proot improved kernel compatibility
TRANSCRIPT
![Page 1: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/1.jpg)
Running programs froma recent guest distro
on an obsolete host distro
![Page 2: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/2.jpg)
Why would you do such a thing?
• Validate programs for the guest distro
• Use programs available only for the guest distro
• Publish programs with their original environment for the sake of reproducibility (CARE, CDE)
• …
2
![Page 3: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/3.jpg)
How could you do such a thing?
• Full virtualisation : virtual hardware booting the guest OS (VirtualBox, VMWare, …)
• Partial virtualisation : guest programs requests are redirected to the host kernel
– Kernel based : chroot– LD_PRELOAD based : ScratchBox2, fakechroot, …– ptrace based : PRoot, CDE, fakeroot-ng, ...
3
![Page 4: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/4.jpg)
Risk with partial virtualisation ... 4
“FATAL: kernel too old”
![Page 5: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/5.jpg)
Solution ! 5
PRoot makes your kernel
grow younger!
![Page 6: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/6.jpg)
Kernel features emulated by PRoot 6
kernel version
Emulated features
2.6.16 openat, linkat, ... syscalls
2.6.19 epoll_pwait syscall
2.6.23 CLOEXEC flag for open
2.6.24 DUPFD_CLOEXEC command for fcntl
2.6.27 CLOEXEC, NONBLOCK flags for many syscalls
2.6.28 accept4 syscall
2.6.29 AT_RANDOM ELF auxiliary vector
* AT_SYSINFO ELF auxiliary vector (discarded)
* heap allocation
![Page 7: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/7.jpg)
How does it work?
• Syscall emulation : replace unsupported syscalls with something equivalent.
Example :
openat(<fd>, <path>, …)
is converted into :
open(canon(
readlink(/proc/<pid>/fd/<fd>)
+ <path>), …)
7
![Page 8: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/8.jpg)
How does it work?
• Flag emulation : append one or several calls to fcntl right after the original syscall :
Example :
open(<path>, <flags> | O_CLOEXEC)
is converted into :
fcntl(open(<path>, <flags>), FD_CLOEXEC)
8
![Page 9: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/9.jpg)
How does it work in PRoot?
• ELF auxiliary vectors : read/write the process memory right after execve
• heap allocation: replace call to brk with call to mmap or mremap
9
![Page 10: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/10.jpg)
Demo time !
1.On Redhat 4.7, only VLC 0.8.6 is officially available
2.It’s way too old !
3.Let’s build the VLC 2.0.8 on Redhat 4.7 …
4.… never mind, 57 packages are missing or outdated
5.Let’s run VLC 2.0.8 from Ubuntu 13.04 (Linux 3.8.0, 2012-06-04)
on Redhat 4.7 (Linux 2.6.9, 2004-10-19):1. without proot -k : « FATAL : kernel too old »
2. with proot -k : http://youtu.be/AJ5kaO1HKlU
6.It works whatever the host and guest systems are !
10
![Page 11: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/11.jpg)
Demo dynamic statistics 11
● 115.000 syscalls
● 200 emulated syscalls
● 1700 emulated flags
● 50 ELF auxiliary vector changes
● 400 emulated heap syscalls
![Page 12: PRoot improved kernel compatibility](https://reader033.vdocuments.net/reader033/viewer/2022052507/558c14f2d8b42a01148b4740/html5/thumbnails/12.jpg)
When? 12
This kernel compatibility support
will be available in
PRoot and CARE
by the end of Septembre (2013).