plash (1.11) unstable; urgency=low * Add run-emacs.c and plash-gnuserv.el: major new feature. * Converted man pages and other documentation to DocBook format. Created new surface syntax for XML. * shell.c: Fixed bugs in non-interactive mode (which is used when plash is invoked with the "-c" option) so that it works. * Add socket-connect.c * Add socket-publish.c. Changed cap-protocol.[ch] to add a new interface for listening on connections, which allows you to call select() in your own code so that you can wait for events on other file descriptors. * fs-operations.c: Disable the warning about open()ing directories. Now that fchdir() works it's less relevant. It generates too many warnings with XEmacs and it gets annoying. * build-fs.c: Changed the `create' argument of fs_resolve_populate() into a `flags' argument. * You can now control whether to attach the destination as a read-write-create slot, as a read-write object, or as read-only. The second choice was not available before: this is useful for devices (eg. /dev/null) and sockets (eg. /tmp/.X11-unix/X0) when you want to grant write or connect access, but not unlink/create access. * Following symlinks: When attaching a read-write-create slot, if the slot contains a symlink it will be followed. Note, however, that symlinks are dangerous and so there is now a flag for choosing whether to follow symlinks. (However, the shell doesn't give you a choice yet -- it follows symlinks.) * build-fs-dynamic.c: Changed dir_list method to include dt_ino (inode) and dt_type fields. XEmacs won't display directory listings for filename completion without these. * shell.c: Added checks for errors to calls to fs_resolve_populate(). * shell.c: When invoking an executable object, it will now set the cwd argument appropriately (previously, it was always unset). -- Mark Seaborn Sat, 13 Aug 2005 19:43:19 +0100 plash (1.10) unstable; urgency=low * Implemented fchdir(): * Convert `struct dir_stack' to be a `struct filesys_obj'; ie. added a dummy vtable. Add the function dir_stack_make(). * For the case when open() returns a dummy FD, changed it so that the fs_op object (in the server) opens /dev/null, rather than the libc client requesting /dev/null. This removes the need for the client's file namespace to contain /dev/null, and it removes the risk of an infinite loop if /dev/null should be mapped to a directory. * libc-misc.c: Added fchdir(). Added a file descriptor table which maps file descriptor slot numbers to objects. For directory FDs, these objects will be dir_stacks. Added close(), not previously intercepted by Plash, which will now remove an entry from the table as well as closing the real kernel FD. * fs-operations.c: Added fchdir() case. * libc-misc.c: Moved duplicated error handling code into one function. -- Mark Seaborn Tue, 19 Jul 2005 22:46:31 +0100 plash (1.9) unstable; urgency=low * Use /var/lib/plash-chroot-jail rather than /usr/lib/plash-chroot-jail. It contains plash-uid-locks which needs to be writable. For FHS compliance, this needs to go into /var. * fs-operations.c: Convert main dispatch function to use a switch statement rather than a long series of tests. List method IDs in make-marshal.pl and use macros to refer to them. * chroot.c, exec-object.c: simplify by making them use get_process_caps() (which was introduced for plash-opts) * build-fs.c: New code: having constructed the node filesystem structure, there is a new way of turning it into a usable directory structure. The old way was to copy it to create fabricated directories. Now there is a new kind of fabricated directory which references the original node structure. This has two useful properties over the old way: * New stuff can be added into the directory tree dynamically. * There are "combined" fabricated directories, which are like a union with a real directory. Hence you can attach objects below other attached directories. This provides functionality similar to mount points in Linux or Plan 9. (The difference is that Linux mount points are implemented in terms of the identity of directories -- their inode numbers -- whereas combined fab dirs follow the structure. And mount points only work with directories and can only replace existing directories. Combined fab dirs can provide their own structure.) Split code out into build-fs-static.c (old) and build-fs-dynamic.c (new). Merge attach_ro_obj and attach_rw_slot fields of node. Fix potential leak when symlink_dest is overwritten (similar fix for the attach_slot field). * libc-getuid.c: Add no-ops: set{,e,re,res}{u,g}id, which always return a success result. This is necessary to run programs like `mkisofs' and `make' which do pointless UID operations. * comms.c: Fixed bug in comm_resize that could lead to buffer overruns. * shell.c: Add default installation endowment to namespace first, so that it can be overridden. -- Mark Seaborn Sat, 09 Jul 2005 19:37:09 -0400 plash (1.8) unstable; urgency=low * Add man pages (using Perl's POD format). * Swapped the precedences of "+" and "=>" arglist operators. "=>" now binds more tightly than "+". * Changed packaging and build system so that glibc can be built fully automatically. * fs-operations.c, libc-misc.c: open() now has limited functionality for opening directories. It will return a dummy FD (actually for /dev/null). This means you can call close() on it; this is sufficient to run XEmacs. * Added the "Gobj" method to fs-operations.c. Changed resolve_obj() in resolve-filename.c so that it treats objects as files as a fallback, even if they don't return OBJT_FILE. This enables us to attach things like the options object into the filesystem tree, so that we can pass them as arguments with the shell's "/x=EXPR" syntax. * Moved shell.c's Gtk code into shell-options.c, which is for a separate executable. Added an object to the shell for getting and setting options; it is bound to the variable "options". * The shell will now give a warning about running setuid/gid executables, just as the server does (the code is now shared). Also, if opening an executable fails because its read permission was not set, it gives a warning (to explain this difference from Unix). * Added a warning message, printed by the server, when a process tries to use open() on a directory. XEmacs does this. -- Mark Seaborn Sun, 15 May 2005 14:44:56 -0400 plash (1.7) unstable; urgency=low * Added `Pgid' parameter to exec object invocation. * Changed cap_run_server() so that it exits when there are no exports, not when the connection list is empty. If imports remain, gives a warning. * Added vtable_name to filesys_obj vtable for debugging purposes. * Added environment to the shell state and implemented variable expressions and finished `def' bindings. * Added `mkfs' expression. * Added d_conn to shell.c and change the code to use it. This is a more general way of starting a server, but the generalisation turned out not to be necessary. * shell.c runs gc-uid-locks on startup. * shell.c now creates a single server process on startup. * Add reconnectable-obj.[ch] * Merged filesys_slot objects into filesys_obj. The purpose of this was to allow slots to be passed between processes in order to construct filesystems on another server, but this turned out not to be immediately necessary. * Add methods: make_conn * Add log-proxy.[ch] * Add make-vtables.pl * Add make-marshall.pl * filesys_obj_free() now changes the vtable to one whose functions do assert(0) before freeing the object, to catch uses of freed objects. -- Mark Seaborn Sun, 01 May 2005 16:45:28 -0400 plash (1.6) unstable; urgency=low * Added the "pathname=expr" syntax to the shell. Added "F pathname" expression syntax for resolving pathnames. Binding a pathname uses an addition to build-fs.c, attach_at_pathname(). * shell.c: factored a lot of code into separate functions. Added "def x = EXPR" binding command, and added a "capcmd" expression. Extended `server_desc' so that the server can import capabilities from one connection, and export the imported capabilities on another connection. This is used for the return continuation that cap_cmd passes from the shell to the client (via the forked server). * Added marshalling for the `type' and `stat' methods. * Added gcc-object.c/exec-object.c. * Added filesysobj-union.c: provides recursive union directories. * Change the directory `list' method to return number of entries. Change `list' in filesysobj-real.c to use cbuf to return data (much more space efficient). * Fixed fork() so that libc's connection info is properly reinitialised. * Add object version of `exec': modified fs-operations.c and libc-fork-exec.c. * Add serialise.[ch]. The exec call has been partially changed to use these. * Change cap_invoke and cap_call so that they take (and return) values in `struct cap_args', rather than taking loads of arguments. Added cap-utils.c. * fs-operations.c: add warning to exec call about setuid bit not being honoured. -- Mark Seaborn Tue, 18 Jan 2005 13:45:18 +0000 plash (1.5) unstable; urgency=low * Updated protocols.txt to cover object-capability protocol, conn_maker and fs_op_maker. * Created `chroot' program as a test and example. * Introduced conn_maker and fs_ops_maker objects. Change the shell to start processes with references to these. Rename COMM_FD to PLASH_COMM_FD and introduce PLASH_CAPS; libc now reads these to find the indexes of its capabilities, rather than just using index 0. Introduce `copy' method to fs_ops. Change fork() to use this instead of fs_op's fork method. * build-fs.c: now uses read-only proxies. Changed the resolver so that `.' and `/' can be attached as writable. * Added filesysobj-readonly.c: provides read-only proxies for filesystem objects. One proxy type is sufficient to handle files, directories and symlinks. * cap-protocol.c: Fix uses of stale connection references. remote_obj_invoke() now correctly frees its arguments for broken connections, so calls to broken connections will return an error. -- Mark Seaborn Fri, 7 Jan 2005 15:32:16 +0000 plash (1.4) unstable; urgency=low * Implemented an object-capability protocol for use over sockets. This is another layer that I have put between the existing filesystem requests and the comms.c layer. It allows references to objects to be transferred. It's symmetric: the core protocol does not distinguish between the client and the server. The ability to transfer references is not used yet, but in the future it will provide a way for applications to construct filesystem structures on the server. A C API will be provided to do this. -- Mark Seaborn Mon, 3 Jan 2005 22:42:21 +0000 plash (1.3) unstable; urgency=low * Implemented FD redirection in the shell. * Implemented rename() and link() for the same-directory case. (The cross-directory case is trickier, 1. because it's hard to do under Unix without race conditions in the presence of symlinks, and 2. it's complicated by directory proxy objects.) * Improved one-line logging in the server. Every call to the server now produces a log line (though some are not fully filled out). * Implemented bind(). * Implemented symlink() and utime()/utimes(). * Changed getuid() and getgid() so that they can take the uid/gid from the environment variables PLASH_FAKE_UID/GID. Some programs cannot cope when they have a uid that does not have an entry in /etc/passwd. * Added run-as-anonymous. * Implemented globbing in the shell. Pathnames now have structure in the grammar; their components are separated by the parser. When a pathname doesn't contain any wildcards, it is converted back into a string. It is canonicalised in the process; duplicate '/'s are collapsed. * Fixed FD leak: the fabricated directory structure is now freed. -- Mark Seaborn Wed, 29 Dec 2004 17:10:41 +0000 plash (1.2) unstable; urgency=low * Added support for `#!' scripts (to both the shell and the server). * Add the ability to run programs conventionally with the `!!' prefix. * Add pipes. * Fix bug in server that caused it to ignore processes when there are multiple processes. * Added options window that can be used to turn debugging output on. Can be opened using the "opts" command. * Build libpthread.so so that it doesn't contain filesystem syscalls. The relevant functions are now forwarded to libc.so. * Remove glibc's io/open64.os from the link. This includes a syscall, but didn't in an earlier glibc. This is a rather embarrassing bug because it shows I didn't do much testing -- even cat uses open64(). -- Mark Seaborn Fri, 17 Dec 2004 04:15:08 +0000 plash (1.1) unstable; urgency=low * Added job control. -- Mark Seaborn Fri, 10 Dec 2004 04:15:08 +0000 plash (1.0) unstable; urgency=low * Initial release. -- Mark Seaborn Thu, 2 Dec 2004 04:15:08 +0000