Capsicum User Space 2

In the previous post, we took some steps to try and get libcapability from capsicum-core compiling. I am sad to say that after continued hurdle jumping, it seems to be a bridge too far.

This post is to leave behind bread crumbs so that the next adventurer can get a head start in their battle.

The final error in the previous adventure was a missing header file, the seemingly innocuous <sys/sbuf.h>. I did some digging around this header and found that it was a kernel level support library for safe string handling. There is a userland version from BSD called libsbuf, which can be downloaded here. When I tried to build this library, there were a number of issues with the source code. First, the code for libsbuf depended on finding <sys/sbuf.h>… lol. Luckily it shipped with an sbuf.h, which I copied into /usr/include/sys/. The sbuf.h header file, unfortunately, needed some changes made as well. First, there was a reference to sys/_types.h, which was easily fixed by removing the underscore. Next, there were some macros that were undefined, so I found reference implementations of these on the interwebs:

#ifndef __printflike
#    define __printflike(fmtarg, firstvararg)       /* nothing */
#    define __scanflike(fmtarg, firstvararg)        /* nothing */
#    define __format_arg(fmtarg)                    /* nothing */

Next, there was the use of a __va_list type that I couldn’t locate a definition for. I ended up just removing this function.

With these changes to the hijacked sbuf.h, I tried to make libcapability again, only to get this error (and a host of others following it):

libcapability_host.c:86:42: error: expected ')' before 'const'

Looking at the code, I saw a reference to __unused. Given the experience in the previous posts with the __packed attribute, I assumed this was something similar. Turns out that this was a BSD-ism. After a bit of hunting around, this was a rather easy fix by using the gcc attribute __attribute__ ((__unused__)) instead. Additionally, this same file needed our __DECONST definition added to it:

#ifndef __DECONST
#define __DECONST(type, var)    ((type)(uintptr_t)(const void *)(var))

With these changes in place, I again bravely issued the make command only to deflate and slide to the floor in depression at the sight of this error:

_host.c  -fPIC -DPIC -o .libs/libcapability_host.o
libcapability_host.c: In function 'lch_installfds':
libcapability_host.c:146:2: error: implicit declaration of function 'closefrom' [-Werror=implicit-function-declaration]

This error informs me that the file needs an implementation of closefrom, a serious BSD-ism.

I think perhaps a better route will be a re-write of libcapability from scratch :-(