loolwsd/LOOLSession.cpp | 20 +++++++++++++++++++- loolwsd/LOOLWSD.cpp | 21 +++++++++++++-------- loolwsd/LOOLWSD.hpp | 8 ++++++++ loolwsd/loolwsd-systemplate-setup | 28 +++++++++++++++++++++++++++- 4 files changed, 67 insertions(+), 10 deletions(-)
New commits: commit f7d001ed45dfd4500509ceda828062b0d38f8cb3 Author: Tor Lillqvist <[email protected]> Date: Fri May 22 17:43:45 2015 +0100 Bin the uid debug output diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index a232727..201210e 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -618,7 +618,6 @@ int LOOLWSD::childMain() if (childRoot != "") throw IncompatibleOptionsException("childroot"); - logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); if (chroot(jail.c_str()) == -1) { logger().error("chroot(\"" + jail + "\") failed: " + strerror(errno)); @@ -702,7 +701,6 @@ int LOOLWSD::childMain() int LOOLWSD::main(const std::vector<std::string>& args) { - logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); if (childMode()) return childMain(); @@ -712,8 +710,6 @@ int LOOLWSD::main(const std::vector<std::string>& args) dropCapability(); #endif - logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); - if (access(LOOLWSD_CACHEDIR, R_OK | W_OK | X_OK) != 0) { std::cout << "Unable to access " << LOOLWSD_CACHEDIR << commit 180f8fcba02f4b22d22b01b243ed8c7cbf8d0d59 Author: Tor Lillqvist <[email protected]> Date: Fri May 22 17:42:36 2015 +0100 Pass the --uid option to the child too diff --git a/loolwsd/LOOLSession.cpp b/loolwsd/LOOLSession.cpp index 8d0c4a5..bdf5051 100644 --- a/loolwsd/LOOLSession.cpp +++ b/loolwsd/LOOLSession.cpp @@ -382,6 +382,11 @@ void MasterProcessSession::preSpawn() args.push_back("--jail=" + jail.toString()); args.push_back("--losubpath=" + LOOLWSD::loSubPath); +#if ENABLE_DEBUG + if (LOOLWSD::runningAsRoot) + args.push_back("--uid=" + std::to_string(LOOLWSD::uid)); +#endif + const std::string executable = (LOOLWSD::runningAsRoot ? "/usr/bin/sudo" : Application::instance().commandPath()); Application::instance().logger().information(Util::logPrefix() + "Launching child: " + executable + " " + Poco::cat(std::string(" "), args.begin(), args.end())); diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 315c9ed..a232727 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -116,10 +116,6 @@ using Poco::Util::Option; using Poco::Util::OptionSet; using Poco::Util::ServerApplication; -#if ENABLE_DEBUG -uid_t uid = 0; -#endif - class WebSocketRequestHandler: public HTTPRequestHandler /// Handle a WebSocket connection. { @@ -404,6 +400,7 @@ std::string LOOLWSD::jail; int LOOLWSD::_numPreSpawnedChildren = 10; #if ENABLE_DEBUG bool LOOLWSD::runningAsRoot = false; +int LOOLWSD::uid = 0; #endif const std::string LOOLWSD::CHILD_URI = "/loolws/child/"; @@ -584,15 +581,15 @@ namespace { // Running under sudo, probably because being debugged? Let's drop super-user rights. LOOLWSD::runningAsRoot = true; - if (uid == 0) + if (LOOLWSD::uid == 0) { struct passwd *nobody = getpwnam("nobody"); if (nobody) - uid = nobody->pw_uid; + LOOLWSD::uid = nobody->pw_uid; else - uid = 65534; + LOOLWSD::uid = 65534; } - if (setuid(uid) != 0) { + if (setuid(LOOLWSD::uid) != 0) { Application::instance().logger().error(std::string("setuid() failed: ") + strerror(errno)); } } @@ -715,6 +712,8 @@ int LOOLWSD::main(const std::vector<std::string>& args) dropCapability(); #endif + logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); + if (access(LOOLWSD_CACHEDIR, R_OK | W_OK | X_OK) != 0) { std::cout << "Unable to access " << LOOLWSD_CACHEDIR << diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp index db99dd8..2e4b3ef 100644 --- a/loolwsd/LOOLWSD.hpp +++ b/loolwsd/LOOLWSD.hpp @@ -55,6 +55,7 @@ private: #if ENABLE_DEBUG public: static bool runningAsRoot; + static int uid; #endif }; commit 94e29dab1e85e5f706fd3e7c6cb28a0b5cc3511c Author: Tor Lillqvist <[email protected]> Date: Fri May 22 16:55:05 2015 +0100 This approach will not work... The amount of system frameworks (both public and private) needed by the LO libraries is staggering. It will not work to try to list them here. If you are crazy enough to want to run this on OS X, use some other tool than this script to set up the system template for the chroot jail. Like mkjail from https://github.com/glvnst/shlibs. diff --git a/loolwsd/loolwsd-systemplate-setup b/loolwsd/loolwsd-systemplate-setup index c473248..8af0517 100755 --- a/loolwsd/loolwsd-systemplate-setup +++ b/loolwsd/loolwsd-systemplate-setup @@ -40,16 +40,36 @@ cd / || exit 1 grep -v dynamic | cut -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | sed -e 's,^/,,' else find usr/lib/dyld \ - usr/lib/libauto.dylib \ - usr/lib/libc++abi.dylib \ + usr/lib/*.dylib \ usr/lib/system/*.dylib \ + System/Library/Frameworks/Accelerate.framework \ + System/Library/Frameworks/ApplicationServices.framework \ + System/Library/Frameworks/CFNetwork.framework \ + System/Library/Frameworks/Carbon.framework \ + System/Library/Frameworks/CoreFoundation.framework \ + System/Library/Frameworks/CoreGraphics.framework \ + System/Library/Frameworks/CoreServices.framework \ + System/Library/Frameworks/CoreText.framework \ + System/Library/Frameworks/DiskArbitration.framework \ + System/Library/Frameworks/Foundation.framework \ + System/Library/Frameworks/ImageIO.framework \ + System/Library/Frameworks/IOKit.framework \ + System/Library/Frameworks/IOSurface.framework \ + System/Library/Frameworks/NetFS.framework \ + System/Library/Frameworks/OpenDirectory.framework \ + System/Library/Frameworks/Security.framework \ + System/Library/Frameworks/SystemConfiguration.framework \ + System/Library/PrivateFrameworks/DataDetectorsCore.framework \ + System/Library/PrivateFrameworks/MultitouchSupport.framework \ + System/Library/PrivateFrameworks/NetAuth.framework \ + System/Library/PrivateFrameworks/login.framework \ -type f find $INSTDIR -name '*.dylib' | while read file; do otool -L $file 2>/dev/null done | - sed -e 's/^[ ]//' | grep -E '^(/lib|/usr/lib)' | cut -d' ' -f1 | sort -u | sed -e 's,^/,,' + sed -e 's/^[ ]//' | grep -E '^/(lib|usr/lib)/' | cut -d' ' -f1 | sort -u | sed -e 's,^/,,' fi ) | commit 73505aa5503605ae2b1009d1d48b1070692a08a4 Author: Tor Lillqvist <[email protected]> Date: Fri May 22 14:40:09 2015 +0100 On OS X libsofficeap.dylib is in Frameworks diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index cd521fa..315c9ed 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -649,7 +649,11 @@ int LOOLWSD::childMain() try { +#ifdef __APPLE__ + LibreOfficeKit *loKit(lok_init_2(("/" + loSubPath + "/Frameworks").c_str(), "file:///user")); +#else LibreOfficeKit *loKit(lok_init_2(("/" + loSubPath + "/program").c_str(), "file:///user")); +#endif if (!loKit) { commit 9af39d189a92092b252fdffd6200759055e5601f Author: Tor Lillqvist <[email protected]> Date: Fri May 22 14:34:21 2015 +0100 Add some fairly hackish things to make this run better on OS X diff --git a/loolwsd/LOOLSession.cpp b/loolwsd/LOOLSession.cpp index 03b7224..8d0c4a5 100644 --- a/loolwsd/LOOLSession.cpp +++ b/loolwsd/LOOLSession.cpp @@ -371,14 +371,27 @@ void MasterProcessSession::preSpawn() _pendingPreSpawnedChildren.insert(childId); Process::Args args; + +#if ENABLE_DEBUG + if (LOOLWSD::runningAsRoot) + args.push_back(Application::instance().commandPath()); +#endif + args.push_back("--child=" + std::to_string(childId)); args.push_back("--port=" + std::to_string(LOOLWSD::portNumber)); args.push_back("--jail=" + jail.toString()); args.push_back("--losubpath=" + LOOLWSD::loSubPath); - Application::instance().logger().information(Util::logPrefix() + "Launching child: " + Poco::cat(std::string(" "), args.begin(), args.end())); + const std::string executable = (LOOLWSD::runningAsRoot ? "/usr/bin/sudo" : Application::instance().commandPath()); + Application::instance().logger().information(Util::logPrefix() + "Launching child: " + executable + " " + Poco::cat(std::string(" "), args.begin(), args.end())); + +#if ENABLE_DEBUG + ProcessHandle child = Process::launch(executable, args); +#else ProcessHandle child = Process::launch(Application::instance().commandPath(), args); +#endif + _childProcesses[child.id()] = childId; } diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index fe17cda..cd521fa 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -402,6 +402,9 @@ std::string LOOLWSD::childRoot; std::string LOOLWSD::loSubPath = "lo"; std::string LOOLWSD::jail; int LOOLWSD::_numPreSpawnedChildren = 10; +#if ENABLE_DEBUG +bool LOOLWSD::runningAsRoot = false; +#endif const std::string LOOLWSD::CHILD_URI = "/loolws/child/"; LOOLWSD::LOOLWSD() : @@ -580,6 +583,7 @@ namespace if (geteuid() == 0 && getuid() == 0) { // Running under sudo, probably because being debugged? Let's drop super-user rights. + LOOLWSD::runningAsRoot = true; if (uid == 0) { struct passwd *nobody = getpwnam("nobody"); @@ -617,6 +621,7 @@ int LOOLWSD::childMain() if (childRoot != "") throw IncompatibleOptionsException("childroot"); + logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); if (chroot(jail.c_str()) == -1) { logger().error("chroot(\"" + jail + "\") failed: " + strerror(errno)); @@ -696,6 +701,7 @@ int LOOLWSD::childMain() int LOOLWSD::main(const std::vector<std::string>& args) { + logger().information("uid=" + std::to_string(getuid()) + " euid=" + std::to_string(geteuid())); if (childMode()) return childMain(); diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp index 0171ca9..db99dd8 100644 --- a/loolwsd/LOOLWSD.hpp +++ b/loolwsd/LOOLWSD.hpp @@ -10,6 +10,8 @@ #ifndef INCLUDED_LOOLWSD_HPP #define INCLUDED_LOOLWSD_HPP +#include "config.h" + #include <string> #include <Poco/Util/OptionSet.h> @@ -49,6 +51,11 @@ private: bool _doTest; Poco::UInt64 _childId; static int _numPreSpawnedChildren; + +#if ENABLE_DEBUG +public: + static bool runningAsRoot; +#endif }; #endif commit 99b7fcdfa8113280b6a3cb0ba5a28a482b8c6ef4 Author: Tor Lillqvist <[email protected]> Date: Fri May 22 14:34:13 2015 +0100 Include dynamic loader and more system libraries on OS X diff --git a/loolwsd/loolwsd-systemplate-setup b/loolwsd/loolwsd-systemplate-setup index cdd3cdd..c473248 100755 --- a/loolwsd/loolwsd-systemplate-setup +++ b/loolwsd/loolwsd-systemplate-setup @@ -39,6 +39,12 @@ cd / || exit 1 done | grep -v dynamic | cut -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | sed -e 's,^/,,' else + find usr/lib/dyld \ + usr/lib/libauto.dylib \ + usr/lib/libc++abi.dylib \ + usr/lib/system/*.dylib \ + -type f + find $INSTDIR -name '*.dylib' | while read file; do otool -L $file 2>/dev/null _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
