Quantcast

pledge(2) binding for Haskell

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

pledge(2) binding for Haskell

Matthias Kilian
Add a binding to pledge(2) to package 'unix'.

To use it:

- run ghc with -package unix

- import System.OpenBSD.Process ( pledge )

- call the pledge function as needed. It returns an IO () computation,
  which will throw an exception in case of an error.

Notes:

- I'll also merge the -main and -doc subpackages, so no bump yet.

- The module System.OpenBSD.Process may end in its own package in the
  future, but for now it's probably to put it into the unix package.


Comments (and tests) are welcome.

Ciao,
        Kili

Index: files/Process.hsc
===================================================================
RCS file: files/Process.hsc
diff -N files/Process.hsc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/Process.hsc 19 Jan 2016 07:58:19 -0000
@@ -0,0 +1,29 @@
+{-# LANGUAGE Safe #-}
+
+module System.OpenBSD.Process ( pledge ) where
+
+import Foreign
+import Foreign.C
+import System.Posix.Internals ( withFilePath )
+
+pledge :: String -> [FilePath] -> IO ()
+
+pledge promises paths =
+  withCString promises $ \cproms ->
+  withPaths2Array0 paths $ \paths_arr ->
+  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
+
+withPaths2Array0 :: [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
+
+-- If paths is the empty list, just pass a nullPtr instead of an
+-- array containing only a nullPtr. This avoids EINVAL while the
+-- paths feature of pledge(2) is still disabled.
+withPaths2Array0 [] f = f nullPtr
+
+withPaths2Array0 paths f =
+  withMany withFilePath paths $ \cstrs ->
+  withArray0 nullPtr cstrs $ \paths_arr ->
+  f paths_arr
+
+foreign import ccall unsafe "unistd.h pledge"
+  c_pledge :: CString -> Ptr CString -> IO CInt
Index: patches/patch-libraries_unix_unix_cabal
===================================================================
RCS file: patches/patch-libraries_unix_unix_cabal
diff -N patches/patch-libraries_unix_unix_cabal
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-libraries_unix_unix_cabal 19 Jan 2016 07:58:19 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- libraries/unix/unix.cabal.orig Sun Jan  4 23:56:26 2015
++++ libraries/unix/unix.cabal Tue Jan 19 00:42:33 2016
+@@ -109,6 +109,8 @@ library
+         System.Posix.Terminal
+         System.Posix.Terminal.ByteString
+
++        System.OpenBSD.Process
++
+     other-modules:
+         System.Posix.Directory.Common
+         System.Posix.DynamicLinker.Common

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Sebastien Marie-2
On Tue, Jan 19, 2016 at 09:09:49AM +0100, Matthias Kilian wrote:
> Add a binding to pledge(2) to package 'unix'.

Just a question, as I am unsure by just reading the code.

> Index: files/Process.hsc
> ===================================================================
> RCS file: files/Process.hsc
> diff -N files/Process.hsc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/Process.hsc 19 Jan 2016 07:58:19 -0000
> @@ -0,0 +1,29 @@
> +{-# LANGUAGE Safe #-}
> +
> +module System.OpenBSD.Process ( pledge ) where
> +
> +import Foreign
> +import Foreign.C
> +import System.Posix.Internals ( withFilePath )
> +
> +pledge :: String -> [FilePath] -> IO ()

Shouldn't be:

pledge :: String -> Maybe [FilePath] -> IO ()

in order to differenciate passing not second argument, and an empty
array ?


Because these C codes have differents meaning:

pledge("stdio rpath", NULL)

and

char *empty = {NULL};
pledge("stdio rpath", empty);

The first is to not specify `paths' argument (so no particular addition
restriction), and the second is to add the restriction to no accessible
paths (but well, it is EINVAL currently).

Thanks.
--
Sebastien Marie

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Sebastien Marie-2
On Tue, Jan 19, 2016 at 09:29:58AM +0100, Sebastien Marie wrote:
>
> char *empty = {NULL};
> pledge("stdio rpath", empty);
>

should be better with an array of char *, sorry.

char *empty[] = { NULL };
pledge("stdio rpath", empty);

--
Sebastien Marie

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Aaron Bieber-2
In reply to this post by Matthias Kilian

Matthias Kilian writes:

> Add a binding to pledge(2) to package 'unix'.
>
> To use it:
>
> - run ghc with -package unix
>
> - import System.OpenBSD.Process ( pledge )
>
> - call the pledge function as needed. It returns an IO () computation,
>   which will throw an exception in case of an error.
>
> Notes:
>
> - I'll also merge the -main and -doc subpackages, so no bump yet.
>
> - The module System.OpenBSD.Process may end in its own package in the
>   future, but for now it's probably to put it into the unix package.
>
>
> Comments (and tests) are welcome.

I believe there is a patch missing to copy files/Process.hs into
libraries/unix/dist-install/build/System/OpenBSD/Process.hs

>
> Ciao,
> Kili
>
> Index: files/Process.hsc
> ===================================================================
> RCS file: files/Process.hsc
> diff -N files/Process.hsc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/Process.hsc 19 Jan 2016 07:58:19 -0000
> @@ -0,0 +1,29 @@
> +{-# LANGUAGE Safe #-}
> +
> +module System.OpenBSD.Process ( pledge ) where
> +
> +import Foreign
> +import Foreign.C
> +import System.Posix.Internals ( withFilePath )
> +
> +pledge :: String -> [FilePath] -> IO ()
> +
> +pledge promises paths =
> +  withCString promises $ \cproms ->
> +  withPaths2Array0 paths $ \paths_arr ->
> +  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
> +
> +withPaths2Array0 :: [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
> +
> +-- If paths is the empty list, just pass a nullPtr instead of an
> +-- array containing only a nullPtr. This avoids EINVAL while the
> +-- paths feature of pledge(2) is still disabled.
> +withPaths2Array0 [] f = f nullPtr
> +
> +withPaths2Array0 paths f =
> +  withMany withFilePath paths $ \cstrs ->
> +  withArray0 nullPtr cstrs $ \paths_arr ->
> +  f paths_arr
> +
> +foreign import ccall unsafe "unistd.h pledge"
> +  c_pledge :: CString -> Ptr CString -> IO CInt
> Index: patches/patch-libraries_unix_unix_cabal
> ===================================================================
> RCS file: patches/patch-libraries_unix_unix_cabal
> diff -N patches/patch-libraries_unix_unix_cabal
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-libraries_unix_unix_cabal 19 Jan 2016 07:58:19 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- libraries/unix/unix.cabal.orig Sun Jan  4 23:56:26 2015
> ++++ libraries/unix/unix.cabal Tue Jan 19 00:42:33 2016
> +@@ -109,6 +109,8 @@ library
> +         System.Posix.Terminal
> +         System.Posix.Terminal.ByteString
> +
> ++        System.OpenBSD.Process
> ++
> +     other-modules:
> +         System.Posix.Directory.Common
> +         System.Posix.DynamicLinker.Common

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Matthias Kilian
Hi,

On Tue, Jan 19, 2016 at 09:29:58AM +0100, Sebastien Marie wrote:
> Just a question, as I am unsure by just reading the code.

[...]

> > +pledge :: String -> [FilePath] -> IO ()
>
> Shouldn't be:
>
> pledge :: String -> Maybe [FilePath] -> IO ()
>
> in order to differenciate passing not second argument, and an empty
> array ?

Yes. Thanks for pointing me to it.

On Tue, Jan 19, 2016 at 08:24:06AM -0700, Aaron Bieber wrote:
> > Comments (and tests) are welcome.
>
> I believe there is a patch missing to copy files/Process.hs into
> libraries/unix/dist-install/build/System/OpenBSD/Process.hs

Oops.

Below is a hopefully correct and more complete diff. Again without
bump because I'll also merge -main and -doc.

I've loosely tested this with

1. pledge "stdio" Nothing

2. pledge "stdio" Nothing
        pledge "stdio dns" Nothing

        (which fails with EPERM)

3. pledge "stdio" (Just [])

        (fails with EINVAL)

4. pledge "stdio" (Just ["/tmp"])

        (also fails with EINVAL)

I also used ktrace to ensure that the correct system calls happen.

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/ghc/Makefile,v
retrieving revision 1.131
diff -u -p -r1.131 Makefile
--- Makefile 28 Dec 2015 19:18:52 -0000 1.131
+++ Makefile 19 Jan 2016 19:10:33 -0000
@@ -157,6 +157,11 @@ PORTHOME = ${WRKDIR}
 
 TEST_DEPENDS = print/ghostscript/gnu
 
+post-extract:
+ cd ${WRKSRC}/libraries/unix && \
+ mkdir -p System/OpenBSD && \
+ install -m 644 ${FILESDIR}/Process.hsc System/OpenBSD
+
 post-patch:
 # - Install a precompiled binary.
  cd ${WRKDIR}/ghc-${BIN_VER} && \
Index: files/Process.hsc
===================================================================
RCS file: files/Process.hsc
diff -N files/Process.hsc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/Process.hsc 19 Jan 2016 19:10:33 -0000
@@ -0,0 +1,26 @@
+{-# LANGUAGE Safe #-}
+
+module System.OpenBSD.Process ( pledge ) where
+
+import Foreign
+import Foreign.C
+import System.Posix.Internals ( withFilePath )
+
+pledge :: String -> Maybe [FilePath] -> IO ()
+
+pledge promises paths =
+  withCString promises $ \cproms ->
+  withPaths2Array0 paths $ \paths_arr ->
+  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
+
+withPaths2Array0 :: Maybe [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
+
+withPaths2Array0 Nothing f = f nullPtr
+
+withPaths2Array0 (Just paths) f =
+  withMany withFilePath paths $ \cstrs ->
+  withArray0 nullPtr cstrs $ \paths_arr ->
+  f paths_arr
+
+foreign import ccall unsafe "unistd.h pledge"
+  c_pledge :: CString -> Ptr CString -> IO CInt
Index: patches/patch-libraries_unix_unix_cabal
===================================================================
RCS file: patches/patch-libraries_unix_unix_cabal
diff -N patches/patch-libraries_unix_unix_cabal
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-libraries_unix_unix_cabal 19 Jan 2016 19:10:33 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- libraries/unix/unix.cabal.orig Sun Jan  4 23:56:26 2015
++++ libraries/unix/unix.cabal Tue Jan 19 00:42:33 2016
+@@ -109,6 +109,8 @@ library
+         System.Posix.Terminal
+         System.Posix.Terminal.ByteString
+
++        System.OpenBSD.Process
++
+     other-modules:
+         System.Posix.Directory.Common
+         System.Posix.DynamicLinker.Common

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Matthias Kilian
On Tue, Jan 19, 2016 at 08:22:54PM +0100, Matthias Kilian wrote:
> Below is a hopefully correct and more complete diff. Again without
> bump because I'll also merge -main and -doc.

Famous last words. I missed the plist changes. Will send a new diff
later (at the moment i'm rebuilding ghc).

Ciao,
        Kili

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Matthias Kilian
On Tue, Jan 19, 2016 at 08:43:17PM +0100, Matthias Kilian wrote:
> > Below is a hopefully correct and more complete diff. Again without
> > bump because I'll also merge -main and -doc.
>
> Famous last words. I missed the plist changes. Will send a new diff
> later (at the moment i'm rebuilding ghc).

Here it is. Works fine for me, so I'm going to commit this in a few
hours.

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/ghc/Makefile,v
retrieving revision 1.131
diff -u -p -r1.131 Makefile
--- Makefile 28 Dec 2015 19:18:52 -0000 1.131
+++ Makefile 20 Jan 2016 04:24:09 -0000
@@ -157,6 +157,11 @@ PORTHOME = ${WRKDIR}
 
 TEST_DEPENDS = print/ghostscript/gnu
 
+post-extract:
+ cd ${WRKSRC}/libraries/unix && \
+ mkdir -p System/OpenBSD && \
+ install -m 644 ${FILESDIR}/Process.hsc System/OpenBSD
+
 post-patch:
 # - Install a precompiled binary.
  cd ${WRKDIR}/ghc-${BIN_VER} && \
Index: files/Process.hsc
===================================================================
RCS file: files/Process.hsc
diff -N files/Process.hsc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/Process.hsc 20 Jan 2016 04:24:09 -0000
@@ -0,0 +1,26 @@
+{-# LANGUAGE Safe #-}
+
+module System.OpenBSD.Process ( pledge ) where
+
+import Foreign
+import Foreign.C
+import System.Posix.Internals ( withFilePath )
+
+pledge :: String -> Maybe [FilePath] -> IO ()
+
+pledge promises paths =
+  withCString promises $ \cproms ->
+  withPaths2Array0 paths $ \paths_arr ->
+  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
+
+withPaths2Array0 :: Maybe [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
+
+withPaths2Array0 Nothing f = f nullPtr
+
+withPaths2Array0 (Just paths) f =
+  withMany withFilePath paths $ \cstrs ->
+  withArray0 nullPtr cstrs $ \paths_arr ->
+  f paths_arr
+
+foreign import ccall unsafe "unistd.h pledge"
+  c_pledge :: CString -> Ptr CString -> IO CInt
Index: patches/patch-libraries_unix_unix_cabal
===================================================================
RCS file: patches/patch-libraries_unix_unix_cabal
diff -N patches/patch-libraries_unix_unix_cabal
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-libraries_unix_unix_cabal 20 Jan 2016 04:24:09 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- libraries/unix/unix.cabal.orig Sun Jan  4 23:56:26 2015
++++ libraries/unix/unix.cabal Tue Jan 19 00:42:33 2016
+@@ -109,6 +109,8 @@ library
+         System.Posix.Terminal
+         System.Posix.Terminal.ByteString
+
++        System.OpenBSD.Process
++
+     other-modules:
+         System.Posix.Directory.Common
+         System.Posix.DynamicLinker.Common
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/lang/ghc/pkg/PLIST-main,v
retrieving revision 1.17
diff -u -p -r1.17 PLIST-main
--- pkg/PLIST-main 2 Nov 2015 21:31:26 -0000 1.17
+++ pkg/PLIST-main 20 Jan 2016 04:24:09 -0000
@@ -2228,6 +2228,9 @@ lib/ghc/trans_${TRANSFORMERS_KEY}/libHSt
 lib/ghc/unix_${UNIX_KEY}/
 lib/ghc/unix_${UNIX_KEY}/HSunix-${UNIX_VER}-${UNIX_KEY}.o
 lib/ghc/unix_${UNIX_KEY}/System/
+lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/
+lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.hi
+lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.p_hi
 lib/ghc/unix_${UNIX_KEY}/System/Posix/
 lib/ghc/unix_${UNIX_KEY}/System/Posix.hi
 lib/ghc/unix_${UNIX_KEY}/System/Posix.p_hi

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Karel Gardas
Hello,

I've thought it would be nice if Haskell type checker would work into
our strength. Attached patch defines algebraic data type Promise and
use this for calling pledge sys call. The patch also provides two
version of Promise to string conversion function. One is explicit and
another is using show capability and just fixes prot_exec case.

Any comments highly appreciated.

Thanks,
Karel

Index: Process.hsc
===================================================================
RCS file: /cvs/ports/lang/ghc/files/Process.hsc,v
retrieving revision 1.1
diff -u -p -u -r1.1 Process.hsc
--- Process.hsc 20 Jan 2016 16:02:06 -0000      1.1
+++ Process.hsc 23 Jan 2016 13:15:42 -0000
@@ -1,14 +1,77 @@
 {-# LANGUAGE Safe #-}

-module System.OpenBSD.Process ( pledge ) where
+module System.OpenBSD.Process ( pledge, Promise(..) ) where

 import Foreign
 import Foreign.C
 import System.Posix.Internals ( withFilePath )
+import Data.Char

-pledge :: String -> Maybe [FilePath] -> IO ()
+data Promise = Stdio
+             | RPath
+             | WPath
+             | CPath
+             | DPath
+             | TmpPath
+             | Inet
+             | FAttr
+             | FLock
+             | Unix
+             | Dns
+             | GetPW
+             | SendFD
+             | RecvFD
+             | IOCtl
+             | Tty
+             | Proc
+             | Exec
+             | ProtExec
+             | SetTime
+             | Ps
+             | VMInfo
+             | Id
+             | Pf
+               deriving (Show)
+{-
+promise2String :: Promise -> String
+promise2String p = case p of
+  Stdio    -> "stdio"
+  RPath    -> "rpath"
+  WPath    -> "wpath"
+  CPath    -> "cpath"
+  DPath    -> "dpath"
+  TmpPath  -> "tmppath"
+  Inet     -> "inet"
+  FAttr    -> "fattr"
+  FLock    -> "flock"
+  Unix     -> "unix"
+  Dns      -> "dns"
+  GetPW    -> "getpw"
+  SendFD   -> "sendfd"
+  RecvFD   -> "recvfd"
+  IOCtl    -> "ioctl"
+  Tty      -> "tty"
+  Proc     -> "proc"
+  Exec     -> "exec"
+  ProtExec -> "prot_exec"
+  SetTime  -> "settime"
+  Ps       -> "ps"
+  VMInfo   -> "vminfo"
+  Id       -> "id"
+  Pf       -> "pf"
+-}

-pledge promises paths =
+promise2String :: Promise -> String
+promise2String p = case p of
+  ProtExec -> "prot_exec"
+  _        -> map toLower (show p)
+
+pledge :: [Promise] -> Maybe [FilePath] -> IO ()
+pledge promises = cpledge (unwords $ map promise2String promises)
+
+cpledge :: String -> Maybe [FilePath] -> IO ()
+
+cpledge promises paths =
   withCString promises $ \cproms ->
   withPaths2Array0 paths $ \paths_arr ->
   throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)

On Wed, Jan 20, 2016 at 5:38 AM, Matthias Kilian <[hidden email]> wrote:

> On Tue, Jan 19, 2016 at 08:43:17PM +0100, Matthias Kilian wrote:
>> > Below is a hopefully correct and more complete diff. Again without
>> > bump because I'll also merge -main and -doc.
>>
>> Famous last words. I missed the plist changes. Will send a new diff
>> later (at the moment i'm rebuilding ghc).
>
> Here it is. Works fine for me, so I'm going to commit this in a few
> hours.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ghc/Makefile,v
> retrieving revision 1.131
> diff -u -p -r1.131 Makefile
> --- Makefile    28 Dec 2015 19:18:52 -0000      1.131
> +++ Makefile    20 Jan 2016 04:24:09 -0000
> @@ -157,6 +157,11 @@ PORTHOME =         ${WRKDIR}
>
>  TEST_DEPENDS = print/ghostscript/gnu
>
> +post-extract:
> +       cd ${WRKSRC}/libraries/unix && \
> +       mkdir -p System/OpenBSD && \
> +       install -m 644 ${FILESDIR}/Process.hsc System/OpenBSD
> +
>  post-patch:
>  # - Install a precompiled binary.
>         cd ${WRKDIR}/ghc-${BIN_VER} && \
> Index: files/Process.hsc
> ===================================================================
> RCS file: files/Process.hsc
> diff -N files/Process.hsc
> --- /dev/null   1 Jan 1970 00:00:00 -0000
> +++ files/Process.hsc   20 Jan 2016 04:24:09 -0000
> @@ -0,0 +1,26 @@
> +{-# LANGUAGE Safe #-}
> +
> +module System.OpenBSD.Process ( pledge ) where
> +
> +import Foreign
> +import Foreign.C
> +import System.Posix.Internals ( withFilePath )
> +
> +pledge :: String -> Maybe [FilePath] -> IO ()
> +
> +pledge promises paths =
> +  withCString promises $ \cproms ->
> +  withPaths2Array0 paths $ \paths_arr ->
> +  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
> +
> +withPaths2Array0 :: Maybe [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
> +
> +withPaths2Array0 Nothing f = f nullPtr
> +
> +withPaths2Array0 (Just paths) f =
> +  withMany withFilePath paths $ \cstrs ->
> +  withArray0 nullPtr cstrs $ \paths_arr ->
> +  f paths_arr
> +
> +foreign import ccall unsafe "unistd.h pledge"
> +  c_pledge :: CString -> Ptr CString -> IO CInt
> Index: patches/patch-libraries_unix_unix_cabal
> ===================================================================
> RCS file: patches/patch-libraries_unix_unix_cabal
> diff -N patches/patch-libraries_unix_unix_cabal
> --- /dev/null   1 Jan 1970 00:00:00 -0000
> +++ patches/patch-libraries_unix_unix_cabal     20 Jan 2016 04:24:09 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- libraries/unix/unix.cabal.orig     Sun Jan  4 23:56:26 2015
> ++++ libraries/unix/unix.cabal  Tue Jan 19 00:42:33 2016
> +@@ -109,6 +109,8 @@ library
> +         System.Posix.Terminal
> +         System.Posix.Terminal.ByteString
> +
> ++        System.OpenBSD.Process
> ++
> +     other-modules:
> +         System.Posix.Directory.Common
> +         System.Posix.DynamicLinker.Common
> Index: pkg/PLIST-main
> ===================================================================
> RCS file: /cvs/ports/lang/ghc/pkg/PLIST-main,v
> retrieving revision 1.17
> diff -u -p -r1.17 PLIST-main
> --- pkg/PLIST-main      2 Nov 2015 21:31:26 -0000       1.17
> +++ pkg/PLIST-main      20 Jan 2016 04:24:09 -0000
> @@ -2228,6 +2228,9 @@ lib/ghc/trans_${TRANSFORMERS_KEY}/libHSt
>  lib/ghc/unix_${UNIX_KEY}/
>  lib/ghc/unix_${UNIX_KEY}/HSunix-${UNIX_VER}-${UNIX_KEY}.o
>  lib/ghc/unix_${UNIX_KEY}/System/
> +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/
> +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.hi
> +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.p_hi
>  lib/ghc/unix_${UNIX_KEY}/System/Posix/
>  lib/ghc/unix_${UNIX_KEY}/System/Posix.hi
>  lib/ghc/unix_${UNIX_KEY}/System/Posix.p_hi
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Matthias Kilian
Hi Karel,

On Sat, Jan 23, 2016 at 02:31:52PM +0100, Karel Gardas wrote:
> I've thought it would be nice if Haskell type checker would work into
> our strength. Attached patch defines algebraic data type Promise and
> use this for calling pledge sys call. The patch also provides two
> version of Promise to string conversion function. One is explicit and
> another is using show capability and just fixes prot_exec case.
>
> Any comments highly appreciated.

Well, it's of course more elegant, but it would also mean that
everytime a new pledge promise will be introduced or an existing
one removed, this type has to be changed. I don't know how stable
the set of promises of pledge(2) are, but it feels like a change
like this should be deferred until after 5.9.

Look at the changelogs of sys/pledge.h and sys/kern/kern_pledge.c
to get an idea about how things are still moving.

Ciao,
        Kili

ps: at least the "audio" "drm" and "vmm" promises are missing in
your diff, so now we know how old your installation is ;-)

> Index: Process.hsc
> ===================================================================
> RCS file: /cvs/ports/lang/ghc/files/Process.hsc,v
> retrieving revision 1.1
> diff -u -p -u -r1.1 Process.hsc
> --- Process.hsc 20 Jan 2016 16:02:06 -0000      1.1
> +++ Process.hsc 23 Jan 2016 13:15:42 -0000
> @@ -1,14 +1,77 @@
>  {-# LANGUAGE Safe #-}
>
> -module System.OpenBSD.Process ( pledge ) where
> +module System.OpenBSD.Process ( pledge, Promise(..) ) where
>
>  import Foreign
>  import Foreign.C
>  import System.Posix.Internals ( withFilePath )
> +import Data.Char
>
> -pledge :: String -> Maybe [FilePath] -> IO ()
> +data Promise = Stdio
> +             | RPath
> +             | WPath
> +             | CPath
> +             | DPath
> +             | TmpPath
> +             | Inet
> +             | FAttr
> +             | FLock
> +             | Unix
> +             | Dns
> +             | GetPW
> +             | SendFD
> +             | RecvFD
> +             | IOCtl
> +             | Tty
> +             | Proc
> +             | Exec
> +             | ProtExec
> +             | SetTime
> +             | Ps
> +             | VMInfo
> +             | Id
> +             | Pf
> +               deriving (Show)
> +{-
> +promise2String :: Promise -> String
> +promise2String p = case p of
> +  Stdio    -> "stdio"
> +  RPath    -> "rpath"
> +  WPath    -> "wpath"
> +  CPath    -> "cpath"
> +  DPath    -> "dpath"
> +  TmpPath  -> "tmppath"
> +  Inet     -> "inet"
> +  FAttr    -> "fattr"
> +  FLock    -> "flock"
> +  Unix     -> "unix"
> +  Dns      -> "dns"
> +  GetPW    -> "getpw"
> +  SendFD   -> "sendfd"
> +  RecvFD   -> "recvfd"
> +  IOCtl    -> "ioctl"
> +  Tty      -> "tty"
> +  Proc     -> "proc"
> +  Exec     -> "exec"
> +  ProtExec -> "prot_exec"
> +  SetTime  -> "settime"
> +  Ps       -> "ps"
> +  VMInfo   -> "vminfo"
> +  Id       -> "id"
> +  Pf       -> "pf"
> +-}
>
> -pledge promises paths =
> +promise2String :: Promise -> String
> +promise2String p = case p of
> +  ProtExec -> "prot_exec"
> +  _        -> map toLower (show p)
> +
> +pledge :: [Promise] -> Maybe [FilePath] -> IO ()
> +pledge promises = cpledge (unwords $ map promise2String promises)
> +
> +cpledge :: String -> Maybe [FilePath] -> IO ()
> +
> +cpledge promises paths =
>    withCString promises $ \cproms ->
>    withPaths2Array0 paths $ \paths_arr ->
>    throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
>
> On Wed, Jan 20, 2016 at 5:38 AM, Matthias Kilian <[hidden email]> wrote:
> > On Tue, Jan 19, 2016 at 08:43:17PM +0100, Matthias Kilian wrote:
> >> > Below is a hopefully correct and more complete diff. Again without
> >> > bump because I'll also merge -main and -doc.
> >>
> >> Famous last words. I missed the plist changes. Will send a new diff
> >> later (at the moment i'm rebuilding ghc).
> >
> > Here it is. Works fine for me, so I'm going to commit this in a few
> > hours.
> >
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/ports/lang/ghc/Makefile,v
> > retrieving revision 1.131
> > diff -u -p -r1.131 Makefile
> > --- Makefile    28 Dec 2015 19:18:52 -0000      1.131
> > +++ Makefile    20 Jan 2016 04:24:09 -0000
> > @@ -157,6 +157,11 @@ PORTHOME =         ${WRKDIR}
> >
> >  TEST_DEPENDS = print/ghostscript/gnu
> >
> > +post-extract:
> > +       cd ${WRKSRC}/libraries/unix && \
> > +       mkdir -p System/OpenBSD && \
> > +       install -m 644 ${FILESDIR}/Process.hsc System/OpenBSD
> > +
> >  post-patch:
> >  # - Install a precompiled binary.
> >         cd ${WRKDIR}/ghc-${BIN_VER} && \
> > Index: files/Process.hsc
> > ===================================================================
> > RCS file: files/Process.hsc
> > diff -N files/Process.hsc
> > --- /dev/null   1 Jan 1970 00:00:00 -0000
> > +++ files/Process.hsc   20 Jan 2016 04:24:09 -0000
> > @@ -0,0 +1,26 @@
> > +{-# LANGUAGE Safe #-}
> > +
> > +module System.OpenBSD.Process ( pledge ) where
> > +
> > +import Foreign
> > +import Foreign.C
> > +import System.Posix.Internals ( withFilePath )
> > +
> > +pledge :: String -> Maybe [FilePath] -> IO ()
> > +
> > +pledge promises paths =
> > +  withCString promises $ \cproms ->
> > +  withPaths2Array0 paths $ \paths_arr ->
> > +  throwErrnoIfMinus1_ "pledge" (c_pledge cproms paths_arr)
> > +
> > +withPaths2Array0 :: Maybe [FilePath] -> (Ptr (Ptr CChar) -> IO a) -> IO a
> > +
> > +withPaths2Array0 Nothing f = f nullPtr
> > +
> > +withPaths2Array0 (Just paths) f =
> > +  withMany withFilePath paths $ \cstrs ->
> > +  withArray0 nullPtr cstrs $ \paths_arr ->
> > +  f paths_arr
> > +
> > +foreign import ccall unsafe "unistd.h pledge"
> > +  c_pledge :: CString -> Ptr CString -> IO CInt
> > Index: patches/patch-libraries_unix_unix_cabal
> > ===================================================================
> > RCS file: patches/patch-libraries_unix_unix_cabal
> > diff -N patches/patch-libraries_unix_unix_cabal
> > --- /dev/null   1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-libraries_unix_unix_cabal     20 Jan 2016 04:24:09 -0000
> > @@ -0,0 +1,12 @@
> > +$OpenBSD$
> > +--- libraries/unix/unix.cabal.orig     Sun Jan  4 23:56:26 2015
> > ++++ libraries/unix/unix.cabal  Tue Jan 19 00:42:33 2016
> > +@@ -109,6 +109,8 @@ library
> > +         System.Posix.Terminal
> > +         System.Posix.Terminal.ByteString
> > +
> > ++        System.OpenBSD.Process
> > ++
> > +     other-modules:
> > +         System.Posix.Directory.Common
> > +         System.Posix.DynamicLinker.Common
> > Index: pkg/PLIST-main
> > ===================================================================
> > RCS file: /cvs/ports/lang/ghc/pkg/PLIST-main,v
> > retrieving revision 1.17
> > diff -u -p -r1.17 PLIST-main
> > --- pkg/PLIST-main      2 Nov 2015 21:31:26 -0000       1.17
> > +++ pkg/PLIST-main      20 Jan 2016 04:24:09 -0000
> > @@ -2228,6 +2228,9 @@ lib/ghc/trans_${TRANSFORMERS_KEY}/libHSt
> >  lib/ghc/unix_${UNIX_KEY}/
> >  lib/ghc/unix_${UNIX_KEY}/HSunix-${UNIX_VER}-${UNIX_KEY}.o
> >  lib/ghc/unix_${UNIX_KEY}/System/
> > +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/
> > +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.hi
> > +lib/ghc/unix_${UNIX_KEY}/System/OpenBSD/Process.p_hi
> >  lib/ghc/unix_${UNIX_KEY}/System/Posix/
> >  lib/ghc/unix_${UNIX_KEY}/System/Posix.hi
> >  lib/ghc/unix_${UNIX_KEY}/System/Posix.p_hi
> >

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Karel Gardas
Hi Kili,

On Sat, Jan 23, 2016 at 10:54 PM, Matthias Kilian
<[hidden email]> wrote:

> Well, it's of course more elegant, but it would also mean that
> everytime a new pledge promise will be introduced or an existing
> one removed, this type has to be changed. I don't know how stable
> the set of promises of pledge(2) are, but it feels like a change
> like this should be deferred until after 5.9.

I tend to agree, but on the other hand. Hmm, I guess you did this as
you've been motivated to pledge some of haskell-based binaries you
maintain packages for? If so, then with your approach if some promise
is removed and you use it in package binary, then you will not find
this by building the package but only by running it (EINVAL return
value from pledge). On the other hand if you do this more
type-constrained way (like I non-perfectly try), then you will find
this kind of issues just by compiling the package -- so wil it save
your time or not? :-)

Anyway, sure, I've thought about writing hs-pledge myself, but just
after 5.9 to see how the interface evolve so you are really quick on
this, kudos to you!

> ps: at least the "audio" "drm" and "vmm" promises are missing in
> your diff, so now we know how old your installation is ;-)

*red face here* :-) -- hmm, I'm too lazy to do cvs -> git/fossil sync
here that often, I keep whole tree in git (and one branch in fossil)
since I still work on SR-RAID1C and both are more convenient for me
than plain anon-CVS. Still learning how to do this properly...

Thanks,
Karel

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pledge(2) binding for Haskell

Matthias Kilian
Hi, (and sorry for the delay)

On Sat, Jan 23, 2016 at 11:31:00PM +0100, Karel Gardas wrote:
> > Well, it's of course more elegant, but it would also mean that
> > everytime a new pledge promise will be introduced or an existing
> > one removed, this type has to be changed. I don't know how stable
> > the set of promises of pledge(2) are, but it feels like a change
> > like this should be deferred until after 5.9.
>
> I tend to agree, but on the other hand. Hmm, I guess you did this as
> you've been motivated to pledge some of haskell-based binaries you
> maintain packages for?

abieber@ talked a little bit about pledging xmonad, so i added the
binding.

I'll try to pledge darcs (which requires me to re-enable the testsuite
first). Maybe also alex, happy, cabal-install and ghc itself (but
not the interactive mode, because it dynamically loads your libraries
which can do *anything*)

> If so, then with your approach if some promise
> is removed and you use it in package binary, then you will not find
> this by building the package but only by running it (EINVAL return
> value from pledge). On the other hand if you do this more
> type-constrained way (like I non-perfectly try), then you will find
> this kind of issues just by compiling the package -- so wil it save
> your time or not? :-)

It depends on wether packages are closely up-to-date and you're
updating packages after updating the base system.

But another reason I won't to use just the string argument for the
promises is that I don't want to have to update ghc whenever the
set of valid promises change. So, *if* the set changes, anyone can
adopt it to any haskell program immediately, without waiting for
the changes to appear in the ghc port (or in ghc packages for people
just using packages).

Again, as said: this is just for now. I'm not against it for after
the 5.9 release.

Ciao,
        Kili

Loading...