How to isolate file access for program?
I am wondering if it is possible to change the root directory for a single, particular program. For example, I have an executable, 'miscreant.bin' that has all of it's required libraries in a directory named "libraries", in the same directory as the said executable.
I can launch the program and make it use the libraries included with the executable rather than the system with: Code:
/lib/ld-linux.so.2 --library-path ~/miscreant/libraries ~/miscreant/miscreant.bin Code:
env LD_LIBRARY_PATH=~/miscreant/libraries ~/miscreant/miscreant.bin I am running Crunchbang 10 (Statler) on a 32-bit Atom netbook. |
What you could do is create a script and have it contain a variable to have the absolute path of your choice. Then you can pre-pend the variable to the command and voila. Just my two cents.
Cheers, Josh |
Just a thought, but have you looked at using chroot? If so, I am curious as to why it isn't a solution for you. I ask because I am not really up on all the ins-and-outs of how to use it, but it sounds like it does all or at least most of what you want and it looks like you have met the major requirements by having the libraries and binaries self contained. The (free) book Linux From Scratch has a good section on setting up a chroot environment, including the preparatory bindings and creation of a the /proc file system based off of the primary one if you would like to look at a easy to follow example.
|
Quote:
Quote:
- chroot requires root access. (Okay, not a big deal... ) :p - chroot requires the program and all of it's dependencies to be inside the chroot'ed directory. I only want to redirect all file operations to a directory, not run it in it's own environment. If I have to modify libc or whatever library handles file operations, I will, but I am looking for a solution that already exists. - chroot must run the program, as opposed to simply running the program. (For what I am going to use this for, this is a major inconvenience). - I cannot get it to work. Running "sudo chroot /media/sda6/bryan/dev/cplib-build-desktop/portable /cplib" gives me this error: Code:
"chroot: cannot run command `/cplib': No such file or directory" Code:
cplib libdl.so.2 libgthread-2.0.so.0 libpthread.so.0 libstdc++.so.6 I suspect it is because required system functionality is not duplicated in the new environment. Maybe it requires a shell? Anyway, I don't want to duplicate it (I imagine that this would be inefficient for many programs). Thanks for the insightful replies! |
Okay, so I got chroot to work:
Code:
root@bryanpc:/home/bryan/echo# cp ./*.so* ./root/lib I got a hold of chroot's source code. As it turns out, it is basically a wrapper around the function 'int chroot(const char*)' in 'unistd.h'. Now, if I could find the package containing the source code for 'unistd'. |
http://linuxgazette.net/161/laycock.html:
Quote:
This way, I can run (and upload) portable programs securely without virtualization/emulation. |
All times are GMT -5. The time now is 05:44 PM. |