=========
 Roadmap
=========

PRoot v4.1: custom loader
=========================

Highlight
---------

Currently, PRoot relies on the loader embedded in the GNU dynamic
linker, sadly this latter suffers from a couple of bugs and
limitations that avoid some programs to run correctly under PRoot (and
CARE).  For examples:

    * programs that use constructors might crash: a typical example is
      QEMU.  There's a workaround in PRoot for QEMU only.

    * programs that use "rpath" and "symlinks" might not start: a
      typical example is Java.  There's no workaround in PRoot, the
      user has to by-pass the symlink manually.

    * programs that read the processes name are confused: typical
      examples are ps and top.  There's no workaround in PRoot.

    * programs that expect a kernel newer than the actual one (the
      infamous "FATAL: kernel too old" error).  The current workaround
      in PRoot (-k option) is not enough.

    * programs not monitored by PRoot get a wrong program name when
      reading /proc/$PID/cmdline, like "ld-linux.so.2"

All these bugs and limitations can be fixed by writing a custom
loader.


PRoot v5.0: FS cache
====================

Highlight
---------

One core feature of PRoot is the path translation.  This mechanism
heavily relies on "stat", sadly this syscall is quite slow on some FS
(like NFS).  The idea is to cache the results of the path translation
mechanism to avoid the use of "stat" as much as possible in order to
speed-up PRoot.

The internal structure of this FS cache could also be used to emulate
the "getdents" syscall in order to add or hide entries.

TODO: insert roadmap sent to CM.


Not yet scheduled
=================

Fixes
-----

* Mention "container" in the documentation.

* Fix ptrace emulation support on ARM.

* Fix support for GDB v/fork & execve catchpoints.

* Add support for unimplemented ptrace requests.

* Add new hidden option "PROOT_MIN_HEAP_SIZE".

* Replace tracee->reconf.paths with tracee->reconf.env + getenv2()

* Fix ``mkdir foo; cd foo; rmdir ../foo; readlink /proc/self/cwd``.

* Fix remaining bugs in sub-reconfiguration support::

      ./src/proot -B /usr/local/proot/centos-5-x86 make -C tests/

* Forbid rename/unlink on a mount point:

    $ mv mount_point elsewhere
    mv: cannot move "mount_point" to "elsewhere": Device or resource busy

* Add support for the string $ORIGIN (or equivalently ${ORIGIN}) in an rpath specification

* Add support for /etc/ld.so.preload and /etc/ld.so.conf[.d] in mixed-mode.

* Fix ``proot -k 1.2.3 proot -k 2.4.6 -k 3.4.5 uname -r | grep 3.4.5``.

* Don't use the same prefix for glued path::

      $ proot -b /etc/fstab -b /bin/readdir:/bin/readdir -r /tmp/empty-rootfs
      [...]
      proot info: binding = /tmp/proot-6738-CMr1hE:/bin
      proot info: binding = /tmp/proot-6738-CMr1hE:/etc
      [...]
      $ readdir /bin
      DT_DIR  ..
      DT_DIR  .
      DT_REG  readdir
      DT_REG  fstab
      $ readdir /etc
      DT_DIR  ..
      DT_DIR  .
      DT_REG  readdir
      DT_REG  fstab


Features
--------

* Start a login shell (``env -i sh -l``) instead of ``/bin/sh``.

* Use PTRACE_O_EXITKILL if possible.

* Do not seccomp-trace any syscalls when there are no bindings.  This
  should improve performance of ATOS extensions a alot.

* Add a mechanism to add new [fake] entries in /proc, for instance
  ``/proc/proot/config``.

* Add a way to get the reverse translation of a path::

      proot [bindings] -x /usr/local/bin

  or maybe something like that::

      proot [bindings] readlink /proc/proot/detranslate/usr/local/bin

* Make ``mount --bind`` change the tracee's configuration dynamically.

* Make ``chroot`` change the tracee's configuration dynamically (not
  only of ``/``).

* Add support for a special environment variable to add paths
  dynamically to the host LD_LIBRARY_PATH
  ("EXTRA_HOST_LD_LIBRARY_PATH").

* Add a "blind" mode where:

  * unreadable executable can be executed::

      proot mount: OK (rwsr-xr-x)
      proot ping: failed (rws--x--x)

  * unreadable directory can be accessed

* Add command-line interface to set environment variables.

    Rename push_env() in change_env() and enhance it to support the
    "unset" feature.

* Add support for coalesced options, for instance ``proot -eM``

* Allow a per-module verbose level

* Emulate chown, chmod, and mknod when -0 (fake_id0) is enabled.


Documentation
-------------

* Explain bindings aren't exclusive, i.e. "-b /tmp:/foo" doesn't invalidate "-b /tmp:/bar".

* Explain why PRoot does not work with setuid programs

* Document the compatibility with the old command-line interface
  (without "-r")::

       proot [options] <root> <command> [args...]


Misc.
-----

* Replace "readlink(XXX, path, PATH_MAX)" with "readlink(XXX, path, PATH_MAX - 1)"

* read_string should return -ENAMETOOLONG when length(XXX) >= max_size

* Check (in ld.so sources) if more than one RPATH/RUNPATH entry is allowed.

* Ensure tracees' clone flags has CLONE_PTRACE & ~CLONE_UNTRACED.

* Add a stealth mode where over-the-stack content is restored.

* Try Trinity/Scrashme (syscall fuzzers) against PRoot


Performance
-----------

* prefetch_mem(): cache write-through memory access (read_string, fetch_args).

* Fallback to /proc/<pid>/mem when process_vm_readv() isn't available.

* Add a "multi-process" mode where there's one fork of PRoot per monitored process.

    Each time a new_tracee structure is created, PRoot forks itself.
    Be sure that the tracer of this new process really is the new
    forked PRoot! (Thanks Yves for this comment)
