Re: App control of linc/link part of ORBit2

From: Jan Kratochvil <rcpt-orbit-list AT gnome org jankratochvil net>
To: Michael Meeks <michael ximian com>
Cc: orbit <orbit-list gnome org>
Subject: Re: App control of linc/link part of ORBit2
Date: Fri, 7 Nov 2003 07:31:45 +0100

Hi Michael,

On Wed, 05 Nov 2003 13:08:02 +0100, Michael Meeks wrote:
> On Tue, 2003-11-04 at 09:43, Jan Kratochvil wrote:
> > I was successfuly using ORBit2 up to 2.6.0 to provide safe and clear RPC/API
> > communication with part of code running in chroot(2)ed environment.
...
> 	Wow - that sounds most interesting :-) what application was this for
> specifically ?

http://www.jankratochvil.net/project/captive/doc/Details.html.pl#sandbox

The first full read/write free access to NTFS disk drives was achieved by using
the original ntfs.sys driver. The emulated W32 environment running the original
W32 filesystem driver is separated from the rest of UNIX OS to be restartable
and secure. Sandboxing is provided by UNIX process with separate memory space,
chroot(2), setuid(2), setrlimit(2) and CORBA/ORBit RPC.

Scheme:
	http://www.jankratochvil.net/project/captive/doc/dia/arch-all.png

...
> 	the tmpdir is now set by src/orb/GIOP/giop.c's (giop_tmpdir_init),
> which uses g_get_tmpdir to locate it's directory. You can configure that
> by a putenv("TMPDIR=/foo/baa"); or some nicer env. setting mechanism.
> Alternatively - if you want a directly equivalent fix you could hook the
> (internal, private etc.) link_set_tmpdir method.

OK, currently using link_set_tmpdir() as it is IMO as broken dependency as the
expectation ORBit2 really uses g_get_tmp_dir() and GLib really believes
'TMPDIR' environment... At least the dynamic linkage will fail when
link_set_tmpdir() ceases to be available.

> > Also public linc_main_get_loop() allowed safe CORBA_ORB_run() break-out by
> > asynchronous non-CORBA events occuring during CORBA_ORB_run() events handling.
> 
> 	Hmm; this requirement is not really clear to me.

I looked now it was not much critical as I just check the possible SIGKILL of
my parent process by heartbeat pipe fd poll() checking for G_IO_ERR|G_IO_HUP.
Otherwise there could remain stale child servers waiting for CORBA requests.

It would be also possible to hard kill the child server from
GSourceFuncs->dispatch() instead of the proper g_main_quit() of its mainloop
but fortunately it is not needed.

...
> 	However - the good news is, that you should just be able to use the
> default glib mainloop wherever you were using the linc loop before; just
> replace all calls to CORBA_ORB_run with something like:
> 
> 	ctxt = g_main_context_default ();
> 	loop = g_main_loop_new (ctxt, TRUE);
> 	g_main_loop_run (loop);

Works like a charm now, thanks.

Regards,
Lace

-- 
Jan Kratochvil; Captive: free r/w NTFS Filesystem; http://www.jankratochvil.net/

Follow-Ups:
- Re: App control of linc/link part of ORBit2
  - From: Michael Meeks

References:
- App control of linc/link part of ORBit2
  - From: Jan Kratochvil
- Re: App control of linc/link part of ORBit2
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]