From a4db64532f4e8267bd37bcdc929daa4817f36ef5 Mon Sep 17 00:00:00 2001 From: Lucas Ramage Date: Fri, 10 Apr 2020 22:12:55 -0400 Subject: [PATCH] Prepare documentation for release --- .gitignore | 2 + AUTHORS | 3 + CHANGELOG.rst | 105 ++ doc/GNUmakefile | 12 +- doc/care/{changelog.txt => changelog.rst} | 10 + doc/care/{manual.txt => manual.rst} | 2 +- doc/care/{roadmap.txt => roadmap.rst} | 0 doc/howto-release.rst | 4 +- doc/proot/{changelog.txt => changelog.rst} | 10 + doc/proot/man.1 | 832 ------------- doc/proot/{manual.txt => manual.rst} | 6 +- doc/proot/{roadmap.txt => roadmap.rst} | 0 doc/proot/rpm-spec | 1234 -------------------- src/GNUmakefile | 2 +- src/cli/care.h | 2 +- src/cli/proot.h | 4 +- 16 files changed, 146 insertions(+), 2082 deletions(-) create mode 100644 CHANGELOG.rst rename doc/care/{changelog.txt => changelog.rst} (88%) rename doc/care/{manual.txt => manual.rst} (99%) rename doc/care/{roadmap.txt => roadmap.rst} (100%) rename doc/proot/{changelog.txt => changelog.rst} (98%) delete mode 100644 doc/proot/man.1 rename doc/proot/{manual.txt => manual.rst} (99%) rename doc/proot/{roadmap.txt => roadmap.rst} (100%) delete mode 100644 doc/proot/rpm-spec diff --git a/.gitignore b/.gitignore index c3f73170..5a4610cd 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,9 @@ *.html *.info *.o +*.1 doc/*.h +*rpm-spec doc/public_html/ gcov-latest/ public/ diff --git a/AUTHORS b/AUTHORS index 00c7481f..be221c49 100644 --- a/AUTHORS +++ b/AUTHORS @@ -30,3 +30,6 @@ Denis FERRANTI Paul GHALEB User manual review. + +Lucas Ramage + Website re-design, documentation, maintainer. diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 00000000..86642b0d --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,105 @@ +Changelog +========= + +All notable changes to this project will be documented in this file. + +The format is based on `Keep a Changelog`_, and this project adheres to +`Semantic Versioning`_. + +Unreleased +------------ + +Please see `Unreleased Changes`_ for more information. + +5.2.0-alpha - 2020-04-14 +------------------------ + +Added +~~~~~ + +- GitLab CI/CD pipelines for static binaries. + +- Python extension. + +- Secure disclosure instructions. + +- Vagrantfiles for kernel-specific testing. + +- Support for Musl libc. + +- Use shellcheck for scripts. + +- link2symlink extension. + +- Contributor scripts care2docker.sh, and care_rearchiver.sh + +- Clang scan-build and gcov/lcov for source code analysis. + +- Trivial chroot using relative paths. + +- port_mapper extension. + +- Commandline option --kill-on-exit. + +- Hidden PROOT_TMPDIR option. + +- Support for sudo via fake_id0 extension. + +Changed +~~~~~~~ + +- Started using top-level changelog instead of individual ones. + +- Limit testsuite to five minutes. + +- Updated release instructions. + +- Renamed tests to test. + +- Replace .exe file extension with .elf for loader binaries. + +- Use LC_ALL instead of LANG. + +- Semantics for HOST_PATH extension event arguments. + +Removed +~~~~~~~ + +- Disabled, deprecated, or unreliable tests. + +- Drop Coverity from Travis CI. + +- Cross-compiling scripts for Slackware. + +- FHS assumptions from tests. + +- References to proot.me domain. + +Fixed +~~~~~ + +- Error-code handling in substitute_binding_stat. + +- Prevent tracees from becoming undumpable. + +- Merged patches for detecting kernels >= 4.8. + +- GIT_VERSION for development binaries. + +- Replace mktemp with mkstemp. + +- File permissions for test scripts. + +- Filter renamteat2 syscall. + +- Honor GNU standards regarding DESTDIR variable. + +- Cleanup tmp on non-ext file systems. + +- Reallocation of heap for CLONE_VM on execve syscall. + +- Non-executable stack for binaries. + +.. _Unreleased Changes: https://github.com/proot-me/proot/compare/v5.2.0-alpha...master +.. _Keep a Changelog: https://keepachangelog.com/en/1.0.0 +.. _Semantic Versioning: https://semver.org/spec/v2.0.0.html diff --git a/doc/GNUmakefile b/doc/GNUmakefile index 830b7e1b..00a61f10 100644 --- a/doc/GNUmakefile +++ b/doc/GNUmakefile @@ -21,26 +21,26 @@ dist: $(OUTPUTS) @cp ${DOC_DIR}/../README.rst ${SITE_DIR}/ @cp ${DOC_DIR}/../HACKING.rst ${SITE_DIR}/ -%/man.1: %/manual.txt +%/man.1: %/manual.rst $(RST2MAN) $< $@ -%.xml: %.txt +%.xml: %.rst $(RST2XML) --no-doctype $< $@ -%.html: %.txt +%.html: %.rst $(RST2HTML) $< $@ # Workaround to avoid unescaped C character. -%/manual-quoted.txt: %/manual.txt +%/manual-quoted.rst: %/manual.rst sed 's/"/\\\\"/g' $^ > $@ %.h: %/stylesheets/cli.xsl %/manual-quoted.xml xsltproc --output $@ $^ -%/rpm-spec: %/stylesheets/rpm-spec.xsl %/manual.xml # %/changelog.txt +%/rpm-spec: %/stylesheets/rpm-spec.xsl %/manual.xml # %/changelog.rst xsltproc --output $@ $^ echo "* $(shell date +'%a %b %d %Y') PRoot Team " >> $@ - cat $*/changelog.txt >> $@ + cat $*/changelog.rst >> $@ %/index.html: stylesheets/website.xsl %/stylesheets/website.xsl %/manual.xml xsltproc --output $@ $*/stylesheets/website.xsl $*/manual.xml diff --git a/doc/care/changelog.txt b/doc/care/changelog.rst similarity index 88% rename from doc/care/changelog.txt rename to doc/care/changelog.rst index 1226bba6..ffba34c8 100644 --- a/doc/care/changelog.txt +++ b/doc/care/changelog.rst @@ -1,3 +1,13 @@ +======================================================================= +======================================================================= + + This file is no longer used for tracking changes for CARE. For + user visible changes, please look in the top-level CHANGELOG.rst + file. + +======================================================================= +======================================================================= + CARE v2.2 ========= diff --git a/doc/care/manual.txt b/doc/care/manual.rst similarity index 99% rename from doc/care/manual.txt rename to doc/care/manual.rst index 748c8a26..bb3902bf 100644 --- a/doc/care/manual.txt +++ b/doc/care/manual.rst @@ -452,7 +452,7 @@ Colophon ======== Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ... -Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later. +Copyright (C) 2020 PRoot Developers, licensed under GPL v2 or later. :: diff --git a/doc/care/roadmap.txt b/doc/care/roadmap.rst similarity index 100% rename from doc/care/roadmap.txt rename to doc/care/roadmap.rst diff --git a/doc/howto-release.rst b/doc/howto-release.rst index 6c4e1527..313b47bb 100644 --- a/doc/howto-release.rst +++ b/doc/howto-release.rst @@ -44,9 +44,9 @@ which can be optionally distributed for each release: Documentation Update -------------------- -0. update "doc/changelog.txt" +0. update "doc/changelog.rst" -1. update the release number in "doc/proot/manual.txt" +1. update the release number in "doc/proot/manual.rst" 2. regenerate the documentation: `make -C doc` diff --git a/doc/proot/changelog.txt b/doc/proot/changelog.rst similarity index 98% rename from doc/proot/changelog.txt rename to doc/proot/changelog.rst index cccc0e7d..72030a68 100644 --- a/doc/proot/changelog.txt +++ b/doc/proot/changelog.rst @@ -1,3 +1,13 @@ +======================================================================= +======================================================================= + + This file is no longer used for tracking changes for PRoot. For + user visible changes, please look in the top-level CHANGELOG.rst + file. + +======================================================================= +======================================================================= + Release v5.1.0 ============== diff --git a/doc/proot/man.1 b/doc/proot/man.1 deleted file mode 100644 index 78307820..00000000 --- a/doc/proot/man.1 +++ /dev/null @@ -1,832 +0,0 @@ -.\" Man page generated from reStructuredText. -. -.TH PROOT 1 "2016-08-09" "5.1.0" "" -.SH NAME -PRoot \- chroot, mount --bind, and binfmt_misc without privilege/setup -. -.nr rst2man-indent-level 0 -. -.de1 rstReportMargin -\\$1 \\n[an-margin] -level \\n[rst2man-indent-level] -level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] -- -\\n[rst2man-indent0] -\\n[rst2man-indent1] -\\n[rst2man-indent2] -.. -.de1 INDENT -.\" .rstReportMargin pre: -. RS \\$1 -. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] -. nr rst2man-indent-level +1 -.\" .rstReportMargin post: -.. -.de UNINDENT -. RE -.\" indent \\n[an-margin] -.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] -.nr rst2man-indent-level -1 -.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] -.in \\n[rst2man-indent\\n[rst2man-indent-level]]u -.. -.SH SYNOPSIS -.sp -\fBproot\fP [\fIoption\fP] ... [\fIcommand\fP] -.SH DESCRIPTION -.sp -PRoot is a user\-space implementation of \fBchroot\fP, \fBmount \-\-bind\fP, -and \fBbinfmt_misc\fP\&. This means that users don\(aqt need any privileges -or setup to do things like using an arbitrary directory as the new -root filesystem, making files accessible somewhere else in the -filesystem hierarchy, or executing programs built for another CPU -architecture transparently through QEMU user\-mode. Also, developers -can use PRoot as a generic Linux process instrumentation engine thanks -to its extension mechanism, see \fI\%CARE\fP for an example. Technically -PRoot relies on \fBptrace\fP, an unprivileged system\-call available in -every Linux kernel. -.sp -The new root file\-system, a.k.a \fIguest rootfs\fP, typically contains a -Linux distribution. By default PRoot confines the execution of -programs to the guest rootfs only, however users can use the built\-in -\fImount/bind\fP mechanism to access files and directories from the actual -root file\-system, a.k.a \fIhost rootfs\fP, just as if they were part of -the guest rootfs. -.sp -When the guest Linux distribution is made for a CPU architecture -incompatible with the host one, PRoot uses the CPU emulator QEMU -user\-mode to execute transparently guest programs. It\(aqs a convenient -way to develop, to build, and to validate any guest Linux packages -seamlessly on users\(aq computer, just as if they were in a \fInative\fP -guest environment. That way all of the cross\-compilation issues are -avoided. -.sp -PRoot can also \fImix\fP the execution of host programs and the execution -of guest programs emulated by QEMU user\-mode. This is useful to use -host equivalents of programs that are missing from the guest rootfs -and to speed up build\-time by using cross\-compilation tools or -CPU\-independent programs, like interpreters. -.sp -It is worth noting that the guest kernel is never involved, regardless -of whether QEMU user\-mode is used or not. Technically, when guest -programs perform access to system resources, PRoot translates their -requests before sending them to the host kernel. This means that -guest programs can use host resources (devices, network, ...) just as -if they were "normal" host programs. -.SH OPTIONS -.sp -The command\-line interface is composed of two parts: first PRoot\(aqs -options (optional), then the command to launch (\fB/bin/sh\fP if not -specified). This section describes the options supported by PRoot, -that is, the first part of its command\-line interface. -.SS Regular options -.INDENT 0.0 -.TP -.BI \-r \ path\fP,\fB \ \-\-rootfs\fB= path -Use \fIpath\fP as the new guest root file\-system, default is \fB/\fP\&. -.sp -The specified \fIpath\fP typically contains a Linux distribution where -all new programs will be confined. The default rootfs is \fB/\fP -when none is specified, this makes sense when the bind mechanism -is used to relocate host files and directories, see the \fB\-b\fP -option and the \fBExamples\fP section for details. -.sp -It is recommended to use the \fB\-R\fP or \fB\-S\fP options instead. -.TP -.BI \-b \ path\fP,\fB \ \-\-bind\fB= path\fP,\fB \ \-m \ path\fP,\fB \ \-\-mount\fB= path -Make the content of \fIpath\fP accessible in the guest rootfs. -.sp -This option makes any file or directory of the host rootfs -accessible in the confined environment just as if it were part of -the guest rootfs. By default the host path is bound to the same -path in the guest rootfs but users can specify any other location -with the syntax: \fB\-b *host_path*:*guest_location*\fP\&. If the -guest location is a symbolic link, it is dereferenced to ensure -the new content is accessible through all the symbolic links that -point to the overlaid content. In most cases this default -behavior shouldn\(aqt be a problem, although it is possible to -explicitly not dereference the guest location by appending it the -\fB!\fP character: \fB\-b *host_path*:*guest_location!*\fP\&. -.TP -.BI \-q \ command\fP,\fB \ \-\-qemu\fB= command -Execute guest programs through QEMU as specified by \fIcommand\fP\&. -.sp -Each time a guest program is going to be executed, PRoot inserts -the QEMU user\-mode \fIcommand\fP in front of the initial request. -That way, guest programs actually run on a virtual guest CPU -emulated by QEMU user\-mode. The native execution of host programs -is still effective and the whole host rootfs is bound to -\fB/host\-rootfs\fP in the guest environment. -.TP -.BI \-w \ path\fP,\fB \ \-\-pwd\fB= path\fP,\fB \ \-\-cwd\fB= path -Set the initial working directory to \fIpath\fP\&. -.sp -Some programs expect to be launched from a given directory but do -not perform any \fBchdir\fP by themselves. This option avoids the -need for running a shell and then entering the directory manually. -.TP -.BI \-v \ value\fP,\fB \ \-\-verbose\fB= value -Set the level of debug information to \fIvalue\fP\&. -.sp -The higher the integer \fIvalue\fP is, the more detailed debug -information is printed to the standard error stream. A negative -\fIvalue\fP makes PRoot quiet except on fatal errors. -.TP -.B \-V\fP,\fB \-\-version\fP,\fB \-\-about -Print version, copyright, license and contact, then exit. -.TP -.B \-h\fP,\fB \-\-help\fP,\fB \-\-usage -Print the version and the command\-line usage, then exit. -.UNINDENT -.SS Extension options -.sp -The following options enable built\-in extensions. Technically -developers can add their own features to PRoot or use it as a Linux -process instrumentation engine thanks to its extension mechanism, see -the sources for further details. -.INDENT 0.0 -.TP -.BI \-k \ string\fP,\fB \ \-\-kernel\-release\fB= string -Make current kernel appear as kernel release \fIstring\fP\&. -.sp -If a program is run on a kernel older than the one expected by its -GNU C library, the following error is reported: "FATAL: kernel too -old". To be able to run such programs, PRoot can emulate some of -the features that are available in the kernel release specified by -\fIstring\fP but that are missing in the current kernel. -.TP -.B \-0\fP,\fB \-\-root\-id -Make current user appear as "root" and fake its privileges. -.sp -Some programs will refuse to work if they are not run with "root" -privileges, even if there is no technical reason for that. This -is typically the case with package managers. This option allows -users to bypass this kind of limitation by faking the user/group -identity, and by faking the success of some operations like -changing the ownership of files, changing the root directory to -\fB/\fP, ... Note that this option is quite limited compared to -\fBfakeroot\fP\&. -.TP -.BI \-i \ string\fP,\fB \ \-\-change\-id\fB= string -Make current user and group appear as \fIstring\fP "uid:gid". -.sp -This option makes the current user and group appear as \fIuid\fP and -\fIgid\fP\&. Likewise, files actually owned by the current user and -group appear as if they were owned by \fIuid\fP and \fIgid\fP instead. -Note that the \fB\-0\fP option is the same as \fB\-i 0:0\fP\&. -.TP -.BI \-p \ string\fP,\fB \ \-\-port\fB= string -Map ports to others with the syntax as \fIstring\fP "port_in:port_out ...". -.sp -This option makes PRoot intercept bind and connect system calls, -and change the port they use. The port map is specified -with the syntax: \fB\-b *port_in*:*port_out*\fP\&. For example, -an application that runs a MySQL server binding to 5432 wants -to cohabit with other similar application, but doesn\(aqt have an -option to change its port. PRoot can be used here to modify -this port: \fBproot \-p 5432:5433 myapplication\fP\&. With this command, -the MySQL server will be bound to the port 5433. -This command can be repeated multiple times to map multiple ports. -.TP -.B \-n\fP,\fB \-\-netcoop -Activates the network cooperation mode. -.sp -This option makes PRoot intercept bind() system calls and -change the port they are binding to to 0. With this, the system will -allocate an available port. Each time this is done, a new entry is added -to the port mapping entries, so that corresponding connect() system calls -use the same resulting port. -.UNINDENT -.SS Alias options -.sp -The following options are aliases for handy sets of options. -.INDENT 0.0 -.TP -.BI \-R \ path -Alias: \fB\-r *path*\fP + a couple of recommended \fB\-b\fP\&. -.sp -Programs isolated in \fIpath\fP, a guest rootfs, might still need to -access information about the host system, as it is illustrated in -the \fBExamples\fP section of the manual. These host information -are typically: user/group definition, network setup, run\-time -information, users\(aq files, ... On all Linux distributions, they -all lie in a couple of host files and directories that are -automatically bound by this option: -.INDENT 7.0 -.IP \(bu 2 -/etc/host.conf -.IP \(bu 2 -/etc/hosts -.IP \(bu 2 -/etc/hosts.equiv -.IP \(bu 2 -/etc/mtab -.IP \(bu 2 -/etc/netgroup -.IP \(bu 2 -/etc/networks -.IP \(bu 2 -/etc/passwd -.IP \(bu 2 -/etc/group -.IP \(bu 2 -/etc/nsswitch.conf -.IP \(bu 2 -/etc/resolv.conf -.IP \(bu 2 -/etc/localtime -.IP \(bu 2 -/dev/ -.IP \(bu 2 -/sys/ -.IP \(bu 2 -/proc/ -.IP \(bu 2 -/tmp/ -.IP \(bu 2 -/run/ -.IP \(bu 2 -/var/run/dbus/system_bus_socket -.IP \(bu 2 -$HOME -.IP \(bu 2 -\fIpath\fP -.UNINDENT -.TP -.BI \-S \ path -Alias: \fB\-0 \-r *path*\fP + a couple of recommended \fB\-b\fP\&. -.sp -This option is useful to safely create and install packages into -the guest rootfs. It is similar to the \fB\-R\fP option except it -enables the \fB\-0\fP option and binds only the following minimal set -of paths to avoid unexpected changes on host files: -.INDENT 7.0 -.IP \(bu 2 -/etc/host.conf -.IP \(bu 2 -/etc/hosts -.IP \(bu 2 -/etc/nsswitch.conf -.IP \(bu 2 -/etc/resolv.conf -.IP \(bu 2 -/dev/ -.IP \(bu 2 -/sys/ -.IP \(bu 2 -/proc/ -.IP \(bu 2 -/tmp/ -.IP \(bu 2 -/run/shm -.IP \(bu 2 -$HOME -.IP \(bu 2 -\fIpath\fP -.UNINDENT -.UNINDENT -.SH EXIT STATUS -.sp -If an internal error occurs, \fBproot\fP returns a non\-zero exit status, -otherwise it returns the exit status of the last terminated -program. When an error has occurred, the only way to know if it comes -from the last terminated program or from \fBproot\fP itself is to have a -look at the error message. -.SH FILES -.sp -PRoot reads links in \fB/proc//fd/\fP to support \fIopenat(2)\fP\-like -syscalls made by the guest programs. -.SH EXAMPLES -.sp -In the following examples the directories \fB/mnt/slackware\-8.0\fP and -\fB/mnt/armslack\-12.2/\fP contain a Linux distribution respectively made -for x86 CPUs and ARM CPUs. -.SS \fBchroot\fP equivalent -.sp -To execute a command inside a given Linux distribution, just give -\fBproot\fP the path to the guest rootfs followed by the desired -command. The example below executes the program \fBcat\fP to print the -content of a file: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-r /mnt/slackware\-8.0/ cat /etc/motd - -Welcome to Slackware Linux 8.0 -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -The default command is \fB/bin/sh\fP when none is specified. Thus the -shortest way to confine an interactive shell and all its sub\-programs -is: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-r /mnt/slackware\-8.0/ - -$ cat /etc/motd -Welcome to Slackware Linux 8.0 -.ft P -.fi -.UNINDENT -.UNINDENT -.SS \fBmount \-\-bind\fP equivalent -.sp -The bind mechanism enables one to relocate files and directories. This is -typically useful to trick programs that perform access to hard\-coded -locations, like some installation scripts: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-b /tmp/alternate_opt:/opt - -$ cd to/sources -$ make install -[...] -install \-m 755 prog "/opt/bin" -[...] # prog is installed in "/tmp/alternate_opt/bin" actually -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -As shown in this example, it is possible to bind over files not even -owned by the user. This can be used to \fIoverlay\fP system configuration -files, for instance the DNS setting: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -ls \-l /etc/hosts -\-rw\-r\-\-r\-\- 1 root root 675 Mar 4 2011 /etc/hosts -.ft P -.fi -.UNINDENT -.UNINDENT -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-b ~/alternate_hosts:/etc/hosts - -$ echo \(aq1.2.3.4 google.com\(aq > /etc/hosts -$ resolveip google.com -IP address of google.com is 1.2.3.4 -$ echo \(aq5.6.7.8 google.com\(aq > /etc/hosts -$ resolveip google.com -IP address of google.com is 5.6.7.8 -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Another example: on most Linux distributions \fB/bin/sh\fP is a symbolic -link to \fB/bin/bash\fP, whereas it points to \fB/bin/dash\fP on Debian -and Ubuntu. As a consequence a \fB#!/bin/sh\fP script tested with Bash -might not work with Dash. In this case, the binding mechanism of -PRoot can be used to set non\-disruptively \fB/bin/bash\fP as the default -\fB/bin/sh\fP on these two Linux distributions: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-b /bin/bash:/bin/sh [...] -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Because \fB/bin/sh\fP is initially a symbolic link to \fB/bin/dash\fP, the -content of \fB/bin/bash\fP is actually bound over this latter: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-b /bin/bash:/bin/sh - -$ md5sum /bin/sh -089ed56cd74e63f461bef0fdfc2d159a /bin/sh -$ md5sum /bin/bash -089ed56cd74e63f461bef0fdfc2d159a /bin/bash -$ md5sum /bin/dash -089ed56cd74e63f461bef0fdfc2d159a /bin/dash -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -In most cases this shouldn\(aqt be a problem, but it is still possible to -strictly bind \fB/bin/bash\fP over \fB/bin/sh\fP \-\- without dereferencing -it \-\- by specifying the \fB!\fP character at the end: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-b \(aq/bin/bash:/bin/sh!\(aq - -$ md5sum /bin/sh -089ed56cd74e63f461bef0fdfc2d159a /bin/sh -$ md5sum /bin/bash -089ed56cd74e63f461bef0fdfc2d159a /bin/bash -$ md5sum /bin/dash -c229085928dc19e8d9bd29fe88268504 /bin/dash -.ft P -.fi -.UNINDENT -.UNINDENT -.SS \fBchroot\fP + \fBmount \-\-bind\fP equivalent -.sp -The two features above can be combined to make any file from the host -rootfs accessible in the confined environment just as if it were -initially part of the guest rootfs. It is sometimes required to run -programs that rely on some specific files: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-r /mnt/slackware\-8.0/ - -$ ps \-o tty,command -Error, do this: mount \-t proc none /proc -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -works better with: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-r /mnt/slackware\-8.0/ \-b /proc - -$ ps \-o tty,command -TT COMMAND -? bash -? proot \-b /proc /mnt/slackware\-8.0/ -? sh -? ps \-o tty,command -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Actually there\(aqs a bunch of such specific files, that\(aqs why PRoot -provides the option \fB\-R\fP to bind automatically a pre\-defined list of -recommended paths: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/slackware\-8.0/ - -$ ps \-o tty,command -TT COMMAND -pts/6 bash -pts/6 proot \-R /mnt/slackware\-8.0/ -pts/6 sh -pts/6 ps \-o tty,command -.ft P -.fi -.UNINDENT -.UNINDENT -.SS \fBchroot\fP + \fBmount \-\-bind\fP + \fBsu\fP equivalent -.sp -Some programs will not work correctly if they are not run by the -"root" user, this is typically the case with package managers. PRoot -can fake the root identity and its privileges when the \fB\-0\fP (zero) -option is specified: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-r /mnt/slackware\-8.0/ \-0 - -# id -uid=0(root) gid=0(root) [...] - -# mkdir /tmp/foo -# chmod a\-rwx /tmp/foo -# echo \(aqI bypass file\-system permissions.\(aq > /tmp/foo/bar -# cat /tmp/foo/bar -I bypass file\-system permissions. -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -This option is typically required to create or install packages into -the guest rootfs. Note it is \fInot\fP recommended to use the \fB\-R\fP -option when installing packages since they may try to update bound -system files, like \fB/etc/group\fP\&. Instead, it is recommended to use -the \fB\-S\fP option. This latter enables the \fB\-0\fP option and binds -only paths that are known to not be updated by packages: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-S /mnt/slackware\-8.0/ - -# installpkg perl.tgz -Installing package perl... -.ft P -.fi -.UNINDENT -.UNINDENT -.SS \fBchroot\fP + \fBmount \-\-bind\fP + \fBbinfmt_misc\fP equivalent -.sp -PRoot uses QEMU user\-mode to execute programs built for a CPU -architecture incompatible with the host one. From users\(aq -point\-of\-view, guest programs handled by QEMU user\-mode are executed -transparently, that is, just like host programs. To enable this -feature users just have to specify which instance of QEMU user\-mode -they want to use with the option \fB\-q\fP: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/armslack\-12.2/ \-q qemu\-arm - -$ cat /etc/motd -Welcome to ARMedSlack Linux 12.2 -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -The parameter of the \fB\-q\fP option is actually a whole QEMU user\-mode -command, for instance to enable its GDB server on port 1234: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/armslack\-12.2/ \-q "qemu\-arm \-g 1234" emacs -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -PRoot allows one to mix transparently the emulated execution of guest -programs and the native execution of host programs in the same -file\-system namespace. It\(aqs typically useful to extend the list of -available programs and to speed up build\-time significantly. This -mixed\-execution feature is enabled by default when using QEMU -user\-mode, and the content of the host rootfs is made accessible -through \fB/host\-rootfs\fP: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/armslack\-12.2/ \-q qemu\-arm - -$ file /bin/echo -[...] ELF 32\-bit LSB executable, ARM [...] -$ /bin/echo \(aqHello world!\(aq -Hello world! - -$ file /host\-rootfs/bin/echo -[...] ELF 64\-bit LSB executable, x86\-64 [...] -$ /host\-rootfs/bin/echo \(aqHello mixed world!\(aq -Hello mixed world! -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Since both host and guest programs use the guest rootfs as \fB/\fP, -users may want to deactivate explicitly cross\-filesystem support found -in most GNU cross\-compilation tools. For example with GCC configured -to cross\-compile to the ARM target: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/armslack\-12.2/ \-q qemu\-arm - -$ export CC=/host\-rootfs/opt/cross\-tools/arm\-linux/bin/gcc -$ export CFLAGS="\-\-sysroot=/" # could be optional indeed -$ ./configure; make -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -As with regular files, a host instance of a program can be bound over -its guest instance. Here is an example where the guest binary of -\fBmake\fP is overlaid by the host one: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -proot \-R /mnt/armslack\-12.2/ \-q qemu\-arm \-b /usr/bin/make - -$ which make -/usr/bin/make -$ make \-\-version # overlaid -GNU Make 3.82 -Built for x86_64\-slackware\-linux\-gnu -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -It\(aqs worth mentioning that even when mixing the native execution of -host programs and the emulated execution of guest programs, they still -believe they are running in a native guest environment. As a -demonstration, here is a partial output of a typical \fB\&./configure\fP -script: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -checking whether the C compiler is a cross\-compiler... no -.ft P -.fi -.UNINDENT -.UNINDENT -.SH DOWNLOADS -.SS PRoot -.sp -The source code for PRoot and CARE are hosted in the same repository on \fI\%GitHub\fP\&. -Previous PRoot releases were packaged at \fI\%https://github.com/proot\-me/proot\-static\-build/releases\fP, however, that -repository has since been archived. The latest builds can be found under the job artifacts for the \fI\%GitLab CI/CD Pipelines\fP for each commit. -.SS Rootfs -.sp -Here follows a couple of URLs where some rootfs archives can be freely -downloaded. Note that \fBmknod\fP errors reported by \fBtar\fP when -extracting these archives can be safely ignored since special files -are typically bound (see \fB\-R\fP option for details). -.INDENT 0.0 -.IP \(bu 2 -\fI\%https://download.openvz.org/template/precreated\fP -.IP \(bu 2 -\fI\%https://images.linuxcontainers.org/images\fP -.IP \(bu 2 -\fI\%http://distfiles.gentoo.org/releases\fP -.IP \(bu 2 -\fI\%http://cdimage.ubuntu.com/ubuntu\-core\fP -.IP \(bu 2 -\fI\%https://archlinuxarm.org/about/downloads\fP -.IP \(bu 2 -\fI\%https://alpinelinux.org/downloads\fP -.UNINDENT -.sp -Technically such rootfs archive can be created by running the -following command on the expected Linux distribution: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -tar \-\-one\-file\-system \-\-create \-\-gzip \-\-file my_rootfs.tar.gz / -.ft P -.fi -.UNINDENT -.UNINDENT -.SH ECOSYSTEM -.sp -The following ecosystem has developed around PRoot since it has been -made publicly available. -.SS Projects using PRoot or CARE -.INDENT 0.0 -.IP \(bu 2 -\fI\%CARE\fP: archive material used during an execution to make it -reproducible on any Linux system. -.IP \(bu 2 -\fI\%GNURoot\fP: -use several Linux distros on Android without root access. -.IP \(bu 2 -\fI\%Debian noroot\fP: -use Debian Linux on Android without root access. -.IP \(bu 2 -\fI\%Polysquare Travis Container\fP: -use several Linux distros on Travis\-CI without root access. -.IP \(bu 2 -\fI\%JuNest\fP: -use Arch Linux on any Linux distros without root access. -.IP \(bu 2 -\fI\%Portable PyPy\fP: -portable 32 and 64 bit x86 PyPy binaries. -.IP \(bu 2 -\fI\%OpenMOLE\fP: -execute programs on distributed computing environments. -.IP \(bu 2 -\fI\%ATOS\fP: -find automatically C/C++ compiler options that provide best -optimizations. -.IP \(bu 2 -\fI\%OPAM2Debian\fP: -create Debian packages which contains a fully compiled OPAM -installation. -.IP \(bu 2 -\fI\%SIO Workers\fP: -batch long\-term computations with Python. -.UNINDENT -.SS Third party packages -.sp -Binaries from the \fI\%Downloads\fP section are likely more up\-to\-date. -.INDENT 0.0 -.IP \(bu 2 -\fI\%Alpine Linux\fP -.IP \(bu 2 -\fI\%Arch Linux\fP -.IP \(bu 2 -\fI\%Void Linux\fP -.IP \(bu 2 -\fI\%Gentoo\fP -.IP \(bu 2 -\fI\%Debian\fP -.IP \(bu 2 -\fI\%Ubuntu\fP -.IP \(bu 2 -\fI\%NixOS\fP -.IP \(bu 2 -\fI\%University of Chicago RCC\fP -.UNINDENT -.SS Public material about PRoot or CARE -.INDENT 0.0 -.IP \(bu 2 -articles on \fI\%Rémi\(aqs blog\fP\&. Rémi (a.k.a Ivoire) -is one of the PRoot developers. -.IP \(bu 2 -presentation "\fI\%Software engineering tools based on syscall -instrumentation\fP" during -FOSDEM 2014. -.IP \(bu 2 -presentation "\fI\%SW testing & Reproducing a LAVA failures locally -using CARE\fP" -during Linaro Connect USA 2014 -.IP \(bu 2 -presentation and essay "\fI\%CARE: the Comprehensive Archiver for -Reproducible Execution\fP" -(\fI\%essay\fP) -during TRUST 2014 -.IP \(bu 2 -presentation "\fI\%An Introduction to the CARE tool (dead link)\fP" -during HiPEAC CSW 2013 -.IP \(bu 2 -presentation and essay "\fI\%PRoot: a Step Forward for QEMU User\-Mode\fP" (\fI\%proceedings\fP) during -QUF\(aq11 -.IP \(bu 2 -tutorial "\fI\%How to install nix in home (on another distribution)\fP" -.UNINDENT -.SS Companies using PRoot or CARE internally -.INDENT 0.0 -.IP \(bu 2 -STMicroelectronics -.IP \(bu 2 -Sony -.IP \(bu 2 -Ericsson -.IP \(bu 2 -Cisco -.IP \(bu 2 -Gogo -.UNINDENT -.SH SEE ALSO -.sp -chroot(1), mount(8), binfmt_misc, ptrace(2), qemu(1), sb2(1), -bindfs(1), fakeroot(1), fakechroot(1) -.SH COLOPHON -.sp -Visit \fI\%https://proot\-me.github.io\fP for help, bug reports, suggestions, patches, ... -Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C - _____ _____ ___ -| __ \e __ \e_____ _____| |_ -| __/ / _ \e/ _ \e _| -|__| |__|__\e_____/\e_____/\e____| -.ft P -.fi -.UNINDENT -.UNINDENT -.\" Generated by docutils manpage writer. -. diff --git a/doc/proot/manual.txt b/doc/proot/manual.rst similarity index 99% rename from doc/proot/manual.txt rename to doc/proot/manual.rst index bbe78aa3..1e66d50e 100644 --- a/doc/proot/manual.txt +++ b/doc/proot/manual.rst @@ -6,8 +6,8 @@ ``chroot``, ``mount --bind``, and ``binfmt_misc`` without privilege/setup ------------------------------------------------------------------------- -:Date: 2016-08-09 -:Version: 5.1.0 +:Date: 2020-04-14 +:Version: 5.2.0-alpha :Manual section: 1 @@ -666,7 +666,7 @@ Colophon ======== Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ... -Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later. +Copyright (C) 2020 PRoot Developers, licensed under GPL v2 or later. :: diff --git a/doc/proot/roadmap.txt b/doc/proot/roadmap.rst similarity index 100% rename from doc/proot/roadmap.txt rename to doc/proot/roadmap.rst diff --git a/doc/proot/rpm-spec b/doc/proot/rpm-spec deleted file mode 100644 index 686f96f6..00000000 --- a/doc/proot/rpm-spec +++ /dev/null @@ -1,1234 +0,0 @@ -%define version v5.1.0 - -Summary : chroot, mount --bind, and binfmt_misc without privilege/setup -Version : %{version} -Release : 1 -License : GPL2+ -Group : Applications/System -Source : proot-%{version}.tar.gz -Buildroot : %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -Prefix : /usr -Name : proot - -BuildRequires: libtalloc-devel - -%if 0%{?suse_version} >= 1210 || 0%{?fedora_version} >= 15 -BuildRequires: glibc-static -%endif - -%if !0%{?suse_version} != 0 -BuildRequires: which -%endif - -%description -PRoot is a user-space implementation of chroot, mount --bind, -and binfmt_misc. This means that users don't need any privileges -or setup to do things like using an arbitrary directory as the new -root filesystem, making files accessible somewhere else in the -filesystem hierarchy, or executing programs built for another CPU -architecture transparently through QEMU user-mode. Also, developers -can use PRoot as a generic Linux process instrumentation engine thanks -to its extension mechanism, see CARE for an example. Technically -PRoot relies on ptrace, an unprivileged system-call available in -every Linux kernel. - -%prep -%setup -n proot-%{version} - -%build -make -C src - -%install -make -C src install PREFIX=%{buildroot}/%{prefix} -install -D doc/proot/man.1 %{buildroot}/%{_mandir}/man1/proot.1 - -%check -env LD_SHOW_AUXV=1 true -cat /proc/cpuinfo -./src/proot -V -./src/proot -v 1 true -make -C test - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{prefix}/bin/proot -%doc %{_mandir}/man1/proot.1* -%doc COPYING -%doc doc/* - -%changelog -* Fri Dec 13 2019 PRoot Team -Release v5.1.0 -============== - -New features ------------- - -+ Processes under PRoot now appear with their real names, that is, - they are not renamed "ld-linux.so" or "prooted-..." anymore: - - before: - - $ proot-v4.0.3 ps - PID TTY TIME CMD - 7885 pts/11 00:00:00 bash - 8131 pts/11 00:00:00 proot-v4.0.3 - 8132 pts/11 00:00:00 ld-2.17.so - - $ proot-v5.0.0 ps - PID TTY TIME CMD - 7885 pts/11 00:00:00 bash - 7916 pts/11 00:00:00 proot-v5.0.0 - 7917 pts/11 00:00:00 prooted-7916-Jb - - now: - - $ proot-v5.1.0 ps - PID TTY TIME CMD - 7885 pts/11 00:00:00 bash - 8585 pts/11 00:00:00 proot-v5.1.0 - 8586 pts/11 00:00:00 ps - -Fixes ------ - -+ It is now possible to use GDB against multi-threaded programs under - PRoot x86_64 and x86. - -+ It is possible to execute x86_64 programs from x86 programs again. - -+ It is possible to use x86 ptrace-based programs (strace, gdb, ...) - under PRoot x86_64 again. - -+ The loader is now built with the "build-id" linker option explicitly - disabled. This special section might interfere with loaded - programs. - -+ The loader can now load relocatable objects that have a predefined - base address. - -Acknowledgements ----------------- - -Thanks to Erwan Gouriou, Sébastien Gandon, Christian milkylainen, -Henrik Wallin, and Frank Teo for their bug reports and tests. - -Thanks to Jérôme Audu, Yann Droneaud, and Christophe Monat for their -precious help. - - -Release v5.0.0 -============== - -Highlight ---------- - -PRoot used to rely on the ELF loader embedded in the ELF interpreter -from the GNU libc. Sadly this latter suffers from many issues: - -+ programs that use constructors or destructors might crash: a typical - example is C++ programs. - -+ programs that rely on the "rpath" mechanism and that are invoked - through a symlink might not start: a typical example is the JVM on - Debian. - -+ programs that read processes command-line migth be confused because - initial argv[0] is replaced: typical examples are ps and top. - -Moreover not all ELF interpreters provide this feature. For instance, -ELF interpreters shipped with Bionic (Android) and some versions of -the uClibC can't be used as ELF loaders. As a consequence it was not -possible to proot into a rootfs that uses such C library. - -Now PRoot has its own loader, that means all the limitations above -doesn't exist anymore. - -Fixes ------ - -+ Most bugs related to shebang support -- ie. "#!" at the beginning of - a program -- were fixed. - -Command-line interface changes ------------------------------- - -+ PRoot now starts a login shell when no command is specified; this - makes the shell read profile files from the guest rootfs, as - expected by some guest programs. To get the old behavior, launch - "/bin/sh" explicitly: - - proot -r whatever /bin/sh - -+ The -R option now binds "/run" and "/var/run/dbus/system_bus_socket" - too. This is useful for guest programs that need to communicate - with host services. - - -Release v4.0.3 -============== - -+ Heap emulation is disabled when a "suspicious" call to brk(2) is - actually legit, as it might be the case when launching the very - first program. - -+ The "-0" and "-S" options ("root" identity emulation) now fake - success of mknodat(2), as it was the case for mknod(2) previously. - This missing feature was revealed by the AArch64 port. - -+ The "-k" option (kernel compatibility emulation) now works on - Linux/AArch64. - -Thanks to Rémi Duraffort for the bug reports and for his LAVA testing -platform! - - -Release v4.0.2 -============== - -+ Fix how the very first program is launched by PRoot. Previously, - argv[0] was not preserved when the very first program was launched - through a symbolic link. This old behavior used to bug programs - like Busybox and python-exec. Thanks to "hhm", Ivailo "fluxer" - Monev, and Joakim Tjernlund for the bug reports. - -+ Fix renameat(2) sysexit support. There was a bug in PRoot that was - exposed by the Aarch64 (a.k.a arm64) port only but that might affect - other architectures. - -+ Fix build for AArch64. Thanks to Rémi Duraffort for the patches and - for the Debian/arm64 testing platform. - -+ Fix support for "long" socket paths. These can only be 108 bytes - long; this limit might be easily reached with PRoot since the path - to the rootfs is always prepended. The solution was to - automatically bind this long path to a shorter path. This bug was - exposed by LibreOffice and Yocto's pseudo. Thanks to Christophe - Guillon for the bug report. - - -Release v4.0.1 -============== - -+ Fix a couple of portability issues in the testsuite. Thanks to Rémi - Duraffort for all the tests he made on his instance of Linaro LAVA. - -+ Set $PWD to the value specified by the -w option, otherwise Bash pwd - builtin might be confused under some specific circumstances. Thanks - to Jérémy Bobbio for the bug report. - -+ Fix support for accessat and fchmodat syscalls: they have only three - parameters, not four. This bug was exposed by Gentoo's sandbox: - - proot -S gentoo-amd64-hardened+nomultilib-rootfs emerge util-linux - - -Release v4.0.0 -============== - -Highlights ----------- - -+ It is now possible to use GDB, Strace, or any other program based on - "ptrace" under PRoot. This was not the case previously because it - is not possible to stack ptracers on Linux, so an emulation layer - was developed in order to bypass this limitation. This has required - a lot of changes in PRoot, hence the major number version bumping. - It was mostly tested on x86_64, and partially tested on x86 and ARM. - This ptrace emulation support is still experimental, and there are a - couple of known issues, but feel free to report unexpected behaviors - if you need a fix. - -+ A new command-line option is available: "-S". It is similar to the - "-R" option except it enables the "-0" option and binds only a - minimal set of paths that are known to not be updated by package - installations, to avoid unexpected changes on host files. This - option is useful to safely create and install packages into the - guest rootfs. For example: - - $ proot -S ubuntu-14.04-rootfs/ apt-get install samba - - or: - - $ proot -S ubuntu-14.04-rootfs/ - # apt-get install samba - - If "-0 -R" is used instead of "-S", the same command fails since it - tries to update "/etc/group", which is bound to the host system and - is not writable (assuming PRoot is ran without privileges): - - $ proot -0 -R ubuntu-14.04-rootfs/ - # apt-get install samba - [...] - Adding group `sambashare' (GID 105) ... - Permission denied - -+ The fake_id0 extension can now fake any user and group identifiers. - That means, when "-0" is specified, PRoot-ed processes can change - their real, effective and saved identifiers, with respect to the - rules described in setuid, setfsuid, setreuid, setresuid, and - setfsuid manuals. Also, the new command-line option "-i" was added - to change explicitly the identifiers to the specified values. This - option will be used by CARE to re-execute with the same initial - identifiers, but it could also be useful to threaten your teammates - ;). Note that the "-0" option is actually the same as "-i 0:0". - -+ The old command-line interface is not supported anymore. That means - it is now impossible to specify the path to the guest rootfs without - using -r or -R. Also, -Q and -B options are definitively gone, - instead the -R option must be specified, respectively with and - without -q. See PRoot v3.1 release notes for details. - -Fixes ------ - -+ getcwd(2) and chdir(2) now return the correct error code when, - respectively, the current directory does not exist anymore and the - target directory doesn't have the "search" permission. - -+ Named file descriptors (ie. links in /proc//fd/*) are not - dereferenced anymore since they may point to special objects like - pipes, sockets, inodes, ... Such objects do not exist on the - file-system name-space, so dereferencing them used to cause - unexpected errors. - -+ Extensions now see every component of canonicalized paths. An - optimization in the canonicalization loop used to skip the first - part of a path if it was known to be already canonicalized, sadly - this short-cut may confuse some extensions, like -0. - -+ Temporary files and directories created by PRoot for its own purpose - are now automatically deleted when PRoot exits. - - -Miscellaneous -------------- - -+ PRoot does not rely on GCC C extensions anymore, like nested - functions. That means its stack does not have to be executable - (this is required for hardened Linux systems), and it can now be - compiled with Clang. - -+ The ASLR (Address Space Layout Randomization) is not disabled - anymore, and the heap is now emulated on all architectures. - - -Internal changes ----------------- - -This section is dedicated to developers. - -+ PRoot now remembers the parent of all tracees, it is similar to a - traced process tree. This was required for the ptrace emulation - support, but this could be useful to some extensions. - -+ It is now possible to restart a tracee with any ptrace restart mode: - single-step, single-block, ... - -+ Functions {peek,poke}_mem were replaced with functions - {peek,poke}_{,u}int{8,16,32,64}. These new functions performs type - conversion and fetch only the necessary amount of data in target - tracee's memory to avoid invalid accesses. - -+ There is a new interface to handle ELF auxiliary vectors. See - ptrace emulation, kompat and fake_id0 extensions for usage examples. - -+ There is a new interface to create temporary files and directories - that are automatically deleted on exit. See CARE extension, glue - and auxv support for usage examples. - -+ When built with GCC function instrumentation support, PRoot prints - the currently called function on standard error stream (stderr). - -Thanks ------- - -Thanks go to Stephen McCamant, Oren Tirosh, Jérôme Audu, and Carlos -Hernan Prada Rojas for their bug reports and tests; and to Rémi -Duraffort for his contributions. - - -Release v3.2.2 -============== - -+ Remove a useless memory layout constraint on x86_64 that bugs some - programs like java and or qemu. - -+ It is now possible to launch the initial program from a relative - path without specifying the "./" prefix, for example: - - $ proot path/to/program - -+ Don't discard fcntl(F_DUPFD_CLOEXEC) systematically when the kompat - extension is enabled (-k option). - -+ Don't use syscalls that require Linux >= 2.6.16 anymore. - - -Release v3.2.1 -============== - -+ Make ptrace/seccomp even more portable on Ubuntu. - -Thanks to Maxence Dalmais for the bug report and tests. - - -Release v3.2 -============ - -This release was mostly driven by the requirements of "CARE", a new -project based on PRoot that will be released publicly soon on -https://proot-me.github.io. For information, "CARE" is the short for -"Comprehensive Archiver for Reproducible Execution". - -Highlights ----------- - -+ Many bugs exposed by a couple of static code analyzers (Coverity, - Clang, ...) and some test-suites (Linux Test Project, libuv, ...) - are now fixed. - -+ The "kompat" extension ("-k" option) can now emulate most of the - kernel features that would be required by the guest system but that - are not available on the host kernel. For example, it can now make - programs from Ubuntu 13.04 64-bit run on RedHat 5 64-bit without any - further tweaks: - - rh5-64$ proot -k 3.8 -R ubuntu-13.04-64bit/ ... - -+ On ARM and x86_64, the heap segment is now emulated with a regular - memory mapping to ensure this former always exists. This was - required because some kernels might put a non-fixed memory mapping - right after the regular heap when using some GNU ELF interpreters - (ld.so) as loaders. Without the heap segment emulation, some - programs like Bash would crash because the heap can't grow anymore: - - bash: xmalloc: locale.c:73: cannot allocate 2 bytes (0 bytes allocated) - -Miscellaneous -------------- - -+ When using the "-R" option, the path to the guest rootfs is now - bound into the guest rootfs itself. This is required to run - programs that search for their DSOs in /proc/self/maps, like VLC for - instance. - -+ When using the "-v" option with a level greater than 2, syscalls are - now printed as strings instead of numbers, à la strace: - - $ proot -v 3 true - [...] - proot info: pid 29847: sysenter start: mmap(0x0, 0x2d141, 0x1, 0x2, 0x3, 0x0) [...] - [...] - -+ The article about the migration from ScratchBox2 is now publicly - available: - - https://github.com/cedric-vincent/PRoot/blob/v3.2/doc/articles/howto_migrate_from_scratchbox2.txt - -Internal changes ----------------- - -+ Tools based on PRoot (CARE, DepsTracker, ATOS, ...) can now easily - replace the original command-line interface with their own - command-line interface. - -+ It is now possible to chain forged syscalls to a regular syscall. - Search for "register_chained_syscall" in the sources for details. - -+ A couple of new helpers are now visible from the extensions. - -Thanks ------- - -+ Bug reports and tests: Corbin Champion, Maxence Dalmais, and Nicolas - Cornu. - -+ Static code analysis: Antoine Moynault and Christophe Guillon. - -+ Patches: Rémi Duraffort. - -+ Unexpected hint: Christophe Monat :) - - -Release v3.1 -============ - -Command-line interface changes ------------------------------- - -+ The initial command is not search in "." anymore, unless the "./" - prefix is specified or unless "." is in $PATH, as expected. - -+ The "-B" and "-Q" options are obsoleted by the new "-R" option. - This latter is equivalent to "-B -r", as there was actually no point - at using the "-B" option without "-r". - -+ A warning is now emitted when the rootfs is specified à la - chroot(1), that is, without using "-r" or "-R". - -The old command-line interface is not documented anymore, but it will -be still supported for a couple of releases. Although, users are -strongly encouraged to switch to the new one: - - ====================== ================= - old CLI new CLI - ====================== ================= - proot rootfs proot -r rootfs - proot -B rootfs proot -R rootfs - proot -B -r rootfs proot -R rootfs - proot -Q qemu rootfs proot -R rootfs -q qemu - proot -Q qemu -r rootfs proot -R rootfs -q qemu - ======================= ======================= - -Extensions ----------- - -+ The "kompat" extension ("-k" option) has been greatly enhanced. For - example, it can now make programs from Ubuntu 13.04 32-bit run on - RedHat 5 64-bit: - - rh5-64$ proot -k 3.8 -R ubuntu-13.04-32bit/ ... - -+ The "fake id0" extension ("-0" option) handles more syscalls: - mknod(2), capset(2), setxattr(2), setresuid(2), setresgid(2), - getresuid(2), and getresgid(2). - -Miscellaneous -------------- - -+ PRoot is now compiled with large file-system support (LFS), this - make it works with 64-bit file-systems (eg. CIFS) on 32-bit - platforms. - -+ The special symbolic link "/proc/self/root" now points to the guest - rootfs, that is, to the path specified by "-r" or "-R". Just like - with chroot(2), this symlink may be broken as the referenced host - path likely does not exist in the guest rootfs. Although, this - symlink is typically used to know if a process is under a chroot-ed - environment. - -+ Under QEMU, LD_LIBRARY_PATH is not clobbered anymore when a guest - program is launched by a host program. - -+ When seccomp-filter is enabled, this release is about 8% faster than - the previous one. - -+ A couple of bugs reported by Scan Coverity are fixed. - -Thanks ------- - -Special thanks to Stephan Hadamik, Jérôme Audu, and Rémi Duraffort for -their valuable help. - - -Release v3.0.2 -============== - -+ Fix the search of the initial command: when the initial command is a - symbolic link, PRoot has to dereference it in guest namespace, not - in the host one. - -+ Return error code EACCESS instead of EISDIR when trying to execute a - directory. Some programs, such as "env", behave differently with - respect to this error code. For example: - - ### setup - $ mkdir -p /tmp/foo/python - $ export PATH=/tmp/foo:$PATH - - ### before (PRoot v2.3 ... v3.0.1) - before$ proot env python - env: python: Is a directory - - ### now (PRoot v3.0.2 ...) - $ proot env python - Python 2.7.5 (default, May 29 2013, 02:28:51) - [GCC 4.8.0] on linux2 - Type "help", "copyright", "credits" or "license" for more information. - >>> - - -Release v3.0.1 -============== - -Fix support for bindings where the guest path is explicitly not -dereferenced. Be careful, the syntax has changed: - - before$ proot -b /bin/bash:!/bin/sh - - now$ proot -b /bin/bash:/bin/sh! - - -Release v3.0 -============ - -New features ------------- - -+ PRoot can now use the kernel feature named "seccomp-filter", a.k.a - "seccomp mode 2", to improve its own performance significantly. For - examples on my workstation, the tables below show the time overhead - induced by PRoot compared to a native execution: - - - when generating the Perl 5.16.1 package: - - =============== =========== ========== - command seccomp off seccomp on - =============== =========== ========== - ./configure.gnu 75% 25% - make -j4 70% 45% - make -j4 check 25% 9% - =============== =========== ========== - - - when generating the Coreutils 8.19 package: - - =============== =========== ========== - command seccomp off seccomp on - =============== =========== ========== - ./configure 80% 33% - make -j4 75% 33% - make -j4 check 80% 8% - =============== =========== ========== - -+ It is now possible to explicitly not dereference the guest location - of a binding by specifying ``!`` as the first character. For - instance:: - - proot -b /bin/bash:!/bin/sh - - will not overlay ``/bin/dash`` when this latter is pointed to by - ``/bin/sh`` (it's typically the case on Ubuntu and Debian). - -Fix ---- - -+ The initial command is not search in $PATH anymore when it starts - with ``/`` or ``./``, and it doesn't exist. For instance:: - - $ rm test - $ proot ./test - proot warning: './test not found (root = /, cwd = /usr/local/cedric/git/proot) - proot error: see `proot --help` or `man proot`. - -Thanks ------- - -Many thanks to Will Drewry and Indan Zupancic, who made possible to -accelerate PTRACE_SYSCALL with seccomp-filter. Also, thanks to Paul -Moore for his valuable set of seccomp tools. - -Notes ------ - -+ Unlike what I said, this release is not shipped with a ptrace - emulator. It's planned for the next one, though. - -+ Seccomp-filter was first introduced in Linux 3.5 a year ago, it was - also officially back-ported to Ubuntu 12.04 (Linux 3.2). To know if - PRoot is actually using this accelerator on your system, check the - verbose output. For instance:: - - $ proot -v 1 true - ... - proot info: ptrace acceleration (seccomp mode 2) enabled - ... - - But first, be sure it was built with this support:: - - $ proot -V - ... - built-in accelerators: process_vm = yes, seccomp_filter = yes - ... - - -Release v2.4.1 -============== - -Fixes ------ - -+ Fix all warnings reported by GCC-4.8 "-Wall -Wextra" and Coverity - Prevent 4.5. - -+ Fix Unix sockets path translation for some x86_64 systems. - -+ Make the "kompat" extension (-k option) work again. - -+ Fix spurious "can't delete /tmp/proot-$PID-XXXXX" messages. - - - -Release v2.4 -============ - -New architectures ------------------ - -+ PRoot now works natively on Linux ARM64 systems (a.k.a AArch64). - Note that PRoot/AArch64 doesn't support 32-bit binaries yet. - -+ PRoot/x86_64 now supports x32 binaries/rootfs. - -Fixes ------ - -+ Paths from Unix domain sockets are now translated. For example, it - wasn't possible previously to use "tmux" in the guest rootfs if - another instance were running in the host rootfs. - -+ When a host path is bound to a nonexistent guest path, PRoot tries - to create this latter in the guest rootfs, for some technical - reasons. Previously, this "dummy" guest path was created with RWX - permissions but this might cause troubles when re-using the rootfs - for other purpose. Now, this "dummy" guest path is created with - minimal permissions, and it is also possible to avoid its creation - by defining the PROOT_DONT_POLLUTE_ROOTFS environment variable. - -Command-line interface changes ------------------------------- - -+ The directory "/run" is removed from the list of recommended - bindings (-B option) because this creates to much conflicts with - programs that write in the "/run/var" directory. - -+ The -0 option now makes user's files appear as if they were actually - owned by root, and it also fakes the success of any mode changes - (chmod* syscalls). This is typically useful to create packages - where the files belong to the root user (it's almost always the - case). - -Internal changes ----------------- - -+ PRoot should be even more portable now. For instance, there's no - need to worry about syscallee-saved registers anymore. - -Thanks ------- - -This release was made possible thanks to, in no special order: Yvan -Roux, Jerôme Audu, Heehooman, Yann Droneaud, and James Le Cuirot. See -"git log" for details. - - -Release v2.3.1 -============== - -New feature ------------ - -+ The "fake id0" feature was improved by Rémi Duraffort in order to - support privileged write operations in read-only files/directories. - Some package managers (Fedora, Debian, ...) relies on this special - behavior:: - - # ls -ld /usr/lib - dr-xr-xr-x 22 root root 40960 Jan 2 11:19 /usr/lib/ - # install -v something.so /usr/lib/ - removed ‘/usr/lib/something.so‘ - ‘something.so‘ -> ‘/usr/lib/something.so‘ - -Fixes ------ - -+ Fix bindings to a guest path that contains a symbolic link. For - example when the given guest path ``/var/run/dbus`` is a symbolic - link to ``/run/dbus``. - -+ Fix a memory corruption when accessing files in "/proc/self/" - -Special thanks to Rémi Duraffort for the improved "fake id0" feature -and for the bug reports. - - -Release v2.3 -============ - -This release is intended more specifically to developers and advanced -users, it was mostly driven by the requirements of an internal -STMicroelectronics project named "Auto-Tuning Optimization Service". - -New features ------------- - -+ There's now an extension mechanism in PRoot that allows developers - to add their own features and/or to use PRoot as a Linux process - instrumentation engine. The two following old features were moved - to this new extension interface: "-k *string*" and "-0" - (respectively: set the kernel release and compatibility level to - *string*"; and force some syscalls to behave as if executed by - "root"). - -+ It is now possible to execute PRoot under PRoot, well somewhat. - Actually the initial instance of PRoot detects that it is being - called again and recomputes the configuration for the new process - tree. This feature is still experimental and was way harder to - implement than expected, however it was worth the effort since it - enforced the consistency in PRoot. Just one example among many, in - PRoot the "chroot" feature is now really equivalent to the - "mount/bind" one, that is, ``chroot path/to/rootfs`` is similar to - ``mount --bind path/to/rootfs /``. - -+ The "current working directory" (chdir(2), getcwd(2), ...) is now - fully emulated by PRoot. Sadly a minor regression was introduced: - even if the current working directory has been removed, getcwd(2) - returns a "correct" value. This should be fixed in the next - release. - -Command-line interface changes ------------------------------- - -+ The message "proot info: started/exited" isn't printed by default - anymore since it might introduce noise when PRoot is used inside a - test-suite that compares outputs. This message was initially added - to know whether the guest program has exited immediately. - -+ The "-u" and "-W" options have disappeared. The former wasn't - really useful and the latter was definitely useless since the - default "current working directory" is "." since v2.1, that means - the three examples below are equivalent ("-W" was just an alias to - "-b . -w ."):: - - proot -b . [...] - proot -b . -w . [...] - proot -W [...] - -Fixes ------ - -+ The option ``-w .`` is now really equivalent to ``-w $PWD``. - -+ A bug almost impossible to describe here has been fixed, it appeared - only when specifying relative bindings, for instance: ``-b .``. - -Internal changes ----------------- - -+ PRoot now relies on Talloc: a hierarchical, reference counted memory - pool system with destructors. It is the core memory allocator used - in Samba: http://talloc.samba.org. This is definitely a worthwhile - dependency for the sake of development scalability and - debuggability. For example, PRoot now has an explicit garbage - collector (c.f. ``tracee->ctx``), and the full dynamic memory - hierarchy can be printed by sending the USR1 signal to PRoot:: - - native-shell$ proot --mount=$HOME --mount=/proc --rootfs=./slackware-14/ - prooted-shell$ kill -s USR1 $(grep Tracer /proc/self/status | cut -f 2) - - Tracee 0x6150c0 768 bytes 0 ref' (pid = 22495) - talloc_new: ./tracee/tracee.c:97 0x615420 0 bytes 0 ref' - $exe 0x61bef0 10 bytes 0 ref' ("/bin/bash") - @cmdline 0x61bf60 16 bytes 0 ref' ("/bin/sh", ) - /bin/sh 0x61bfd0 8 bytes 0 ref' - $glue 0x61bae0 24 bytes 0 ref' ("/tmp/proot-22494-UfGAPh") - FileSystemNameSpace 0x615480 32 bytes 0 ref' - $cwd 0x61b880 13 bytes 0 ref' ("/home/cedric") - Bindings 0x61b970 16 bytes 0 ref' (host) - Binding 0x615570 8280 bytes 1 ref' (/home/cedric:/home/cedric) - Binding 0x6176a0 8280 bytes 1 ref' (/proc:/proc) - Binding 0x6197d0 8280 bytes 1 ref' (/usr/local/proot/slackware-14:/) - Bindings 0x61b900 16 bytes 0 ref' (guest) - Binding -> 0x6176a0 - Binding -> 0x615570 - Binding -> 0x6197d0 - - -Release v2.2 -============ - -+ This release brings some critical fixes so an upgrade is highly - recommended, especially on x86_64 and Ubuntu. - -+ PRoot is now a lot faster: the speed-up can be up to 50% depending - on the kind of application. - -+ PRoot can now mount/bind files anywhere in the guest rootfs, even if - the mount point has no parent directory (and/or can't be created). - With previous versions of PRoot, that would created kinda black hole - in the filesystem hierarchy that might bug some programs like "cpio" - or "rpm". - - For example, with the previous version of PRoot:: - - $ proot -b /etc/motd:/black/holes/and/revelations - proot warning: can't create the guest path (binding) ... - proot info: started - - $ find /black - find: `/black: No such file or directory - - $ cat /black/holes/and/revelations - Time has come to make things right -- Matthew Bellamy - - And now:: - - $ proot -b /etc/motd:/black/holes/and/revelations - proot info: started - - $ find /black - /black - /black/holes - /black/holes/and - /black/holes/and/revelations - - $ cat /black/holes/and/revelations - Time has come to make things right -- Matthew Bellamy - -+ "/run" was added to the list of recommended bindings (-B/-Q). - -+ SH4 and ARM architectures are now officially supported. - -Thanks ------- - -Huge thanks to Rémi DURAFFORT for all the tests, bug reports, fixes, -and for hosting http://proot.me. - -Thanks to Thomas P. HIGDON for the advanced investigation on a really -tricky bug (red zone corruption). - - -Release v2.1 -============ - -New features ------------- - -+ PRoot can now emulate some of the syscalls that are available in the - kernel release specified by -k but that are missing in the host - kernel. This allows the execution of guest programs expecting a - kernel newer than the actual one, if you encountered the famous - "FATAL: kernel too old" or "qemu: Unsupported syscall" messages. - -+ The current working directory isn't changed anymore if it is still - accessible in the guest environment (binding). - -Fixes ------ - -+ Added support for architectures with no misalignment support (SH4). - -+ Fix support for: link(2), linkat(2), symlink(2), and symlinkat(2). - - -Release v2.0.1 -============== - -+ Fix a compatibility issue with QEMU v1.1 - -+ Fix the initialization of bindings that point to "/proc/self". - -These problems were reported by Alkino: - - https://github.com/cedric-vincent/PRoot/issues/3 - - -Release v2.0 -============ - -New features ------------- - -+ There's now a specific support to handle special symlinks in /proc. - As of now, only the following ones are correctly handled: - - * /proc/self, it was already supported previously but now this - is done consistently (i.e. not a hack); - - * /proc//exe, for any monitored by PRoot; and - - * /proc//fd/. - -+ The list of supported syscalls was updated, as of Linux 3.4.1. - -Command-line interface changes ------------------------------- - -+ The path to the guest rootfs can now be specified by the new - -r/--rootfs option. This permits the use of shell aliases, for - example: - - $ alias armedslack='proot -Q qemu-arm -r /path/to/armedslack' - $ armedslack -v 1 -b ~/arm_cpuinfo:/proc/cpuinfo - - That wasn't possible previously because the path to the guest rootfs - had to be the last option. - -+ The -v/--verbose option now takes a parameter, and a negative - integer makes PRoot quiet except on fatal errors. - -+ The -h/--help option now prints a detailed message. - -+ The -V/--version and -h/--help options now exit with success. - -Fix ---- - -+ Return correct errno if a non-final path component isn't a directory - nor a symlink. - -+ Fix the insertion of an item in the list of host/guest bindings. - - -Internal changes ----------------- - -This section is dedicated to PRoot developers. - -+ File-system information is now inherited from a traced process to - its children. This permits the emulation of symlinks in /proc/self: - cmdline, exe, cwd, root, ... - -+ The execution of QEMU is now fully confined to the virtual rootfs - namespace: it now relies on the "mixed-execution" feature, just like - a regular host program. - - -Release v1.9 -============ - -Fixes ------ - -+ Be as transparent as possible with respect to SIGSTOP and SIGTRAP - signals. For instance, the Open POSIX Test Suite now reports the - same level of success whether it is run under PRoot or not (it - depends on the kernel version though). - -+ Ignore terminating signals and kill all tracees on abnormal - termination signals (^\, segmentation fault, divide by zero, ...). - This ensures no tracee will stay alive without being monitored - anymore. - -+ Force utsname.machine to "i686" -- instead of "i386" -- for 32-bit - programs running on x86_64 systems. This improves the compatibility - with package managers that deduce the current architecture from - `uname -m`. - -+ Fix x86_64 support for linkat() and fchownat(). - -+ Fix mixed-execution support, LD_LIBRARY_PATH was defined twice for - host programs. - - -Release v1.8.4 -============== - -New feature ------------ - -+ The -0 option now fakes success on ``chroot("/")``. This feature is - required by some guest package managers, like ``pacman`` -- the Arch - Linux Package Manager. - -Fix ---- - -+ Nested bindings are now correctly supported. For example with these - bindings -- nested from the host point-of-view:: - - host$ proot -b /:/host-rootfs -b /tmp ... - guest$ ln -s /tmp/bar /tmp/foo - # ... points to "/tmp/bar" instead of "/host-rootfs/tmp/bar" - - and with these bindings -- nested from the guest point-of-view:: - - host$ proot -b /bin -b /usr/bin/find:/bin/find ... - guest$ /bin/find - # ... works instead of "no such file or directory" - -Internal changes ----------------- - -This section is dedicated to PRoot developers. - -+ Functions to compare two pathes (equal, prefix, not comparable, ...) - are now available, at last. - -+ The "ignore ELF interpreter" option can be (dis|en)able with the - ``PROOT_IGNORE_ELF_INTERPRETER`` environment variable and/or with - the ``config.ignore_elf_interpreter`` internal variable. - - -Release v1.8.3 -============== - -New features ------------- - -+ The -0 option now fakes success on ownership changes. This improves - the compatibility with package managers that abort if ``chown(2)`` - fails. Note that this is quite limited compared to ``fakeroot``. - -+ Force utsname.machine to "i386" for 32-bit programs running on - x86_64 systems. This improves the compatibility with package - managers that deduce the current architecture from `uname -m`. - -Fixes ------ - -+ Fix a regression regarding the concatenation of the ``..`` with a - path ending with ``.``. For intance you can now do ``ls foo`` where - ``foo`` is a symbolic link to ``/bar/.``. - -+ Don't return an error if the specified size for ``getcwd(2)`` and - ``readlink(2)`` is greater than PATH_MAX. Technically the result - may likely be shorter than this limit. - - -Release v1.8.2 -============== - -+ This is the first public release of PRoot, it's time to increase its - maturity artificially ... Actually it's an homage to Blink 182 ;) - -+ User manual finally published. - -+ PRoot can now *mix* the execution of host programs and the execution - of guest programs emulated by QEMU. This is useful to use programs - that aren't available initially in the guest environment and to - speed up build-time by using cross-compilation tools or any CPU - independent program, like interpreters. - -+ Absolute symlinks from bound directories that point to any bound - directory are kept consistent: for example, given the host symlink - ``/bin/sh -> /bin/bash``, and given the command-line option ``-b - /bin:/foo``, the symlink will appeared as ``/foo/sh -> /foo/bash``. - -+ Three command-line options are gone: - - * ``-p`` (don't block the ptrace syscall) wasn't really useful. - - * ``-e`` (don't use the ELF interpreter) isn't required anymore. - - * ``-a`` (disable the ASLR mechanism) is now the default. - -+ Don't complain anymore when parent directories of a *recommended - binding* (as enabled by ``-B``, ``-M`` and ``-Q`` options) can't be - created. - -+ Support job control under ptrace as introduced in Linux 3.0+. - -+ ``LD_`` environment variables are now passed to the QEMUlated - program, not to QEMU itself. It means ``ldd`` works (there's a bug - in QEMU/ARM though). - -+ Many fixes and improved compatibility thanks to the Open Build - Service instantiated at http://build.opensuse.com - -+ Note: v0.7.1 was an experimental release. - - -Release v0.7.0 -============== - -+ Search the guest program in $PATH relatively to the guest rootfs, - for instance you can now just write:: - - proot /path/to/guest/rootfs/ perl - - instead of:: - - proot /path/to/guest/rootfs/ /usr/bin/perl - -+ The command-line interface was re-written from scratch, the only - incompatible change is that QEMU options are now separated by - spaces:: - - proot -Q "qemu-arm -g 1234" ... - - instead of:: - - proot -Q qemu-arm,-g,1234 ... - -+ New option "-0": force syscalls "get*id" to report identity 0, aka - "root". - -+ Many fixes, code refactoring, new testing framework, ... - -Special thanks to Claire ROBINE for her contribution. - - -Release v0.6.2 -============== - -+ Change the default command from $SHELL to "/bin/sh". The previous - behaviour led to an unexpected error -- from user's point-of-view -- - when $SHELL didn't exit in the new root file-system. - -+ Fix *partially* support for readlink(2) when mirror pathes are in - use. Prior this patch, any symbolic link -- that points to an - absolute path which prefix is equal to the host-side of any mirror - path -- was bugged. For instance, the command "proot -m /bin:/host - $ROOTFS /usr/bin/readlink /usr/bin/ps" returned "/host" instead of - "/bin/ps". - -+ Add the option "-V" to print the version then exit. - -+ Be more explicit when a wrong command-line argument is used. - -+ Remove the SIGSEGV help message: it was too confusing to the user. - -+ Use a new shining build-system (again :D). - -Special thanks go to those contributors: Yves JANIN, Remi Duraffort -and Christophe GUILLON. - - -Release v0.6.1 -============== - -+ Add `/tmp` to the list of mirrored paths when using -M. - -+ Fix the ELF interpreter extraction. - -+ Rewrite the build system. - - -Release v0.6 -============ - -New features ------------- - -+ Added support for "asymmetric" path mirrors. - - The command-line option for mirrors was extended to support the - syntax "-m :" where is the location of the mirror - within the alternate rootfs and is the path to the real - directory/file. For instance you can now mirror the whole host - rootfs in the directory "/hostfs" within the alternate rootfs that - way:: - - proot -m /:/hostfs ... - -+ Added an option to disable ASLR (Address Space Layout - Randomization). - - RHEL4 and Ubuntu 10.04 use an ASLR mechanism that creates - conflicts between the layout of QEMU and the layout of the target - program. This new option is automatically set when QEMU is used. - -+ Added "/etc/resolv.conf" and $HOME to the list of mirrored paths - when using the option -M or -Q. - -Fixes ------ - -+ Fixed the detranslation of getcwd(2) and readlink(2). - -+ Improved the build compatibility on old/broken distro. - -+ Added support for pthread cancellation when QEMU is used. - -+ Set QEMU's fake argv[0] to the program actually launched, not to the - initial script name. - -+ Create the path up to the mirror location to cheat "walking" - programs. - diff --git a/src/GNUmakefile b/src/GNUmakefile index ee807e2e..777b0580 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile @@ -191,7 +191,7 @@ $(USE_BUILD_H): build.h $(COMPILE) .INTERMEDIATE: manual -manual: $(VPATH)/../doc/care/manual.txt +manual: $(VPATH)/../doc/care/manual.rst $(Q)cp $< $@ cli/care-manual.o: manual cli/cli.o diff --git a/src/cli/care.h b/src/cli/care.h index 1a13495d..b8db47c6 100644 --- a/src/cli/care.h +++ b/src/cli/care.h @@ -73,7 +73,7 @@ static Cli care_cli = { .subtitle = "Comprehensive Archiver for Reproducible Execution", .synopsis = "care [option] ... command", .colophon = "Visit https://proot-me.github.io for help, bug reports, suggestions, patches, ...\n\ -Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later.", +Copyright (C) 2020 PRoot Developers, licensed under GPL v2 or later.", .logo = "\ _____ ____ _____ ____\n\ / __/ __ | __ \\ __|\n\ diff --git a/src/cli/proot.h b/src/cli/proot.h index 93c02ff2..a07b9e7a 100644 --- a/src/cli/proot.h +++ b/src/cli/proot.h @@ -6,7 +6,7 @@ #include "cli/cli.h" #ifndef VERSION -#define VERSION "5.1.0" +#define VERSION "5.2.0-alpha" #endif static const char *recommended_bindings[] = { @@ -77,7 +77,7 @@ static Cli proot_cli = { .subtitle = "chroot, mount --bind, and binfmt_misc without privilege/setup", .synopsis = "proot [option] ... [command]", .colophon = "Visit https://proot-me.github.io for help, bug reports, suggestions, patchs, ...\n\ -Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later.", +Copyright (C) 2020 PRoot Developers, licensed under GPL v2 or later.", .logo = "\ _____ _____ ___\n\ | __ \\ __ \\_____ _____| |_\n\