LD_PRELOAD work in progress

Jamie Strandboge jamie at canonical.com
Tue Feb 24 22:40:21 UTC 2015 

On 02/24/2015 03:29 PM, Michael Terry wrote:
> Hello!  So I worked on a proof-of-concept for faking an overlayfs scenario by
> doing path-redirection in an LD_PRELOAD library.
> 
> I've got working code here: lp:~mterry/+junk/snappy-preload
> 
This is a very intriguing idea.

Making debs from the archive reusable in snaps easily is a really great goal.
The suggested overlayfs approach in my mind has two major drawbacks though: 1)
backporting overlayfs to earlier kernels is hard and not porting-friendly and 2)
there is a difficult disconnected path issue with apparmor with the current
implementation[1]. In addition to those, I've been quite concerned about the
complexity that adding overlayfs mounts brings to the snappy user and developer
experience. This LD_PRELOAD idea removes the two major drawbacks and IMO makes
for the possibility of a better experience.

The security team is tasked with looking at the viability of overlayfs wrt the
apparmor issue[1] (there is some promising upstream work happening that may
help) and we will add examining this LD_PRELOAD approach.

I'm very curious what others have to say.

Thanks Michael!

[1]https://launchpad.net/bugs/1408106

> I've tested a few simple programs like bsdgame's boggle and xterm and they run
> fine.  I'm going to try harder things and see what issues I run into.
> 
> Here's how I tested:
> - Took a deb's contents, copy it all to a temporary directory, uninstall that
> package
> - Run the binary like:
> LD_PRELOAD=/home/mike/Work/code/snappy-preload/trunk/builddir/src/libsnappypreload.so
> SNAPPY_PRELOAD=/tmp/xterm /tmp/xterm/usr/bin/xterm
> 
> (LD_PRELOAD pointing to the built redirection library, and SNAPPY_PRELOAD to
> point at the rootfs for the overlay.)
> 
> What's the state of the art for sucking a deb package and its dependencies into
> an arbitrary filesystem tree?
> 
> There are dpkg hooks and such that would be good to run in such cases, I
> imagine.  But I don't know much about getting dpkg to install to arbitrary
> locations and forget about the package afterwards.  (You can do it a bit with
> dpkg --root, but that situation seems to want all packages to be in the root,
> rather than accepting that some deps come from the system.)
> 
> I also bet the logic to grab dependencies down to a certain level is probably
> out there already, I just don't know where.
> 
> -- 
> -mt
> 
> 


-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150224/8bd2b2bd/attachment-0001.pgp>

More information about the snappy-devel mailing list