This patch changes 'vm sandbox' to automatically prefix a program path with
"/host" in the guest side making this, for example, work as expected:
$ ./vm sandbox -- ~/trinity/trinity --mode=random --dangerous
Cc: Asias He <asias.hejun@xxxxxxxxx>
Cc: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxx>
Cc: Sasha Levin <levinsasha928@xxxxxxxxx>
Signed-off-by: Pekka Enberg <penberg@xxxxxxxxxx>
---
tools/kvm/builtin-run.c | 29 ++++++++++++++++++++++++++---
1 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/tools/kvm/builtin-run.c b/tools/kvm/builtin-run.c
index 6acc490..ce76b69 100644
--- a/tools/kvm/builtin-run.c
+++ b/tools/kvm/builtin-run.c
@@ -847,9 +847,26 @@ static void kvm_write_sandbox_cmd_exactly(int fd, const char *arg)
}
}
+static void resolve_program(const char *src, char *dst, size_t len)
+{
+ struct stat st;
+
+ stat(src, &st);
+
+ if (S_ISREG(st.st_mode)) {
+ char resolved_path[PATH_MAX];
+
+ realpath(src, resolved_path);
+
+ snprintf(dst, len, "/host%s", resolved_path);
+ } else
+ strncpy(dst, src, len);
+}
+
static void kvm_run_write_sandbox_cmd(const char **argv, int argc)
{
const char script_hdr[] = "#! /bin/bash\n\n";
+ char program[PATH_MAX];
int fd;
remove(sandbox);
@@ -861,11 +878,17 @@ static void kvm_run_write_sandbox_cmd(const char **argv, int argc)
if (write(fd, script_hdr, sizeof(script_hdr) - 1) <= 0)
die("Failed writing sandbox script");
+ resolve_program(argv[0], program, PATH_MAX);
+ kvm_write_sandbox_cmd_exactly(fd, program);
+
+ argv++;
+ argc--;
+
while (argc) {
+ if (write(fd, " ", 1) <= 0)
+ die("Failed writing sandbox script");
+
kvm_write_sandbox_cmd_exactly(fd, argv[0]);
- if (argc - 1)
- if (write(fd, " ", 1) <= 0)
- die("Failed writing sandbox script");
argv++;
argc--;
}
--
1.7.6.5
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
