Nova/PyJail
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

merge into: Nova:main
Branches Tags
Nova:main Nova:edge Nova:no-posix Nova:next
Nova:0.2.1-next1 Nova:0.2.0-main1
...
pull from: Nova:edge
Branches Tags
Nova:edge Nova:no-posix Nova:next Nova:main
Nova:0.2.1-next1 Nova:0.2.0-main1

6 Commits
main ... edge

Author SHA1 Message Date
Nova
2ab3df3499 0.3.0 base, now with autoconvert 2025-01-09 07:37:24 +01:00
Nova
cf79b945dc Formatting and some completion to install script 2024-12-29 20:34:10 +01:00
Nova
77fbcb9b31 #1 fix and #3 fix for edge 2024-11-23 13:22:49 +01:00
Nova
edcfa6110a Update README 
Goes for all branches
 2024-11-23 13:13:27 +01:00
Nova
349160e3cf edge004-base0.2.1 
Corrected the NetSock and made the install script compliant
 2024-11-22 20:03:56 +01:00
Nova
7d42a35f7a Add edge files. 2024-11-22 19:34:59 +01:00
8 changed files with 392 additions and 103 deletions
Expand all files Collapse all files

67
README.md
View File

@@ -1,3 +1,68 @@
# PyJail
Jailing tool for Python
PyJail is a jailing tool for Python
It allows you to jail Python programs in a closed off filesystem
## How to install
Installing PyJail is really simple! Just run `python3 ./install.py`
(for Windows `py .\install.py`) in the directory where the files are stored!
## Compatibility
As of now we're still working on a custom Python interpreter to make all programs
fully jailing compatible, sadly enough it's quite hard work.
So as of now it is compatible with all Python programs, **but** only some will be
properly confined.
There is a converter to automatically convert tools, but some still aren't compatible yet.
## POSIX compatibility
We're also providing a (sort-of) POSIX compatible mode. This allows Python programs
made for Linux to also run natively on Windows. This is more meant for Windows
versions that don't feature WSL (Windows 7/8/8.1) but still need to run some
Linux only scripts.
## Bundled programs
To keep the installation extremely small in size and footprint, the bundled programs are also
extremely small. Currently we bundle 3 programs:
### `sh.py` (While installed: `/bin/sh` or `/usr/bin/sh` or `/usr/bin/shell.py`)
A very simple shell, just does directory navigation and installs packages.
### `ledit.py` (While installed: `/usr/bin/ledit.py`)
A simple line text editor. Meant for extreme simplicity.
### `autoconvert.py` (While installed: `/usr/bin/autoconvert.py`)
A converter to convert Python programs to be compatible with the jailed filesystem.
We recommend getting essential packages like a proper shell and the UwUGet package manager.
## The 4 branches
Which branch works best for you?
Well, that's pretty simple. We have 4 branches (`main`, `next`, `edge` and `no-posix`).
If you want the most stable experience, then the `main` branch is for you.
If you want the lastest features, but also a more stable experience (compared to `edge`),
then the `next` branch is for you
If you want the bleeding-edge and don't care about stability, then `edge` is for you.
If you only need simple jailing and no POSIX compatibility, then `no-posix` is for you.
## Issues
Please report issues [over here](https://git.novacow.ch/Nova/PyJail/issues/)
And please check if your issue isn't a duplicate before reporting.

82
autoconvert.py Normal file
View File

@@ -0,0 +1,82 @@
"""
Converts files to be jail-compatible
"""
import importlib
class FileConverter:
def __init__(self):
self.jail_mgr = importlib.import_module(".jail_mgr", "vfs.sys")
self.jailmgr = self.jail_mgr.PyJail()
self._file_openers = ["os.path", "open", "shutil.copy", "shutil.rm"]
self._unsupported_file_openers = ["QFile"]
def convert_file(self, fn):
unsupported_openers_found = 0
lines = []
with open(self.jailmgr.fs(fn), "a") as f:
for line in f:
line = line.strip()
lines.append(line)
blank_line_found = False
init_found = False
i_total = 0
for i, line in enumerate(lines):
if line == "" and blank_line_found is False:
line = "import importlib\n"
lines[i] = line
blank_line_found = True
if "def __init__" in line and init_found is False:
line_to_export = (
"\nself.jail_mgr = importlib.import_module('.jail_mgr', 'vfs.sys')\n"
"self.jailmgr = self.jail_mgr.PyJail()"
)
lines[i + 1] = line_to_export
init_found = True
if self._file_openers in line:
idx = line.index("(")
idx2 = line.index(")")
# if idx2 - idx != 1:
# self.jailmgr.msg(f"{self}", "Unsupported type!", False, "WARN")
# unsupported_openers_found += 1
# else:
expression = line[idx : idx2 + 1]
line_to_edit = f"self.jailmgr.fs({expression})"
idx -= 1
idx2 += 2
full_line = f"{line[:idx]}{line_to_edit}{line[idx2:]}"
lines[i] = full_line
elif self._unsupported_file_openers in line:
self.jailmgr.msg(f"{self}", "Unsupported opener!", False, "WARN")
unsupported_openers_found += 1
else:
pass
i_total = i
if unsupported_openers_found > 0:
self.jailmgr.msg(
f"{self}",
f"Some/all of the openers in this file aren't compatible with the converter, amount: {unsupported_openers_found} of the {i_total}",
True,
"WARN",
)
return lines
def file_writer(self, fn, content):
for i, line in enumerate(content):
line.rstrip("\n")
with open(self.jailmgr.fs(fn), "a+") as f:
f.write(f"{line}\n")
f.close()
self.jailmgr.msg(f"{self}", "Conversion OK! Please check results.", True)
return 0
if __name__ == "__main__":
fc = FileConverter()
fn = input("Enter filepath to convert (fullpath): ")
try:
lines = fc.convert_file(fn)
fc.file_writer(lines)
except Exception:
print("Failure to convert!")

103
install.py
View File

@@ -1,11 +1,13 @@
"""
Install script for the Python jailer.
Version: 1.0.0-main1
Version: 0.3.0-main1
"""
import os
import shutil
with open("./kverinfo.txt", "r") as f:
kver = f.read()
kver = f.read()
f.close()
with open("./verinfo.txt", "r") as f:
ver = f.read()
@@ -23,65 +25,50 @@ shutil.move("./main.py", "./vfs/main.py")
shutil.move("./runner.py", "./main.py")
shutil.move("./sh.py", "./vfs/sh.py")
shutil.move("./ledit.py", "./vfs/ledit.py")
shutil.move("./autoconvert.py" "./vfs/autoconvert.py")
os.chdir(os.getcwd() + "/vfs")
print("Gathering info...")
usrname = input("Please enter your username: [usr1] ")
if usrname == "":
usrname = "usr1"
setup_posix = input("Do you wish to setup a mostly-POSIX compliant environment? [y/N] ")
if setup_posix.lower() == "y":
print("Creating directories...")
with open("./bin", "a+") as f:
f.write("symlnk /usr/bin/")
f.close()
with open("./sbin", "a+") as f:
f.write("symlnk /usr/sbin/")
f.close()
with open("./lib", "a+") as f:
f.write("symlnk /usr/lib/")
f.close()
with open("./lib64", "a+") as f:
f.write("symlnk /usr/lib64/")
f.close()
with open("./usr/bin/sh", "a+") as f:
f.write("symlnk /usr/bin/shell.py")
f.close()
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
os.mkdir("./usr/bin/")
os.mkdir("./usr/sbin/")
os.mkdir("./usr/lib/")
os.mkdir("./usr/lib64/")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./bin/shell.py")
shutil.move("./ledit.py", "./bin/ledit.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
with open("./sys/procinfo", "a+") as f:
f.write("proc: vfs(/proc/)\nmgr: vfs(/proc/kcore)")
f.close()
with open("./proc/kcore", "a+") as f:
f.write("/sys/jail_mgr.py")
f.close()
else:
print("Creating directories...")
os.mkdir("./bin")
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./bin/shell.py")
shutil.move("./ledit.py", "./bin/ledit.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
print("Install completed! Run ./main.py to start the kernel!")
print("Creating directories...")
with open("./bin", "a+") as f:
f.write("symlnk /usr/bin/")
f.close()
with open("./sbin", "a+") as f:
f.write("symlnk /usr/sbin/")
f.close()
with open("./lib", "a+") as f:
f.write("symlnk /usr/lib/")
f.close()
with open("./lib64", "a+") as f:
f.write("symlnk /usr/lib64/")
f.close()
with open("./usr/bin/sh", "a+") as f:
f.write("symlnk /usr/bin/shell.py")
f.close()
os.mkdir("./sys")
os.mkdir("./usr")
os.mkdir("./proc")
os.mkdir(f"./home/{usrname}")
os.mkdir("./usr/bin/")
os.mkdir("./usr/sbin/")
os.mkdir("./usr/lib/")
os.mkdir("./usr/lib64/")
print("Copying files...")
shutil.move("./main.py", "./sys/jail_mgr.py")
shutil.move("./sh.py", "./usr/bin/shell.py")
shutil.move("./ledit.py", "./usr/bin/ledit.py")
shutil.move("./autoconvert.py", "./usr/bin/autoconvert.py")
print("Creating system configuration files...")
with open("./sys/usr.conf", "a+") as f:
f.write(usrname)
f.close()
with open("./sys/procinfo", "a+") as f:
f.write("proc: vfs(/proc/)\nkernel: vfs(/proc/kcore)")
f.close()
with open("./proc/kcore", "a+") as f:
f.write("/sys/jail_mgr.py")
f.close()
print("Install completed! Run ./main.py to start the process!")
input("Press <Enter> to exit! ")

2
kverinfo.txt
View File

@@ -1 +1 @@
0.2.0-main1
edge0005-base0.2.1

6
ledit.py
View File

@@ -3,9 +3,12 @@ LEdit, a single line text editor made in Python
Version: 0.0.2-alpha1
Made as an example program for PyNVOS
"""
class ledit:
def __init__(self, instance):
self._kernel = instance
def prgm(self):
path_to_file = input("Enter location of file to edit/create: ")
path_to_file = self._kernel.fs(path_to_file)
@@ -14,4 +17,7 @@ class ledit:
f.write(text_to_write + "\n")
f.close()
exit()
if __name__ == "<run_path>":
raise NotImplementedError("no")

167
main.py
View File

@@ -1,7 +1,8 @@
"""
This is the PyJail, a jailing tool for running Python apps in a sandboxed environment.
Version: 0.2.0-main1
Version: edge0007-base0.2.1
"""
import os
import time
import runpy
@@ -9,8 +10,9 @@ import runpy
class PyJail:
"""
The
The jail manager, handles all system calls and such.
"""
def __init__(self, debug=False):
self.rootpath = ""
self.rootpath = self.fs()
@@ -30,18 +32,22 @@ class PyJail:
Runs a specified program.
"""
path_to_bin = self.fs(path_to_bin)
# print(path_to_bin)
# print(str(self.rootpath) + str(path_to_bin))
if path_to_bin == 3 or path_to_bin == 2:
self.msg("jailmgr.run_program()", "An error has occurred launching the program.", True,
"WARNING")
self.msg(
"jailmgr.run_program()",
"An error has occurred launching the program.",
True,
"WARNING",
)
else:
with open(self.fs("/proc/kproc"), "a+") as f:
f.write(f"proc: {path_to_bin}({self._program_counter})")
self._program_counter += 1
runpy.run_path(path_to_bin)
def msg(self, caller: str, message:str, emit: bool = False, log_level: str = "INFO"):
def msg(
self, caller: str, message: str, emit: bool = False, log_level: str = "INFO"
):
"""
The custom message parser, can parse messages and alert apps of said messages.
Replaces print statements.
@@ -51,15 +57,27 @@ class PyJail:
emit: If the message needs to be passed to apps.
log_level: The loglevel, either DEBUG, INFO, WARNING, ERROR, CRITICAL
"""
emit_full = False
if self._debug is True:
emit = True
emit_full = True
accepted_log_levels = ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]
if log_level.upper() not in accepted_log_levels:
self.msg(f"jailmgr.msg()",f"Not accepted loglevel!! {log_level}", False, "ERROR")
self.msg(
"jailmgr.msg()", f"Not accepted loglevel!! {log_level}", False, "ERROR"
)
return 1
if log_level == "DEBUG" and self._debug is False:
emit = False
emit_full = False
msg = f"[{time.time}] [{caller}] [{log_level}] {message}"
with open(self.fs("/proc/klog"), "a+") as f:
f.write(f"[{time.time}] [{caller}] [{log_level}] {message}")
if emit is True:
f.write(msg)
if emit is True and log_level.upper() == "CRITICAL":
print(msg)
elif emit is True:
print(message)
elif emit_full is True:
print(msg)
return 0
def fs(self, check_path=None, resolve_symlinks=True):
@@ -81,7 +99,11 @@ class PyJail:
check_path_split = check_path.split("/", -1)
prepend_path = ""
for i, path in enumerate(check_path_split):
prepend_path = f"{prepend_path}/{path}" if not path.endswith("/") else f"{prepend_path}/{path}/"
prepend_path = (
f"{prepend_path}/{path}"
if not path.endswith("/")
else f"{prepend_path}/{path}/"
)
check_path_split[i] = f"{prepend_path}"
check_path = ""
for i, path in enumerate(check_path_split):
@@ -91,7 +113,9 @@ class PyJail:
elif os.path.isdir(path) and i == (len(check_path_split) - 1):
# The last thing to access was a directory. We can safely return the full path now.
return path
elif not os.path.isdir(path) and i != (len(check_path_split) - 1):
elif not os.path.isdir(path) and i != (
len(check_path_split) - 1
):
# This was not the last thing we needed to access, so we assume it's a symlink.
# One problem is that we can't be sure, so we make sure it is a symlink.
with open(self.fs(path, False)) as f:
@@ -101,19 +125,27 @@ class PyJail:
# This is a symlink!
# Symlinks always contain the full literal path that they need to access, so we can
# take that and do the same trick to split it and add the next things to it.
# raise NotImplementedError()
is_symlink_split = is_symlink.split(" ", 1)
symlink_dest = is_symlink_split[1]
symlink_dest = f"{symlink_dest}/{path}"
return symlink_dest
else:
# This is either not a symlink or an improperly configured one.
self.msg("jailmgr.fs()", "reached non-symlink file not at end of list",
False, "ERROR")
self.msg("jailmgr.fs()", "What was assumed to be a directory isn't a"
" directory nor a symlink! This might be because of a "
"typo or misconfigured symlink. The directory in question: "
f"{path}", True, "WARNING")
self.msg(
"jailmgr.fs()",
"reached non-symlink file not at end of list",
False,
"ERROR",
)
self.msg(
"jailmgr.fs()",
"What was assumed to be a directory isn't a"
" directory nor a symlink! This might be because of a "
"typo or misconfigured symlink. The directory in question: "
f"{path}",
True,
"WARNING",
)
return 2
return self.rootpath + check_path
@@ -121,20 +153,103 @@ class PyJail:
check_path = check_path.lstrip(".")
return os.getcwd() + check_path if "vfs" in os.getcwd() else 2
elif self.rootpath in check_path:
self.msg(f"jailmgr.fs()", "Cannot parse rootpath, expected vfspath", log_level="ERROR")
self.msg(
"jailmgr.fs()",
"Cannot parse rootpath, expected vfspath",
log_level="ERROR",
)
return 3
else:
# Path is not in the jailed fs, so we say it doesn't exist.
self.msg(f"jailmgr.fs()", "File/directory doesn't exist in vfspath", log_level="ERROR")
self.msg(
"jailmgr.fs()",
"File/directory doesn't exist in vfspath",
log_level="ERROR",
)
return 2
else:
rootpath = os.getcwd() + "/vfs"
self.msg("jailmgr.fs()", message=rootpath, log_level="INFO")
return rootpath
@staticmethod
def kver():
def kver(self):
"""
Returns the jail manager version
Returns the kernel version
"""
return "0.2.0-main1"
return "edge0007-base0.2.1"
def netsock(self, ip, port, mode, msg):
"""
An easy interface to network sockets, built right into the jailmanager
Args:
ip: The IP of the server to access.
port: The port to access the server on
mode: Either UDP, TCP or PKG (HTTP)
msg: The message to send the server
Returns:
Whatever the server returns.
"""
if mode == "PKG":
import requests
else:
import socket
if mode == "TCP":
try:
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except Exception:
self.msg(
"jailmgr.netsock()", "Socket import failed!", False, "CRITICAL"
)
self.msg(
"jailmgr.netsock()", "An unexpected error occurred!", True, "ERROR"
)
return None
# Connect to the server
client_socket.connect((ip, port))
self.msg(
"jailmgr.netsock()",
f"Connected to server at {ip}:{port}",
False,
"INFO",
)
# Send the message to the server
client_socket.send(msg.encode())
# Receive the response from the server
response = client_socket.recv(1024).decode()
client_socket.close() # Close the connection
self.msg("jailmgr.netsock", f"Received from server: {response}")
return response
elif mode == "PKG":
# raise NotImplementedError("TODO: PKG will be implemented later!")
file_io = requests.get(ip)
if file_io.startswith("PYPAK PMD"):
with open(self.fs(f"/usr/netsock/cache/{msg}.pmd"), "a+") as f:
f.write(file_io)
f.close()
else:
with open(self.fs(f"/usr/netsock/cache/{msg}.py"), "a+") as f:
f.write(file_io)
f.close()
else:
# Create a UDP socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Send the message to the server
client_socket.sendto(msg.encode(), (ip, port))
# Receive the response from the server
response, _ = client_socket.recvfrom(1024)
self.msg(f"{self}", f"Received from server: {response.decode()}")
# Close the socket
client_socket.close()
# raise NotImplementedError("TODO: Netsock will be implemented once 0.3.0 comes around!")

66
sh.py
View File

@@ -1,51 +1,85 @@
"""
The shell for PyNVOS
Version: 0.1.0-main1
Version: 0.2.0.0402
"""
import importlib
import os
import cmd
import shutil
# from ..sys.krnl import Kernel
print(__name__)
class shell(cmd.Cmd):
intro = "Shell started, PyNVOS 0.1.1-main1"
prompt = "shell-0.1.0$ "
jail_mgr = importlib.import_module(".jail_mgr", "vfs.sys")
jailmgr = jail_mgr.PyJail()
kver = jailmgr.kver()
intro = f"Shell started, PyJail {kver}"
prompt = "shell-0.2$ "
file = None
krnl = importlib.import_module(".jail_mgr", "vfs.sys")
kernel = krnl.Kernel()
print(str(kernel) + " " + str(type(kernel)))
def do_cd(self, args):
"""Changes directory"""
args = shell.kernel.fs(args)
args = shell.jailmgr.fs(args)
os.chdir(args)
def do_exec(self, args):
"""Allows you to execute a file"""
# Apps in /bin should be allowed to launch without first adding /bin/ or ./, just the name of the executable
# So for ledit it should be just 'ledit' and not /bin/ledit.py or ./ledit.py
bins_in_bin = os.listdir(shell.kernel.fs("/bin"))
bins_in_bin = os.listdir(self.jailmgr.fs("/bin"))
apps_strip = []
for apps in bins_in_bin:
if apps.endswith(".py"):
apps_strip.append(apps.strip(".py"))
if args in apps_strip:
shell.kernel.run_program(f"/bin/{args}.py")
shell.jailmgr.run_program(f"/bin/{args}.py")
else:
shell.kernel.run_program(args)
shell.jailmgr.run_program(args)
def do_ls(self, none):
"""Lists the content of a directory"""
os.listdir(os.getcwd())
def do_pkg(self, pkg):
"""Downloads packages over the internet."""
self.jailmgr.netsock(
f"https://pkg.novacow.ch/repo/{self.kver}/meta/{pkg}.pmd",
None,
"PKG",
f"{pkg}",
)
shutil.copy(
self.jailmgr.fs(f"/usr/netsock/cache/{pkg}.pmd"),
self.jailmgr.fs("/usr/pkg/metacache/"),
)
with open(self.jailmgr.fs(f"/usr/pkg/metacache/{pkg}.pmd"), "r") as f:
package_meta = f.read()
f.close()
self.jailmgr.msg("shell.do_pkg", package_meta, True, "INFO")
y_n_confirmation = input("Do you want to install this package? [y/N] ")
if y_n_confirmation.lower() != "y":
print("Aborted.")
return
self.jailmgr.netsock(
f"https://pkg.novacow.ch/repo/{self.kver}/main/static/binary/{pkg}.py",
None,
"PKG",
f"{pkg}",
)
shutil.copy(
self.jailmgr.fs(f"/usr/netsock/cache/{pkg}.py"),
self.jailmgr.fs("/usr/bin/"),
)
def postloop(self):
pass
if __name__ == '<run_path>':
if __name__ == "<run_path>":
shell().cmdloop()
if __name__ == '__main__':
print("The shell can't be ran as a standalone program and must be ran in conjunction with the kernel.")
if __name__ == "__main__":
print(
"The shell can't be ran as a standalone program and must be ran in conjunction with the jail manager."
)
input("Press Enter to continue...")
exit(-1)
exit(-1)

2
verinfo.txt
View File

@@ -1 +1 @@
0.2 build 0036
edge