2. Why would you do such a thing?
•Validate programs for the guest distro
•Use programs available only for the guest distro
•Publish programs with their original environment
for the sake of reproducibility (CARE, CDE)
•…
2
3. How could you do such a thing?
• Full virtualisation : virtual hardware booting the
guest OS (VirtualBox, VMWare, …)
• Partial virtualisation : guest programs requests
are redirected to the host kernel
– Kernel based : chroot
– LD_PRELOAD based : ScratchBox2, fakechroot, …
– ptrace based : PRoot, CDE, fakeroot-ng, ...
3
6. Kernel features emulated by PRoot 6
kernel
version
Emulated features
2.6.16 openat, linkat, ... syscalls
2.6.19 epoll_pwait syscall
2.6.23 CLOEXEC flag for open
2.6.24 DUPFD_CLOEXEC command for fcntl
2.6.27 CLOEXEC, NONBLOCK flags for many syscalls
2.6.28 accept4 syscall
2.6.29 AT_RANDOM ELF auxiliary vector
* AT_SYSINFO ELF auxiliary vector (discarded)
* heap allocation
7. How does it work?
•Syscall emulation : replace unsupported
syscalls with something equivalent.
Example :
openat(<fd>, <path>, …)
is converted into :
open(canon(
readlink(/proc/<pid>/fd/<fd>)
+ <path>), …)
7
8. How does it work?
•Flag emulation : append one or several calls to
fcntl right after the original syscall :
Example :
open(<path>, <flags> | O_CLOEXEC)
is converted into :
fcntl(open(<path>, <flags>), FD_CLOEXEC)
8
9. How does it work in PRoot?
•ELF auxiliary vectors : read/write the process
memory right after execve
•heap allocation: replace call to brk with call to
mmap or mremap
9
10. Demo time !
1.On Redhat 4.7, only VLC 0.8.6 is officially available
2.It’s way too old !
3.Let’s build the VLC 2.0.8 on Redhat 4.7 …
4.… never mind, 57 packages are missing or outdated
5.Let’s run VLC 2.0.8 from Ubuntu 13.04 (Linux 3.8.0, 2012-06-04)
on Redhat 4.7 (Linux 2.6.9, 2004-10-19):
1.without proot -k : « FATAL : kernel too old »
2.with proot -k : http://youtu.be/AJ5kaO1HKlU
6.It works whatever the host and guest systems are !
10