[Toybox] Notes to self: strace and containers.

Rob Landley rob at landley.net
Tue Oct 25 21:47:38 PDT 2016



On 10/25/2016 11:37 AM, enh wrote:
> On Tue, Oct 25, 2016 at 1:54 AM, Rob Landley <rob at landley.net> wrote:
>> 1)
>> https://blog.nelhage.com/2010/08/write-yourself-an-strace-in-70-lines-of-code/
> 
> that's the easy bit though... the vast majority of the work with
> strace is the struct decoding. it doesn't look too insane until you
> try to support more than one architecture [or more than one
> personality within an architecture], but quickly gets out of hand.
> 
> and just the arm/aarch64 and x86/x86-64 combinations are non-uniform
> enough; ignoring nonsense like s/390 [thanks for nothing, s/390:
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619]
> won't save you.

Table driven logic covers a multitude of sins. Admittedly with new sins,
but it's progress of a sort.

That said, "made these syscalls, here's the 6 registers and maybe a
hexdump of the data blob" seems a reasonable start. It may be not be
80/20 (possibly 50/20 or even 20/20), but it's better than nothing.

>> 2) https://blog.lizzie.io/linux-containers-in-500-loc.html
>>
>> Note on that second one, android is already using "minijail":
>>
>>   https://www.youtube.com/watch?v=oGmj6CUEup0
>>   https://android.googlesource.com/platform/external/minijail/+/master/
> 
> yeah, it was mentioned briefly here:
> 
> http://android-developers.blogspot.com/2016/07/protecting-android-with-more-linux.html

Very nice. So the deterministic rowhammer attacks on mobile devices
thing (https://www.vusec.net/projects/drammer/) is mitigated by which
part of that?

> and you can see in the tree it's currently used for a handful of more
> exposed services (media/network stuff). it's used more heavily by
> ChromeOS and Brillo, including for running Android apps on ChromeOS.

Indeed. It's nice to see Android developing a container strategy, and I
need to come up to speed on that. (Setting up a "posix container" under
android continues to be a todo item, as is an app that can allocate more
than one UID for itself so it can have a "root" and "user".)

This week, however, I'm in tokyo writing GPS software for $DAYJOB. (I'm
not 100% certain
https://www.gps.gov/technical/ps/1995-SPS-signal-specification.pdf was
intended to be read by humans, but we push on regardless.)

Rob


More information about the Toybox mailing list