proot improved kernel compatibility
TRANSCRIPT
Running programs froma recent guest distro
on an obsolete host distro
Why would you do such a thing?
• Validate programs for the guest distro
• Use programs available only for the guest distro
• Publish programs with their original environment for the sake of reproducibility (CARE, CDE)
• …
2
How could you do such a thing?
• Full virtualisation : virtual hardware booting the guest OS (VirtualBox, VMWare, …)
• Partial virtualisation : guest programs requests are redirected to the host kernel
– Kernel based : chroot– LD_PRELOAD based : ScratchBox2, fakechroot, …– ptrace based : PRoot, CDE, fakeroot-ng, ...
3
Risk with partial virtualisation ... 4
“FATAL: kernel too old”
Solution ! 5
PRoot makes your kernel
grow younger!
Kernel features emulated by PRoot 6
kernel version
Emulated features
2.6.16 openat, linkat, ... syscalls
2.6.19 epoll_pwait syscall
2.6.23 CLOEXEC flag for open
2.6.24 DUPFD_CLOEXEC command for fcntl
2.6.27 CLOEXEC, NONBLOCK flags for many syscalls
2.6.28 accept4 syscall
2.6.29 AT_RANDOM ELF auxiliary vector
* AT_SYSINFO ELF auxiliary vector (discarded)
* heap allocation
How does it work?
• Syscall emulation : replace unsupported syscalls with something equivalent.
Example :
openat(<fd>, <path>, …)
is converted into :
open(canon(
readlink(/proc/<pid>/fd/<fd>)
+ <path>), …)
7
How does it work?
• Flag emulation : append one or several calls to fcntl right after the original syscall :
Example :
open(<path>, <flags> | O_CLOEXEC)
is converted into :
fcntl(open(<path>, <flags>), FD_CLOEXEC)
8
How does it work in PRoot?
• ELF auxiliary vectors : read/write the process memory right after execve
• heap allocation: replace call to brk with call to mmap or mremap
9
Demo time !
1.On Redhat 4.7, only VLC 0.8.6 is officially available
2.It’s way too old !
3.Let’s build the VLC 2.0.8 on Redhat 4.7 …
4.… never mind, 57 packages are missing or outdated
5.Let’s run VLC 2.0.8 from Ubuntu 13.04 (Linux 3.8.0, 2012-06-04)
on Redhat 4.7 (Linux 2.6.9, 2004-10-19):1. without proot -k : « FATAL : kernel too old »
2. with proot -k : http://youtu.be/AJ5kaO1HKlU
6.It works whatever the host and guest systems are !
10
Demo dynamic statistics 11
● 115.000 syscalls
● 200 emulated syscalls
● 1700 emulated flags
● 50 ELF auxiliary vector changes
● 400 emulated heap syscalls
When? 12
This kernel compatibility support
will be available in
PRoot and CARE
by the end of Septembre (2013).