LD_PRELOAD work in progress

Jamie Strandboge jamie at canonical.com
Mon Mar 2 15:35:05 UTC 2015

On 03/02/2015 09:07 AM, Michael Terry wrote:
> Sorry, I've been distracted by unity8 work and holiday, but I'm coming back to
> this thread.
> So my original goal was to easily (and in shortish time frame) use archive debs
> in a very fat (non-phone) snap.  Seems there are several possible ways to do
> that (this list is collated from this thread, looking largely at features
> instead of maintenance or security complexity):
Thanks for this!

> Overlayfs (currently blessed approach):
> - Won't work on android kernels without significant backport work on our end
- Won't (currently) work with apparmor without significant effort (LP: #1408106)

(this may not be as dire as that-- we are investigating new changes being made
upstream now and should know more this week. However, is isn't all rosy either--
we know upstream has plans to work better with LSMs, but it isn't implemented yet)

> - Is hairy to get right for all cases (many obscure low-level entry points that
> take a filename, pitti warns there are gaps)
> - App might make a direct ioctl calls that can't be intercepted

I'm somewhat confused by this: doesn't the ioctl(2) call take an open fd and
therefore we wouldn't need to do anything special for it?

> - Can't work for programs that statically-link glibc (which isn't so bad because
> those aren't likely to want to pull in other debs)
> - Won't work for set[ug]id programs (which isn't a problem for snappy use cases
> right now, I believe)

Correct. Apps can't ship setuid/setgid programs

> Aufs:
> - (out of my historical depth) Old competitor of overlayfs that we could
> resurrect in cases that overlayfs can't work, so there would be some maintenance
> work on our end to make this deprecated technology work again

- needs some apparmor changes to work correctly

Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150302/433a0e91/attachment.pgp>

More information about the snappy-devel mailing list