proot improved kernel compatibility

Running programs froma recent guest distro

on an obsolete host distro

Why would you do such a thing?

• Validate programs for the guest distro

• Use programs available only for the guest distro

• Publish programs with their original environment for the sake of reproducibility (CARE, CDE)

• …

2

How could you do such a thing?

• Full virtualisation : virtual hardware booting the guest OS (VirtualBox, VMWare, …)

• Partial virtualisation : guest programs requests are redirected to the host kernel

– Kernel based : chroot– LD_PRELOAD based : ScratchBox2, fakechroot, …– ptrace based : PRoot, CDE, fakeroot-ng, ...

3

Risk with partial virtualisation ... 4

“FATAL: kernel too old”

Solution ! 5

PRoot makes your kernel

grow younger!

Kernel features emulated by PRoot 6

kernel version

Emulated features

2.6.16 openat, linkat, ... syscalls

2.6.19 epoll_pwait syscall

2.6.23 CLOEXEC flag for open

2.6.24 DUPFD_CLOEXEC command for fcntl

2.6.27 CLOEXEC, NONBLOCK flags for many syscalls

2.6.28 accept4 syscall

2.6.29 AT_RANDOM ELF auxiliary vector

* AT_SYSINFO ELF auxiliary vector (discarded)

* heap allocation

How does it work?

• Syscall emulation : replace unsupported syscalls with something equivalent.

Example :

openat(<fd>, <path>, …)

is converted into :

open(canon(

readlink(/proc/<pid>/fd/<fd>)

+ <path>), …)

7

How does it work?

• Flag emulation : append one or several calls to fcntl right after the original syscall :

Example :

open(<path>, <flags> | O_CLOEXEC)

is converted into :

fcntl(open(<path>, <flags>), FD_CLOEXEC)

8

How does it work in PRoot?

• ELF auxiliary vectors : read/write the process memory right after execve

• heap allocation: replace call to brk with call to mmap or mremap

9

Demo time !

1.On Redhat 4.7, only VLC 0.8.6 is officially available

2.It’s way too old !

3.Let’s build the VLC 2.0.8 on Redhat 4.7 …

4.… never mind, 57 packages are missing or outdated

5.Let’s run VLC 2.0.8 from Ubuntu 13.04 (Linux 3.8.0, 2012-06-04)

on Redhat 4.7 (Linux 2.6.9, 2004-10-19):1. without proot -k : « FATAL : kernel too old »

2. with proot -k : http://youtu.be/AJ5kaO1HKlU

6.It works whatever the host and guest systems are !

10

Demo dynamic statistics 11

● 115.000 syscalls

● 200 emulated syscalls

● 1700 emulated flags

● 50 ELF auxiliary vector changes

● 400 emulated heap syscalls

When? 12

This kernel compatibility support

will be available in

PRoot and CARE

by the end of Septembre (2013).