vfs.py - sandboxing with option to write
Hi, I have been tracing: vfs.py, pypy_interact.py and sandlib.py. Just to make sure that I got it right. * The object RealFile in vfs.py is first used then we know that here is a RealFile on the real system that is the --tmp=directory, the method is also use on python files I can see from my trace? * The join method in RealDir is the key, because it maps (join) the virtual filename to a real filename og real directory So if I want to expand the vfs.py I need to modify RealDir to allow to return RealFile for files that are new, that is that they are not part of names. On files that do exist and I want to write to then, I do not have a clue. As I can see I get the error even then I open the file using open( "myFile", "w"). And because of that I am not sure about my previous statement " So if I want to expand the vfs.py I need to modify RealDir to allow to return RealFile for files that are new, that is that they are not part of names." Regards, Søren Laursen
Hi Soren, On Fri, Apr 09, 2010 at 03:50:41PM +0200, Søren Laursen wrote:
On files that do exist and I want to write to then, I do not have a clue. As I can see I get the error even then I open the file using open( "myFile", "w").
The basics is what occurs when you do open("myfile","w") in the sandboxed interpreter. First, the interpreter itself translates your call to a call to the Posix function (man 2 open). That call is intercepted by the sandboxing mechanism, and translated in sandlib.py in a call to do_ll_os__ll_os_open(). That's where you can start tweaking. So far, do_ll_os__ll_os_open() checks that we are calling it with O_RDONLY and always raises EPERM otherwise. You need to change that by carefully adding more cases there. Note that the get_node() method in sandlib.py translates a Posix path given by do_ll_os__ll_os_open() -- which is the "myfile" specified in the interpreter -- into a "node", which is so far a VFS File or Dir. You also need to add a few method, at least do_ll_os__ll_os_write(), to handle writes. A bientot, Armin.
participants (2)
-
Armin Rigo
-
Søren Laursen