Menu
▾
▴
Re: [Isolated-exec-devel] Linux Sandbox Question (was Re: Isolated Execution release v0.0.2)
|
From: Passera, P. R <pab...@in...> - 2009-02-05 12:58:02
|
>I manually connect to the Linux sandbox with telnet like: > >telnet 192.168.0.3 8888 >Trying 192.168.0.3... >Connected to 192.168.0.3. >Escape character is '^]'. >SEND APPLICATION NAME/home/delegator/notepad.exe >SEND APPLICATION PARAMETER >CMD=ACK_RUN_ERROR|CMD=ACK_RELEASE|Connection closed by foreign host. There are two things. First you have to connect to port 9999 in the SandBox not port 8888. Let me give you a brief description of the SandBox arch. There are two applications there, a service listening in port 9999 and an application launcher listening in port 8888. We had to do that because it was not possible to launch an windows application from a service, it does not have any console attached to it (maybe this is possible but we did not find a way to do it). So, when the service receives the command from Dom0 it forwards this command to the application launcher. Then the application launcher runs the executable. The communication between the service and the application launcher is done through TCP, so the messages that you are seeing are from the application launcher. The other thing is the message format. After connecting with port 9999 you will get the message CMD=ACK|. Then you have to send the application name as it were Dom0. The format for that is CMD=MIGRATED|APP=any|SRC=c:\\cygwin\\tmp\\notepad.exe APP indicates if the file has to be open with another executable (like a .doc must be open with word, then word would be in APP). SRC indicates the location in the SandBox where Dom0 copied the file Theoretically, you can connect directly to the application launcher but I have to take a look to the protocol between the service and the launcher. Let me know if you want to do that. > >With my modified Migration module on the Linux Sandbox I get: > >Application Launcher for Isolated Execution - Beta 0.0.1 >Starting server... >Linux Sandbox Accepting connections in port 8888 >New connection... > >Linux Sandbox Accepting connections in port 8888 >APP_NAME: /home/delegator/notepad.exe >APP_PARAM: > hmodCommand test: chmod 777 wine /home/delegator/notepad.exe >'hanging permissions 'chmod 777 wine /home/delegator/notepad.exe >fixme:winsock:WSAIoctl SIO_FLUSH: stub. >Errors changing the permissions We had to change the file permissions after the copy because it was being copied without exec permission in the sandbox. The 'error changing permissions' may be related to the user that is used to run wine? If the program gets that error it exits and does not try to run the application. >fixme:winsock:WSAIoctl SIO_FLUSH: stub. > terminatede/delegator/notepad.exe >Closing connection with client > SIO_FLUSH is used to flush the winsock after sending a packet. That may not be implemented in that wine version. However, I think there is no problem with that. If you remove that line from the launcher, it should work. >Is there a limitation with wine or am I simply missing some windows >libraries or similar? > >I could try a newer version of wine if needed - I'm using wine-1.0.1 >on Ubuntu 8.10. You can try, but I think that the problem is related with changing the file permissions and that does not depend on the wine version. Regards, Pablo >-----Original Message----- >From: Todd Deshane [mailto:des...@gm...] >Sent: Wednesday, February 04, 2009 7:07 PM >To: Passera, Pablo R >Cc: iso...@li... >Subject: Linux Sandbox Question (was Re: Isolated Execution release >v0.0.2) > >On Wed, Feb 4, 2009 at 1:29 PM, Passera, Pablo R ><pab...@in...> wrote: >> >> You can test it installing again the modules in Dom0, the UserVM and >the SandboxVM only. It should work. > >I will get to this... (See below) > >> >> >> >> > I think I found the code that I plan to modify to get a Linux >Sandbox, I will be taking a closer look and seeing if I can't get the >code to compile (either with a cross compile solution or in wine). >> >> >> >> Great. Let me know if you need more info about it. >> >> > >I am doing some manual testing with a Linux sandbox VM with the >migration module installed via wine. > >I manually connect to the Linux sandbox with telnet like: > >telnet 192.168.0.3 8888 >Trying 192.168.0.3... >Connected to 192.168.0.3. >Escape character is '^]'. >SEND APPLICATION NAME/home/delegator/notepad.exe >SEND APPLICATION PARAMETER >CMD=ACK_RUN_ERROR|CMD=ACK_RELEASE|Connection closed by foreign host. > >With my modified Migration module on the Linux Sandbox I get: > >Application Launcher for Isolated Execution - Beta 0.0.1 >Starting server... >Linux Sandbox Accepting connections in port 8888 >New connection... > >Linux Sandbox Accepting connections in port 8888 >APP_NAME: /home/delegator/notepad.exe >APP_PARAM: > hmodCommand test: chmod 777 wine /home/delegator/notepad.exe >'hanging permissions 'chmod 777 wine /home/delegator/notepad.exe >fixme:winsock:WSAIoctl SIO_FLUSH: stub. >Errors changing the permissions >fixme:winsock:WSAIoctl SIO_FLUSH: stub. > terminatede/delegator/notepad.exe >Closing connection with client > >Is there a limitation with wine or am I simply missing some windows >libraries or similar? > >I could try a newer version of wine if needed - I'm using wine-1.0.1 >on Ubuntu 8.10. > >Thanks, >Todd > >P.S. I am planning on demoing Isolated Execution (0.0.1) tonight at an >open source meeting at my university, then once I get time I'll test >0.0.2 > >-- >Todd Deshane >http://todddeshane.net >http://runningxen.com |
