disallow mmap(MAP_FILE) from a rump kernel fd

Actually, we need both lseek and _lseek so that out-of-libc references
go to the right place instead of directly to __lseek. Seeking in
mplayer works now.

hijack:
1) {,f,l}chflags (used e.g. by cp(1))
2) p{read,write}{,v} (used by many)

fix tests/lib/librumphijack/t_asyncio:invafd -- dual poll on invalid fd

fix symlink pathname examination (rationale-to-joerg: so that it works)

hijack __getcwd()

and now with less crazy whitespace

support PF_OROUTE and PF_MPLS where available

hijack libc-internal name for lseek so that libc-internal callers
go to the right kernel too.

block cross-kernel rename in the other direction also

fix rename

uhm, put PF_LOCAL on the socketlist

give the signmonkey a banana

Use the env variable RUMPHIJACK to specify what facilities should
be hijacked. If it's not specified, the default is
"path=/rump,socket=all:nolocal".

So, if you're moof and want to relive your doma

Use the env variable RUMPHIJACK to specify what facilities should
be hijacked. If it's not specified, the default is
"path=/rump,socket=all:nolocal".

So, if you're moof and want to relive your domain/os days (??),
you can do this:

pain-rustique:51:~> setenv RUMPHIJACK 'path=//'
pain-rustique:52:~> df //dev
Filesystem 1K-blocks Used Avail %Cap Mounted on
rumpfs 1 1 0 100% /
pain-rustique:53:~> df /dev
Filesystem 1K-blocks Used Avail %Cap Mounted on
/dev/wd0a 1019864 280640 688232 28% /

show more ...

Support mount/unmount too. So, things are now generally at a stage
where you can mount a file system with a userspace server *without*
it having to go through puffs.

Say, you first start a server w

Support mount/unmount too. So, things are now generally at a stage
where you can mount a file system with a userspace server *without*
it having to go through puffs.

Say, you first start a server with ffs capability and map a host
ffs image into it:

rump_server -lrumpvfs -lrumpfs_ffs \
-d key=/ffsimg,hostpath=ffs2.img,size=e unix:///tmp/ffsserv

Then, configure your shell to talk to the rump server:

setenv RUMP_SERVER unix:///tmp/ffsserv
setenv LD_PRELOAD /usr/lib/librumphijack.so

Create a mountpoint and mount the file system:

pain-rustique:60:~> sh
$ cd /rump
$ ls
dev
$ ls -l
total 1
drwxr-xr-x 2 root wheel 512 Feb 17 18:00 dev
$ mkdir mnt
$ mount_ffs /ffsimg /rump/mnt
mount_ffs: Warning: realpath /ffsimg: No such file or directory
$ df -h mnt
Filesystem Size Used Avail %Cap Mounted on
/ffsimg 496M 380M 91M 80% /mnt
$ du -sckh *
192K dev
380M mnt
381M total
$ umount -R mnt
$ df -h mnt
Filesystem Size Used Avail %Cap Mounted on
rumpfs 1.0K 1.0K 0B 100% /
$

(note, you need -R to umount due to various degrees of unsuccesful
magic it attempts to perform without it)

show more ...

In case dup2(n, n+FDOFF) is done, the caller thinks there are two
distinct file descriptors, but the rump kernel thinks they are both
the same. Now, if either one is closed by the application, "both

In case dup2(n, n+FDOFF) is done, the caller thinks there are two
distinct file descriptors, but the rump kernel thinks they are both
the same. Now, if either one is closed by the application, "both"
will be closed in the rump kernel. To fix this, maintain an
alias-mask. It's not a perfect solution, though (consider e.g.
F_SETFL). Maybe we should actually dup the fd and maintain a
mapping table?

Also, prevent the host from opening file descriptors onto the places
in the fd namespace that have been dupped.

These together fix "cat < /rump/foo" in a hijacked /bin/sh.
(the first one makes sure stdin is open in cat and the second one
makes sure it doesn't try to cat something from /usr/share/locale
instead of stdin)

show more ...

fix signature. from pgoyette

Hijack pathname-based system calls. Now all paths starting with
/rump are hijacked to go to the rump server. So you can e.g. start
a hijacked shell and cd to /rump:

$ cd /rump
$ pwd
/rump
$ ls -l

Hijack pathname-based system calls. Now all paths starting with
/rump are hijacked to go to the rump server. So you can e.g. start
a hijacked shell and cd to /rump:

$ cd /rump
$ pwd
/rump
$ ls -l dev/null
crwxr-xr-x 1 root wheel 2, 2 Feb 17 12:35 dev/null
$ ls -l /dev/null
crw-rw-rw- 1 root wheel 2, 2 Dec 22 2009 /dev/null
$ chmod 0 /dev/null
chmod: /dev/null: Operation not permitted
$ chmod 0 dev/null
$ ls -l /rump/dev/null
c--------- 1 root wheel 2, 2 Feb 17 12:35 /rump/dev/null

(of course the rump server must have vfs loaded for that to work)

show more ...

* set default server connection retry to 0 (no reconnection attempts).
while for some cases attempting retry after server restart works
brilliantly (e.g. firefox), in other cases it's quite disas

* set default server connection retry to 0 (no reconnection attempts).
while for some cases attempting retry after server restart works
brilliantly (e.g. firefox), in other cases it's quite disasterous
(sshd doesn't like its file descriptors going missing and does not
attempt to reopen them, leading to a quite catastophic loop of
EBADF once the server does come back)
* rename RUMPHIJACK_RETRY to the slightly more sensible
RUMPHIJACK_RETRYCONNECT

show more ...

Support vfork. Add rumpclient wrapper for daemon(3).

Push the fiddly tasks for exec and fork from rumphijack to rumpclient.
This makes it possible easily execute those operations also from
non-hijacked rump clients (plus fixes one memory leak in an err

Push the fiddly tasks for exec and fork from rumphijack to rumpclient.
This makes it possible easily execute those operations also from
non-hijacked rump clients (plus fixes one memory leak in an error
branch).

show more ...

dup() is now implemented using fcntl()

Properly implement fcntl commands: F_DUPFD, F_CLOSEM, F_MAXFD

A bunch of changes which essentially make sshd work with a hijacked
rump tcp/ip stack:

* sshd likes to fork and then re-exec itself
==> trap execve() and augment the env with the current parameter

A bunch of changes which essentially make sshd work with a hijacked
rump tcp/ip stack:

* sshd likes to fork and then re-exec itself
==> trap execve() and augment the env with the current parameters
essential to a rump kernel (kernel communication fd, information
about dup2'd file descriptors)

* sshd likes to play lots of games with pipes, socketpairs and dup{,2}()
==> make sure we do not close essential rump client descriptors:
dup() them to a safe place, except for F_CLOSEM where we
simply leave them alone. also, partially solved by the above,
make sure the process's set of rump kernel descriptors persists
over exec()

* sshd likes to chdir() before exec
==> for unix-style rump_sp(7) sockets save the full path on the
initial exec and use it afterwards. thread the path through
the environment in execve()

show more ...

Fix select() if no fds are set.

patch from Alexander Nasonov, PR lib/44552