Pango & jailing

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Pango & jailing

vigna
OK, I know I should have tried before, but I'm really in a mess these
days.

Pango does not work with jailing. It loads dynamically modules after the
jailing.

Is there any way to somehow setup/startup/whatever Pango before the
jailing? I think this would solve the problem.
--
Ciao,

                                        seba


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond
Reply | Threaded
Open this post in threaded view
|

Re: Pango & jailing

Han-Wen Nienhuys
Sebastiano Vigna wrote:
> OK, I know I should have tried before, but I'm really in a mess these
> days.
>
> Pango does not work with jailing. It loads dynamically modules after the
> jailing.
>
> Is there any way to somehow setup/startup/whatever Pango before the
> jailing? I think this would solve the problem.

I'd expect that it loads the modules based on the languages it finds in
the input. I guess it would be easiest to copy the modules (together
with the fonts, and fontconfig configuration) into the jail, and use
ARGV0_RELOCATION (see main.cc) to make them find the relevant files.

--
  Han-Wen Nienhuys - [hidden email] - http://www.xs4all.nl/~hanwen


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond
Reply | Threaded
Open this post in threaded view
|

Re: Pango & jailing

vigna
On Fri, 2005-06-17 at 14:30 +0200, Han-Wen Nienhuys wrote:
> Sebastiano Vigna wrote:
> I'd expect that it loads the modules based on the languages it finds in
> the input. I guess it would be easiest to copy the modules (together
> with the fonts, and fontconfig configuration) into the jail, and use
> ARGV0_RELOCATION (see main.cc) to make them find the relevant files.

ARGV0_RELOCATION was not needed, but I had to remove the noexec from the
mount, which makes the cage less secure (albeit still reasonably
secure). I have no time to find another solution now. In any case, the
manual must be updated, as there are things that should be copied that
it doesn't mention presently, and noexec must be eliminated.

Some time ago I think you mentioned that --png was all that was needed
to get snippet compiled. But unfortunately it doesn't.

Presently, in fact, I cannot compile at all snippets with the ps
backend:

test.ly:2:32: In procedure module-lookup in expression
(ly:parser-print-score p (ly:music-scorify m p)):
test.ly:2:32: unbound variable: output-classic-framework

The tex backend is not better:

/usr/share/lilypond/2.5.31/scm/framework-tex.scm:348:13: In expression
(ly:kpathsea-expand-variable "$extra_mem_top"):
/usr/share/lilypond/2.5.31/scm/framework-tex.scm:348:13: Unbound
variable: ly:kpathsea-expand-variable

So I'm completely stuck at this point. I cannot compile snippets (even
snippets from the manual), and apparently there is no way to get an EPS
file "cut around" the output (as I used to do using dvips). There is an
--eps option in the manual (Section 5.2), but it is missing from the
program help and in fact it doesn't work.

I've been certainly a bit naïve in estimating the change of setup to
pass to 2.5.31...
--
Ciao,

                                        seba


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond
Reply | Threaded
Open this post in threaded view
|

Re: Pango & jailing

Han-Wen Nienhuys
Sebastiano Vigna wrote:

> ARGV0_RELOCATION was not needed, but I had to remove the noexec from the
> mount, which makes the cage less secure (albeit still reasonably
> secure).

Hmm. you can create arbitrary binaries using GUILE, so any local exploit
is promoted to remote automatically.

Another option is to compile pango statically, and link it statically.

> I have no time to find another solution now. In any case, the
> manual must be updated, as there are things that should be copied that
> it doesn't mention presently, and noexec must be eliminated.
>
> Some time ago I think you mentioned that --png was all that was needed
> to get snippet compiled. But unfortunately it doesn't.
>
> Presently, in fact, I cannot compile at all snippets with the ps
> backend:
>
> So I'm completely stuck at this point. I cannot compile snippets (even
> snippets from the manual), and apparently there is no way to get an EPS
> file "cut around" the output (as I used to do using dvips). There is an
> --eps option in the manual (Section 5.2), but it is missing from the
> program help and in fact it doesn't work.
>

2.5 uses the eps backend (based on the ps backend),

  lilypond -b eps

which dumps separate systems as eps files without fonts, and complete
scores as EPS files with fonts.

They need a bit of magic, which is above the

   %%% start cut & pastable section %%%

marker over the .ly snippets when you take them from the manual directly

--
  Han-Wen Nienhuys - [hidden email] - http://www.xs4all.nl/~hanwen


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond
Reply | Threaded
Open this post in threaded view
|

Re: Pango & jailing

vigna
On Fri, 2005-06-17 at 18:25 +0200, Han-Wen Nienhuys wrote:

> Hmm. you can create arbitrary binaries using GUILE, so any local exploit
> is promoted to remote automatically.
> Another option is to compile pango statically, and link it statically.

I'll try this.

> 2.5 uses the eps backend (based on the ps backend),

OK, I confused the backend with the output format.


> They need a bit of magic, which is above the
>
>    %%% start cut & pastable section %%%
>
> marker over the .ly snippets when you take them from the manual directly

That's already done, or LSR wouldn't work at all.

Things are a little bit better. The output of the ps backend still
crashes gv and it is not displayed by ggv. Moreover, convert
(ImageMagick) stopped working because of the ghostscript 8.15 rpm--I'm
trying to understand if that can be fixed.

I'm trying to use the --png format with the eps backend, setting the
resolution.
--
Ciao,

                                        seba


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond
Reply | Threaded
Open this post in threaded view
|

Re: Pango & jailing

Han-Wen Nienhuys
Sebastiano Vigna wrote:

> Things are a little bit better. The output of the ps backend still
> crashes gv and it is not displayed by ggv.

gv? you mean gs?

> Moreover, convert
> (ImageMagick) stopped working because of the ghostscript 8.15 rpm--I'm
> trying to understand if that can be fixed.

there's a ghostscript-libs compatibility rpm on lilypond.org.



--
  Han-Wen Nienhuys - [hidden email] - http://www.xs4all.nl/~hanwen


_______________________________________________
bug-lilypond mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/bug-lilypond