path: root/TODO

try out tracing on *BSD and Solaris

trace static children of static children

cache results of filesystem checks

review erealpath vs realpath usage

wrappers for execl{,l,p} ... unfortunately, we'll probably have to basically
reimplement the functions (building up argv[] and then call the execv* ver)

wrappers for open funcs:
 - freopen
 - freopen64
 - name_to_handle_at
 - open_by_handle_at
 - __open
 - __open64

wrappers for 64-bit time funcs
https://bugs.gentoo.org/751241

wrappers for syscalls that modify non-filesystem resources ?
how would we `addpredict` these ?
is it worth checking for these in the first place ?  unittests sometimes do
terrible things to systems.
 - clock_settime
 - create_module
 - setdomainname
 - settimeofday

erealpath() might deref symlinks when working with unreadable paths as non-root
even when working on funcs that do not deref funcs themselves ... this isnt a
real big issue though

threaded apps conflict with shared state:
 - sandbox_lib
 - sandbox_on
 - trace_pid
 - etc...

handle multiple processing writing to log simultaneously
 - could move log to a fifo that the main sandbox process would consume
 - not that big of a deal as log generally only gets written with failures

doesnt seem to work quite right:
	echo $(./vfork-0 ./mkdir_static-0 2>&1)

messaging still needs a little work.  consider:
 - user is running as root
 - user does `emerge foo`
 - emerge's stderr is connected to root's tty
 - FEATURES=userpriv is enabled so portage drops root
 - sandbox starts up and sets message path to its stderr
 - that path is owned by root only
 - attempts to open it by path fail with permission denied
really only way around this would be to have sandbox set up
a named pipe in $T and set the message path to that.  then
it would poll that for data and take care of writing it to
its open stderr.

sparc32 tracing under sparc64 doesn't work quite right.  we need to reload the
syscall table after the exec call finishes.  not sure any other port needs this.