/pseudo

A utility for emulating root privileges

Primary LanguageCGNU Lesser General Public License v2.1LGPL-2.1

pseudo -- an analogue to sudo

IMPORTANT NOTE:

As of this writing, the official home for pseudo's git repository has
changed to:
	git://git.yoctoproject.org/pseudo

The old site at:
	https://github.com/wrpseudo/pseudo

is no longer the "real" master, although I'll probably try to keep it in
sync.

OVERVIEW:

The pseudo utility offers a way to run commands in a virtualized "root"
environment, allowing ordinary users to run commands which give the illusion
of creating device nodes, changing file ownership, and otherwise doing
things necessary for creating distribution packages or filesystems.

To configure, run the provided configure script.  Note that this is
NOT an autoconf script.

Configure options:
	    --prefix=/path/to/install/dir
	    --with-sqlite=/path/to/sqlite/dir
	    --bits={32,64}
	    --suffix=<text>
	    --enable-static-sqlite
	    --with-sqlite-lib
	    --libdir=...
	    --enable-memory-db
	    --enable-force-async
	    --with-sqlite-lib=...
	    --enable-static-sqlite
	    --with-static-sqlite=...
	    --with-rpath=...|--without-rpath
	    --cflags=''

There is no default prefix.  The default for sqlite is /usr, and for
bits is 32.  You need a reasonably modern sqlite3 -- it has to have
sqlite3_clear_bindings(), which at least one default sqlite3 install
did not.  (But that was dated 2006, so I'm not sure this will affect
most readers.)

The suffix value can be used to append a particular text string to file
names (such as libpseudo<suffix>.so).  This was used in the WR environment
to create libpseudo-<host_libc_md5sum>.so, to ensure that libpseudo was
rebuilt if the host libc changed.

This code is not particularly portable, but works on Linux and also
on 64-bit Intel Darwin systems.

Limited user documentation is provided in the given man page files (these
are not currently installed, merely provided in the source directory), and
some documentation on internals is provided in the doc/ directory.

The memory-db option uses an in-memory SQLite database, which is flushed
to disk on failures. It's disabled by default with SQLite 3.6 and earlier
due to performance weirdness.

The --enable-force-async option causes wrappers for fsync() and friends to
all return "success" instantly unless PSEUDO_ALLOW_FSYNC was set in the
environment when the client initialized (usually after a fork or exec).


FUTURE DIRECTIONS:

* The chroot() functionality is incomplete, though now sufficient for
  the real-world use cases we've tried.
* I have no intention of converting to autoconf.  It is the wrong tool
  for the job.

Please feel free to send bug feedback, change requests, or general
commentary.


ACKNOWLEDGEMENTS:

My various coworkers, both engineering and management, made this possible.
While I did most of the actual typing, this code has benefitted greatly
from detailed code reviews, excellent reproducers for bugs, and the
consistent support of the whole group for the project.  It's been a great
deal of fun, and I'm pretty happy that we're finally ready to make it
available for other people to look at.


CONTACT:

Discussions and patches should be directed at the openembedded-core mailing
list at openembedded-core at lists.openembedded.org. More information at
https://www.openembedded.org/wiki/Mailing_lists. Bugs should be filed with
the Yocto project at https://bugzilla.yoctoproject.org/.