Nova/PyJail
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: Nova:edge
Branches Tags
Nova:main Nova:edge Nova:no-posix Nova:next
Nova:0.2.1-next1 Nova:0.2.0-main1
..
compare: Nova:no-posix
Branches Tags
Nova:edge Nova:no-posix Nova:next Nova:main
Nova:0.2.1-next1 Nova:0.2.0-main1

2 Commits
edge ... no-posix

Author SHA1 Message Date
Nova
6d312905af Update README 
Goes for all branches
 2024-11-23 13:13:47 +01:00
Nova
86fe1ba8b7 Add no-posix files. 2024-11-22 19:36:13 +01:00
8 changed files with 140 additions and 475 deletions
Expand all files Collapse all files

38
README.md
View File

@@ -5,8 +5,8 @@ It allows you to jail Python programs in a closed off filesystem
## How to install
Installing PyJail is really simple! Just run `python3 ./install.py`
(for Windows `py .\install.py`) in the directory where the files are stored!
Installing PyJail is really simple! Just run `python3 ./install.py` in the directory
where the files are stored!
## Compatibility
@@ -14,7 +14,6 @@ As of now we're still working on a custom Python interpreter to make all program
fully jailing compatible, sadly enough it's quite hard work.
So as of now it is compatible with all Python programs, **but** only some will be
properly confined.
There is a converter to automatically convert tools, but some still aren't compatible yet.
## POSIX compatibility
@@ -23,46 +22,17 @@ made for Linux to also run natively on Windows. This is more meant for Windows
versions that don't feature WSL (Windows 7/8/8.1) but still need to run some
Linux only scripts.
## Bundled programs
To keep the installation extremely small in size and footprint, the bundled programs are also
extremely small. Currently we bundle 3 programs:
### `sh.py` (While installed: `/bin/sh` or `/usr/bin/sh` or `/usr/bin/shell.py`)
A very simple shell, just does directory navigation and installs packages.
### `ledit.py` (While installed: `/usr/bin/ledit.py`)
A simple line text editor. Meant for extreme simplicity.
### `autoconvert.py` (While installed: `/usr/bin/autoconvert.py`)
A converter to convert Python programs to be compatible with the jailed filesystem.
We recommend getting essential packages like a proper shell and the UwUGet package manager.
## The 4 branches
### The 4 branches
Which branch works best for you?
Well, that's pretty simple. We have 4 branches (`main`, `next`, `edge` and `no-posix`).
If you want the most stable experience, then the `main` branch is for you.
If you want the lastest features, but also a more stable experience (compared to `edge`),
then the `next` branch is for you
If you want the bleeding-edge and don't care about stability, then `edge` is for you.
If you only need simple jailing and no POSIX compatibility, then `no-posix` is for you.
## Issues
### Issues
Please report issues [over here](https://git.novacow.ch/Nova/PyJail/issues/)
And please check if your issue isn't a duplicate before reporting.

82
autoconvert.py
View File

@@ -1,82 +0,0 @@
"""
Converts files to be jail-compatible
"""
import importlib
class FileConverter:
def __init__(self):
self.jail_mgr = importlib.import_module(".jail_mgr", "vfs.sys")
self.jailmgr = self.jail_mgr.PyJail()
self._file_openers = ["os.path", "open", "shutil.copy", "shutil.rm"]
self._unsupported_file_openers = ["QFile"]
def convert_file(self, fn):
unsupported_openers_found = 0
lines = []
with open(self.jailmgr.fs(fn), "a") as f:
for line in f:
line = line.strip()
lines.append(line)
blank_line_found = False
init_found = False
i_total = 0
for i, line in enumerate(lines):
if line == "" and blank_line_found is False:
line = "import importlib\n"
lines[i] = line
blank_line_found = True
if "def __init__" in line and init_found is False:
line_to_export = (
"\nself.jail_mgr = importlib.import_module('.jail_mgr', 'vfs.sys')\n"
"self.jailmgr = self.jail_mgr.PyJail()"
)
lines[i + 1] = line_to_export
init_found = True
if self._file_openers in line:
idx = line.index("(")
idx2 = line.index(")")
# if idx2 - idx != 1:
# self.jailmgr.msg(f"{self}", "Unsupported type!", False, "WARN")
# unsupported_openers_found += 1
# else:
expression = line[idx : idx2 + 1]
line_to_edit = f"self.jailmgr.fs({expression})"
idx -= 1
idx2 += 2
full_line = f"{line[:idx]}{line_to_edit}{line[idx2:]}"
lines[i] = full_line
elif self._unsupported_file_openers in line:
self.jailmgr.msg(f"{self}", "Unsupported opener!", False, "WARN")
unsupported_openers_found += 1
else:
pass
i_total = i
if unsupported_openers_found > 0:
self.jailmgr.msg(
f"{self}",
f"Some/all of the openers in this file aren't compatible with the converter, amount: {unsupported_openers_found} of the {i_total}",
True,
"WARN",
)
return lines
def file_writer(self, fn, content):
for i, line in enumerate(content):
line.rstrip("\n")
with open(self.jailmgr.fs(fn), "a+") as f:
f.write(f"{line}\n")
f.close()
self.jailmgr.msg(f"{self}", "Conversion OK! Please check results.", True)
return 0
if __name__ == "__main__":
fc = FileConverter()
fn = input("Enter filepath to convert (fullpath): ")
try:
lines = fc.convert_file(fn)
fc.file_writer(lines)
except Exception:
print("Failure to convert!")

106
install.py
View File

@@ -1,13 +1,11 @@
"""
Install script for the Python jailer.
Version: 0.3.0-main1
Version: 0.2.0-alpha1
"""
import os
import shutil
with open("./kverinfo.txt", "r") as f:
kver = f.read()
kver = f.read()
f.close()
with open("./verinfo.txt", "r") as f:
ver = f.read()
@@ -25,50 +23,66 @@ shutil.move("./main.py", "./vfs/main.py")
shutil.move("./runner.py", "./main.py")
shutil.move("./sh.py", "./vfs/sh.py")
shutil.move("./ledit.py", "./vfs/ledit.py")
shutil.move("./autoconvert.py" "./vfs/autoconvert.py")
os.chdir(os.getcwd() + "/vfs")
print("Gathering info...")
usrname = input("Please enter your username: [usr1] ")
if usrname == "":
usrname = "usr1"
print("Creating directories...")
with open("./bin", "a+") as f:
f.write("symlnk /usr/bin/")
f.close()
with open("./sbin", "a+") as f:
f.write("symlnk /usr/sbin/")
f.close()
with open("./lib", "a+") as f:
f.write("symlnk /usr/lib/")
f.close()
with open("./lib64", "a+") as f:
f.write("symlnk /usr/lib64/")
f.close()
with open("./usr/bin/sh", "a+") as f:
f.write("symlnk /usr/bin/shell.py")
f.close()
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
os.mkdir("./usr/bin/")
os.mkdir("./usr/sbin/")
os.mkdir("./usr/lib/")
os.mkdir("./usr/lib64/")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./usr/bin/shell.py")
shutil.move("./ledit.py", "./usr/bin/ledit.py")
shutil.move("./autoconvert.py", "./usr/bin/autoconvert.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
with open("./sys/procinfo", "a+") as f:
f.write("proc: vfs(/proc/)\nkernel: vfs(/proc/kcore)")
f.close()
with open("./proc/kcore", "a+") as f:
f.write("/sys/jail_mgr.py")
f.close()
print("Install completed! Run ./main.py to start the process!")
input("Press <Enter> to exit! ")
setup_posix = input("Do you wish to setup a mostly-POSIX compliant environment? [y/N] ")
if setup_posix.lower() == "y":
print("Creating directories...")
with open("./bin", "a+") as f:
f.write("symlnk /usr/bin/")
f.close()
with open("./sbin", "a+") as f:
f.write("symlnk /usr/sbin/")
f.close()
with open("./lib", "a+") as f:
f.write("symlnk /usr/lib/")
f.close()
with open("./lib64", "a+") as f:
f.write("symlnk /usr/lib64/")
f.close()
with open("./usr/bin/sh.py", "a+") as f:
f.write("symlnk /usr/bin/shell.py")
f.close()
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
os.mkdir("./usr/bin/")
os.mkdir("./usr/sbin/")
os.mkdir("./usr/lib/")
os.mkdir("./usr/lib64/")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./bin/shell.py")
shutil.move("./ledit.py", "./bin/ledit.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
with open("./sys/procinfo", "a+") as f:
f.write("proc: vfs(/proc/)\nkernel: vfs(/proc/kcore)")
f.close()
with open("./proc/kcore", "a+") as f:
f.write("/sys/jail_mgr.py")
f.close()
else:
print("Creating directories...")
os.mkdir("./bin")
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
os.mkdir("./sys/krnl/")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./bin/shell.py")
shutil.move("./ledit.py", "./bin/ledit.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
print("Install completed! Run ./main.py to start the kernel!")
input("Press <Enter> to exit! ")

2
kverinfo.txt
View File

@@ -1 +1 @@
edge0005-base0.2.1
0.1.1-main1

6
ledit.py
View File

@@ -3,12 +3,9 @@ LEdit, a single line text editor made in Python
Version: 0.0.2-alpha1
Made as an example program for PyNVOS
"""
class ledit:
def __init__(self, instance):
self._kernel = instance
def prgm(self):
path_to_file = input("Enter location of file to edit/create: ")
path_to_file = self._kernel.fs(path_to_file)
@@ -17,7 +14,4 @@ class ledit:
f.write(text_to_write + "\n")
f.close()
exit()
if __name__ == "<run_path>":
raise NotImplementedError("no")

313
main.py
View File

@@ -1,255 +1,58 @@
"""
This is the PyJail, a jailing tool for running Python apps in a sandboxed environment.
Version: edge0007-base0.2.1
"""
import os
import time
import runpy
class PyJail:
"""
The jail manager, handles all system calls and such.
"""
def __init__(self, debug=False):
self.rootpath = ""
self.rootpath = self.fs()
self._debug = debug
with open(self.fs("/proc/klog"), "w") as f:
# Always use jailmgr.msg() from this point onwards.
f.write(f"[{time.time}] [jailmgr.__init__()] [INFO] START LOG")
f.close()
with open(self.fs("/proc/kproc"), "w") as f:
f.write("proc: jailmgr(1)")
self._program_counter = 2
f.close()
self._resolve_symlinks = False if os.path.isdir(self.fs("/bin")) else True
def run_program(self, path_to_bin):
"""
Runs a specified program.
"""
path_to_bin = self.fs(path_to_bin)
if path_to_bin == 3 or path_to_bin == 2:
self.msg(
"jailmgr.run_program()",
"An error has occurred launching the program.",
True,
"WARNING",
)
else:
with open(self.fs("/proc/kproc"), "a+") as f:
f.write(f"proc: {path_to_bin}({self._program_counter})")
self._program_counter += 1
runpy.run_path(path_to_bin)
def msg(
self, caller: str, message: str, emit: bool = False, log_level: str = "INFO"
):
"""
The custom message parser, can parse messages and alert apps of said messages.
Replaces print statements.
Args:
caller: The program that called the logger
message: Is the message to parse.
emit: If the message needs to be passed to apps.
log_level: The loglevel, either DEBUG, INFO, WARNING, ERROR, CRITICAL
"""
emit_full = False
if self._debug is True:
emit_full = True
accepted_log_levels = ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]
if log_level.upper() not in accepted_log_levels:
self.msg(
"jailmgr.msg()", f"Not accepted loglevel!! {log_level}", False, "ERROR"
)
return 1
if log_level == "DEBUG" and self._debug is False:
emit = False
emit_full = False
msg = f"[{time.time}] [{caller}] [{log_level}] {message}"
with open(self.fs("/proc/klog"), "a+") as f:
f.write(msg)
if emit is True and log_level.upper() == "CRITICAL":
print(msg)
elif emit is True:
print(message)
elif emit_full is True:
print(msg)
return 0
def fs(self, check_path=None, resolve_symlinks=True):
"""
Keeps track of the jailed filesystem and makes sure any calls to any
file get done in the jailed filesystem
"""
if check_path is not None:
if os.path.exists(f"{self.rootpath}{check_path}"):
if self._resolve_symlinks is True or resolve_symlinks is True:
# This exists to ease /bin and other symlinks that are always present.
# It allows the system to drastically speed up resolving symlinks.
symlinkable_dirs = ["/bin", "/sbin", "/lib", "/lib64"]
for directory in symlinkable_dirs:
if check_path.startswith(directory):
check_path_usr_merge = f"/usr{check_path}"
return self.rootpath + check_path_usr_merge
# Well, if it doesn't start with any of them, we need to check each and every directory.
check_path_split = check_path.split("/", -1)
prepend_path = ""
for i, path in enumerate(check_path_split):
prepend_path = (
f"{prepend_path}/{path}"
if not path.endswith("/")
else f"{prepend_path}/{path}/"
)
check_path_split[i] = f"{prepend_path}"
check_path = ""
for i, path in enumerate(check_path_split):
if os.path.isdir(path) and i != (len(check_path_split) - 1):
# Directory is not a symlink, we can just ignore and move on.
pass
elif os.path.isdir(path) and i == (len(check_path_split) - 1):
# The last thing to access was a directory. We can safely return the full path now.
return path
elif not os.path.isdir(path) and i != (
len(check_path_split) - 1
):
# This was not the last thing we needed to access, so we assume it's a symlink.
# One problem is that we can't be sure, so we make sure it is a symlink.
with open(self.fs(path, False)) as f:
is_symlink = f.read()
f.close()
if is_symlink.startswith("symlnk"):
# This is a symlink!
# Symlinks always contain the full literal path that they need to access, so we can
# take that and do the same trick to split it and add the next things to it.
is_symlink_split = is_symlink.split(" ", 1)
symlink_dest = is_symlink_split[1]
symlink_dest = f"{symlink_dest}/{path}"
return symlink_dest
else:
# This is either not a symlink or an improperly configured one.
self.msg(
"jailmgr.fs()",
"reached non-symlink file not at end of list",
False,
"ERROR",
)
self.msg(
"jailmgr.fs()",
"What was assumed to be a directory isn't a"
" directory nor a symlink! This might be because of a "
"typo or misconfigured symlink. The directory in question: "
f"{path}",
True,
"WARNING",
)
return 2
return self.rootpath + check_path
if check_path.startswith("."):
check_path = check_path.lstrip(".")
return os.getcwd() + check_path if "vfs" in os.getcwd() else 2
elif self.rootpath in check_path:
self.msg(
"jailmgr.fs()",
"Cannot parse rootpath, expected vfspath",
log_level="ERROR",
)
return 3
else:
# Path is not in the jailed fs, so we say it doesn't exist.
self.msg(
"jailmgr.fs()",
"File/directory doesn't exist in vfspath",
log_level="ERROR",
)
return 2
else:
rootpath = os.getcwd() + "/vfs"
self.msg("jailmgr.fs()", message=rootpath, log_level="INFO")
return rootpath
def kver(self):
"""
Returns the kernel version
"""
return "edge0007-base0.2.1"
def netsock(self, ip, port, mode, msg):
"""
An easy interface to network sockets, built right into the jailmanager
Args:
ip: The IP of the server to access.
port: The port to access the server on
mode: Either UDP, TCP or PKG (HTTP)
msg: The message to send the server
Returns:
Whatever the server returns.
"""
if mode == "PKG":
import requests
else:
import socket
if mode == "TCP":
try:
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except Exception:
self.msg(
"jailmgr.netsock()", "Socket import failed!", False, "CRITICAL"
)
self.msg(
"jailmgr.netsock()", "An unexpected error occurred!", True, "ERROR"
)
return None
# Connect to the server
client_socket.connect((ip, port))
self.msg(
"jailmgr.netsock()",
f"Connected to server at {ip}:{port}",
False,
"INFO",
)
# Send the message to the server
client_socket.send(msg.encode())
# Receive the response from the server
response = client_socket.recv(1024).decode()
client_socket.close() # Close the connection
self.msg("jailmgr.netsock", f"Received from server: {response}")
return response
elif mode == "PKG":
# raise NotImplementedError("TODO: PKG will be implemented later!")
file_io = requests.get(ip)
if file_io.startswith("PYPAK PMD"):
with open(self.fs(f"/usr/netsock/cache/{msg}.pmd"), "a+") as f:
f.write(file_io)
f.close()
else:
with open(self.fs(f"/usr/netsock/cache/{msg}.py"), "a+") as f:
f.write(file_io)
f.close()
else:
# Create a UDP socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Send the message to the server
client_socket.sendto(msg.encode(), (ip, port))
# Receive the response from the server
response, _ = client_socket.recvfrom(1024)
self.msg(f"{self}", f"Received from server: {response.decode()}")
# Close the socket
client_socket.close()
# raise NotImplementedError("TODO: Netsock will be implemented once 0.3.0 comes around!")
"""
This is a sort of OS built in Python, not bootable, but creates a custom directory structure and path definition.
This is the "kernel", it hosts all features and runs all programs.
For safety reasons the kernel is isolated, which means that with every shell instance,
A new kernel instance will follow it. Same goes for every program, it will need to call upon a brand-new kernel instance.
Version: 0.1.1-nps3
"""
import os
import runpy
class PyJail:
"""
The "kernel" for PyNVOS
"""
def __init__(self):
self.rootpath = ""
self.rootpath = self.fs()
def run_program(self, path_to_bin):
"""
Runs a specified program.
"""
path_to_bin = self.fs(path_to_bin)
# print(path_to_bin)
# print(str(self.rootpath) + str(path_to_bin))
if path_to_bin == 3 or path_to_bin == 2:
print("An error has occurred launching the program.")
else:
runpy.run_path(path_to_bin)
def fs(self, check_path=None) -> str:
"""
Keeps track of the jailed filesystem and makes sure any calls to any
file get done in the jailed filesystem
"""
if check_path is not None:
if os.path.exists(f"{self.rootpath}{check_path}"):
if check_path.startswith("."):
check_path = check_path.lstrip(".")
return os.getcwd() + check_path if "vfs" in os.getcwd() else 2
return self.rootpath + check_path
elif self.rootpath in check_path:
print("ERR: Cannot parse rootpath, expected vfspath")
return 3
else:
# Path is not in the jailed fs, so we say it doesn't exist.
print("ERR: File/directory doesn't exist in vfspath")
return 2
else:
rootpath = os.getcwd() + "/vfs"
return rootpath
@staticmethod
def is_posix_compatible() -> bool:
"""
Returns if the kernel is POSIX compatible.
"""
return False

66
sh.py
View File

@@ -1,85 +1,51 @@
"""
The shell for PyNVOS
Version: 0.2.0.0402
Version: 0.1.0-main1
"""
import importlib
import os
import cmd
import shutil
# from ..sys.krnl import Kernel
print(__name__)
class shell(cmd.Cmd):
jail_mgr = importlib.import_module(".jail_mgr", "vfs.sys")
jailmgr = jail_mgr.PyJail()
kver = jailmgr.kver()
intro = f"Shell started, PyJail {kver}"
prompt = "shell-0.2$ "
intro = "Shell started, PyNVOS 0.1.1-main1"
prompt = "shell-0.1.0$ "
file = None
krnl = importlib.import_module(".jail_mgr", "vfs.sys")
kernel = krnl.Kernel()
print(str(kernel) + " " + str(type(kernel)))
def do_cd(self, args):
"""Changes directory"""
args = shell.jailmgr.fs(args)
args = shell.kernel.fs(args)
os.chdir(args)
def do_exec(self, args):
"""Allows you to execute a file"""
# Apps in /bin should be allowed to launch without first adding /bin/ or ./, just the name of the executable
# So for ledit it should be just 'ledit' and not /bin/ledit.py or ./ledit.py
bins_in_bin = os.listdir(self.jailmgr.fs("/bin"))
bins_in_bin = os.listdir(shell.kernel.fs("/bin"))
apps_strip = []
for apps in bins_in_bin:
if apps.endswith(".py"):
apps_strip.append(apps.strip(".py"))
if args in apps_strip:
shell.jailmgr.run_program(f"/bin/{args}.py")
shell.kernel.run_program(f"/bin/{args}.py")
else:
shell.jailmgr.run_program(args)
shell.kernel.run_program(args)
def do_ls(self, none):
"""Lists the content of a directory"""
os.listdir(os.getcwd())
def do_pkg(self, pkg):
"""Downloads packages over the internet."""
self.jailmgr.netsock(
f"https://pkg.novacow.ch/repo/{self.kver}/meta/{pkg}.pmd",
None,
"PKG",
f"{pkg}",
)
shutil.copy(
self.jailmgr.fs(f"/usr/netsock/cache/{pkg}.pmd"),
self.jailmgr.fs("/usr/pkg/metacache/"),
)
with open(self.jailmgr.fs(f"/usr/pkg/metacache/{pkg}.pmd"), "r") as f:
package_meta = f.read()
f.close()
self.jailmgr.msg("shell.do_pkg", package_meta, True, "INFO")
y_n_confirmation = input("Do you want to install this package? [y/N] ")
if y_n_confirmation.lower() != "y":
print("Aborted.")
return
self.jailmgr.netsock(
f"https://pkg.novacow.ch/repo/{self.kver}/main/static/binary/{pkg}.py",
None,
"PKG",
f"{pkg}",
)
shutil.copy(
self.jailmgr.fs(f"/usr/netsock/cache/{pkg}.py"),
self.jailmgr.fs("/usr/bin/"),
)
def postloop(self):
pass
if __name__ == "<run_path>":
if __name__ == '<run_path>':
shell().cmdloop()
if __name__ == "__main__":
print(
"The shell can't be ran as a standalone program and must be ran in conjunction with the jail manager."
)
if __name__ == '__main__':
print("The shell can't be ran as a standalone program and must be ran in conjunction with the kernel.")
input("Press Enter to continue...")
exit(-1)
exit(-1)

2
verinfo.txt
View File

@@ -1 +1 @@
edge
0.1.0