[sb2] Fix compatibility with LD_PRELOAD-based tools. JB#61781

lua_scripts/add_rules_to_rule_tree.lua

@@ -311,6 +311,7 @@ local valid_keywords_in_exec_policy = {
 	native_app_ld_library_path_prefix = "string",
 	native_app_ld_library_path_suffix = "string",
 	native_app_ld_preload_prefix = "string",
+	native_app_ld_preload_suffix = "string",
 
 	native_app_ld_so = "string",
 	native_app_ld_so_rpath_prefix = "string",

modes/accel/exec_rules.lua

@@ -72,7 +72,7 @@ exec_policy_tools = {
 	native_app_ld_library_path_prefix = devel_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = devel_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = devel_mode_locale_path,
 	native_app_gconv_path = devel_mode_gconv_path,
@@ -94,7 +94,7 @@ exec_policy_tools_perl = {
 	native_app_ld_library_path_prefix = devel_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = devel_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = devel_mode_locale_path,
 	native_app_gconv_path = devel_mode_gconv_path,
@@ -116,7 +116,7 @@ exec_policy_tools_python = {
 	native_app_ld_library_path_prefix = devel_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = devel_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = devel_mode_locale_path,
 	native_app_gconv_path = devel_mode_gconv_path,
@@ -169,7 +169,7 @@ exec_policy_target = {
 
 	native_app_locale_path = conf_target_locale_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_ld_library_path_prefix = devel_mode_target_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = devel_mode_target_ld_library_path_suffix,

modes/emulate+toolchain+utils/exec_rules.lua

@@ -11,12 +11,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 -- For target binaries:
@@ -64,7 +64,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	exec_flags = EXEC_FLAGS_FORCE_CPU_TRANSPARENCY,
 }
@@ -115,7 +115,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/emulate+toolchain/exec_rules.lua

@@ -11,12 +11,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 -- For target binaries:
@@ -64,7 +64,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	exec_flags = EXEC_FLAGS_FORCE_CPU_TRANSPARENCY,
 }
@@ -115,7 +115,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/emulate/exec_rules.lua

@@ -11,7 +11,7 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 -- For target binaries:
@@ -59,7 +59,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	exec_flags = EXEC_FLAGS_FORCE_CPU_TRANSPARENCY,
 }
@@ -110,7 +110,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/obs-deb-build/exec_rules.lua

@@ -15,12 +15,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 -- For target binaries:
@@ -68,7 +68,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 --
@@ -121,7 +121,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	script_log_level = "debug",
 	script_log_message = "SCRIPT from tools",
@@ -140,7 +140,7 @@ local exec_policy_tools_perl = {
 	native_app_ld_library_path_prefix = emulate_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = emulate_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
@@ -162,7 +162,7 @@ local exec_policy_tools_python = {
 	native_app_ld_library_path_prefix = emulate_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = emulate_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,

modes/obs-deb-build/sb2rc

@@ -39,6 +39,14 @@ case "$sb2rc_mode" in
 		SBOX_WRAPPERS="gdb ldconfig pwd fakeroot"
 		;;
 
+	ldconfig)
+		# When ldconfig is used at build time, then it must be the case
+		# that it is used on the build artefacts (with the help of the
+		# '-n' option), so locking it to the target root would not be
+		# desired.
+		sbox_ldconfig_root=/
+		;;
+
 	*)
 		# Default.
 		;;

modes/obs-deb-install/exec_rules.lua

@@ -16,12 +16,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 -- For target binaries:
@@ -69,7 +69,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 --
@@ -118,7 +118,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/obs-rpm-build+pp/exec_rules.lua

@@ -11,12 +11,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 -- For target binaries:
@@ -64,7 +64,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 --
@@ -117,7 +117,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	script_log_level = "debug",
 	script_log_message = "SCRIPT from tools",
@@ -136,7 +136,7 @@ local exec_policy_tools_perl = {
 	native_app_ld_library_path_prefix = emulate_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = emulate_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
@@ -158,7 +158,7 @@ local exec_policy_tools_python = {
 	native_app_ld_library_path_prefix = emulate_mode_tools_ld_library_path_prefix,
 	native_app_ld_library_path_suffix = emulate_mode_tools_ld_library_path_suffix,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,

modes/obs-rpm-build+pp/sb2rc

@@ -39,6 +39,14 @@ case "$sb2rc_mode" in
 		SBOX_WRAPPERS="gdb ldconfig pwd fakeroot"
 		;;
 
+	ldconfig)
+		# When ldconfig is used at build time, then it must be the case
+		# that it is used on the build artefacts (with the help of the
+		# '-n' option), so locking it to the target root would not be
+		# desired.
+		sbox_ldconfig_root=/
+		;;
+
 	*)
 		# Default.
 		;;

modes/obs-rpm-build/exec_rules.lua

@@ -12,12 +12,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 -- For target binaries:
@@ -65,7 +65,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 --
@@ -114,7 +114,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/obs-rpm-build/sb2rc

@@ -39,6 +39,14 @@ case "$sb2rc_mode" in
 		SBOX_WRAPPERS="gdb ldconfig pwd fakeroot"
 		;;
 
+	ldconfig)
+		# When ldconfig is used at build time, then it must be the case
+		# that it is used on the build artefacts (with the help of the
+		# '-n' option), so locking it to the target root would not be
+		# desired.
+		sbox_ldconfig_root=/
+		;;
+
 	*)
 		# Default.
 		;;

modes/obs-rpm-install/exec_rules.lua

@@ -12,12 +12,12 @@ rule_file_interface_version = "203"
 
 exec_policy_host = {
 	name = "Host",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 exec_policy_toolchain = {
 	name = "Toolchain",
-	native_app_ld_preload_prefix = host_ld_preload_libsb2,
+	native_app_ld_preload_suffix = host_ld_preload_libsb2,
 }
 
 -- For target binaries:
@@ -65,7 +65,7 @@ local exec_policy_target = {
 	native_app_locale_path = conf_target_locale_path,
 	native_app_gconv_path = conf_target_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 --
@@ -114,7 +114,7 @@ local exec_policy_tools = {
 	native_app_locale_path = conf_tools_locale_path,
 	native_app_gconv_path = conf_tools_gconv_path,
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 }
 
 

modes/simple/exec_rules.lua

@@ -21,7 +21,7 @@ end
 default_exec_policy = {
 	name = "Default",
 
-	native_app_ld_preload_prefix = host_ld_preload,
+	native_app_ld_preload_suffix = host_ld_preload,
 
 	native_app_ld_library_path_prefix = 
 		host_ld_library_path_prefix ..