@@ -1162,10 +1158,6 @@ void LOOLWSD::handleOption(const std::string& optionName,
UnitTestLibrary = value;
else if (optionName == "careerspan")
careerSpanMs = std::stoi(value) * 1000; // Convert second to ms
-#ifndef KIT_IN_PROCESS
- else if (optionName == "nocaps")
- NoCapsForKit = true;
-#endif
static const char* clientPort = std::getenv("LOOL_TEST_CLIENT_PORT");
if (clientPort)
More information about the Libreoffice-commits
mailing list