From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JWL1N-0007vX-Vp
	for qemu-devel@nongnu.org; Mon, 03 Mar 2008 19:28:42 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JWL1M-0007vK-FX
	for qemu-devel@nongnu.org; Mon, 03 Mar 2008 19:28:41 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JWL1M-0007vH-5W
	for qemu-devel@nongnu.org; Mon, 03 Mar 2008 19:28:40 -0500
Received: from static-71-162-243-5.phlapa.fios.verizon.net ([71.162.243.5]
	helo=grelber.thyrsus.com)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <rob@landley.net>) id 1JWL1L-0007w2-S2
	for qemu-devel@nongnu.org; Mon, 03 Mar 2008 19:28:40 -0500
Received: from landley.net (localhost [127.0.0.1])
	by grelber.thyrsus.com (Postfix) with ESMTP id 99E022C83D7
	for <qemu-devel@nongnu.org>; Mon,  3 Mar 2008 19:30:37 -0500 (EST)
From: Rob Landley <rob@landley.net>
Date: Mon, 3 Mar 2008 18:28:22 -0600
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200803031828.22657.rob@landley.net>
Subject: [Qemu-devel] [PATCH] -chroot and -su options.
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Quick and dirty patch to teach qemu application emulation how to chroot (and
drop privs), so you don't have to pollute a target filesystem with host code,
and/or figure out how to build qemu static in order to run a dynamic binary.

diff --git a/linux-user/main.c b/linux-user/main.c
index 124b98c..b010fd2 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -1905,6 +1905,10 @@ void usage(void)
            "-cpu model        select CPU (-cpu ? for list)\n"
            "-drop-ld-preload  drop LD_PRELOAD for target process\n"
            "\n"
+           "Root options:\n"
+           "-chroot dir       chroot to dir\n"
+           "-su uid:gid       set numeric user and group IDs\n"
+           "\n"
            "Debug options:\n"
            "-d options   activate log (logfile=%s)\n"
            "-p pagesize  set the host page size to 'pagesize'\n"
@@ -2011,6 +2015,28 @@ int main(int argc, char **argv)
             drop_ld_preload = 1;
         } else if (!strcmp(r, "strace")) {
             do_strace = 1;
+        } else if (!strcmp(r, "chroot")) {
+            if (chdir(argv[optind++]) || chroot(".")) {
+                fprintf(stderr, "Can't chroot to '%s' (are you root?)\n",
+                    argv[--optind]);
+                _exit(1);
+            }
+        } else if (!strcmp(r, "su")) {
+            int temp;
+            char *gid = strchr(argv[optind], ':');
+            if (gid) {
+                temp = atoi(++gid);
+                if (setresgid(temp, temp, temp)) {
+                    fprintf(stderr, "Can't set gid to %d (are you root?)\n",
+                        temp);
+                    _exit(1);
+                }
+           }
+           temp = atoi(argv[optind++]);
+           if (setresuid(temp, temp, temp)) {
+               fprintf(stderr, "Can't set uid to %d (are you root?)\n", temp);
+               _exit(1);
+           }
         } else
         {
             usage();

-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.