-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathexample.conf
213 lines (177 loc) · 8.56 KB
/
example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# This is the configuration for the Luci dynamic loader
# all non-empty lines not starting with `#` are taken into account.
# Every parameter listed in this file could also be set using environment variables,
# however, the latter ones have higher priority.
# Path to library configuration file (similar to /etc/ld.so.conf )
# Each line contains the path to a directory which should be used for searching
# the libraries in the specific order.
# If not defined, the configuration file at the default path will be used:
#LD_LIBRARY_CONF=/opt/luci/libpath.conf
# Set log level for (debug) output
# 0: Disable logging / no output
# 1: show only fatal errors
# 2: show all errors
# 3: print warnings
# 4: show runtime information
# 5: show verbose information
# 6: print all debug output
# 7: print tracing information
# Default log level is 3 (warnings)
#LD_LOGLEVEL=3
# Log to file (instead of standard error stream)
# The file will be truncated on each start unless LD_LOGFILE_APPEND is set (see below)
#LD_LOGFILE=/var/log/luci.log
# Log file behavior on start
# 0: truncate log file (default)
# 1: append
#LD_LOGFILE_APPEND=1
# Use absolute time (instead of delta) in log.
# 0: disabled, use relative time (default)
# 1: enabled, use absolute time
#LD_LOGTIME_ABS=1
# Tracing - not implemented yet
#LD_TRACING=0
# Default path to Luci rtld binary
#LD_PATH=/opt/luci/ld-luci.so
# Support for dynamic updates during runtime
# Currently, only libraries with compatible data section are supported
# 0: disabled (default)
# 1: enabled
LD_DYNAMIC_UPDATE=0
# Support for dynamic updates for shared objects manually loaded during runtime (dlopen)
# 0: disabled (default)
# 1: enabled
LD_DYNAMIC_DLUPDATE=0
# Check (recursively) all dependencies of each function for patchability
# 0: disabled (default)
# 1: enabled
#LD_DEPENDENCY_CHECK=1
# Force updates even if they seem to be incompatible (e.g., different writable section)
# 0: disabled, only apply compatible updates (default)
# 1: enabled, also apply incompatible updates (this might cause serious problems!)
#LD_FORCE_UPDATE=1
# Should updates be skipped if the new version is identical with a previously loaded one
# 0: disabled - load any update (default)
# 1: enabled - load only if new version has changed
#LD_SKIP_IDENTICAL=1
# Consider modification time when checking for identical libraries
# Requires LD_SKIP_IDENTICAL set to 1
# 0: disabled, use only hash (default)
# 1: enabled, check mtime first, and only hash if different
#LD_USE_MTIME=1
# Support old GLIBC (< 2.2) non-standard behavior for weak symbols:
# If this is variable is set (with any value), the `weak` flag is respected when
# resolving symbols -- otherwise the first matching symbol will be used
#LD_DYNAMIC_WEAK=1
# A list of directories in which to search for ELF libraries at execution time.
# The items in the list are separated by semicolons.
#LD_LIBRARY_PATH=/path/to/libs/;/other/path/
# A list of additional ELF shared objects to be loaded before all others.
# The items in the list are separated by semicolons.
# Warning: This is not fully GNU libc compliant yet (dependency order issue)
#LD_PRELOAD=libfoo.so;/path/to/libbar.so
# If set to a nonempty string, causes the dynamic linker to resolve all symbols
# at program startup instead of deferring function call resolution to the point
# when they are first referenced.
#LD_BIND_NOW=1
# If this variable is set to a nonempty string, do not update the GOT (global
# offset table) and PLT (procedure linkage table) after resolving a function
# symbol.
#LD_BIND_NOT=1
# If this variable is set to a nonempty string, the arguments passed to the
# process are shown on standard error before starting.
#LD_SHOW_ARGS=1
# If this variable is set to a nonempty string, the auxiliary arrays from the
# karnel passed to process are shown on standard error before starting.
#LD_SHOW_AUXV=1
# If this variable is set to a nonempty string, the environment variable
# passed to process are shown on standard error before starting.
# Plase note: Luci will "consume" certain loader specific variables, hence
# certain enironment variables will be replaced by an empty string
# (at the end of the array list)
#LD_SHOW_ENV=1
# If set to a nonempty string, it is interpreted as URI used to connect to a
# debug hash service (returning hash of variables) for improved detection of
# patchability.
# Allowed URIs
# unix:/path/to/server.sock (unix domain stream)
# unix:/path/to/server.sock:/path/to/client.sock (unix domain datagram)
# tcp:1.2.3.4:8000 (IP with port stream)
# udp:1.2.3.4:8000 (IP with port datagram)
#LD_DEBUG_HASH=tcp:127.0.0.1:9001
# If this variable is set to a nonempty string, the loader will locally search
# for debug files for each binary (using debug link and build id)
#LD_DEBUG_SYMBOLS=1
# This allows specifing an alternative root directory for debug symbols
#LD_DEBUG_SYMBOLS_ROOT=/opt/dbgsym/
# Set to a file path to write status changes (updates) to it
# (can be a named pipe to detect requirements for restarts due to update failures)
#LD_STATUS_INFO=/var/run/status_pipe
# If set to a nonempty string, status info will also containt details about
# initial libraries loaded during setting up the process
#LD_EARLY_STATUS_INFO=1
# If set to a nonempty string, it will be verified that the contents of a
# relocation target in data section was not altered by the user programm
#LD_RELOCATE_CHECK=1
# This option controls the comparison mode.
# Higher numbers will relax the check:
# 0 to use an extended check using internal and external ID [default]
# 1 for using internal ID only for writeable sections
# 2 for using internal ID only on all sections except executable ones
# 3 to completely disable external ID check (and only internal one)
# This can be used to enable patchability on shared objects with poor API decisions ;)
#LD_RELAX_CHECK=1
# If this variable is set to a nonempty string, relocations in outdated (older)
# versions will be fixed as well (this will especially effect the relro section)
#LD_RELOCATE_OUTDATED=1
# Detect access of code in outdated libraries
# Valid (supported) modes are
#
# - userfaultfd which will unmap the full executable code section
# Please note: This feature requires either the CAP_SYS_PTRACE
# capability or /proc/sys/vm/unprivileged_userfaultfd must be
# set to 1!
#
# - uprobes which will set an event for all updated functions
# Please note: This requires super user permissions
#
# - uprobes_deps same as above, but setting an entry for dependencies of
# updated functions as well
#
# - disabled disable detection of outdated code
#
#LD_DETECT_OUTDATED=disabled
# Delay before installing the dection for outdated access
# In case the value is set to 0 (seconds), it is quite likely that this will
# detect such access, since libraries might be active when performing an update.
#LD_DETECT_OUTDATED_DELAY=1
# How should redirections for updates be employed
# Mode:
# 0 only changes the GOT
# 1 changes GOT and updates relocations in the machine code
# 2 will additional intercept local branches (like endless loops)
#LD_UPDATE_MODE=0
# What mechanis should be used to intercept code
# 0 insert a debug trap (`int1` instruction, single byte)
# 1 insert a breakpoint trap (`int3` instruction, single byte)
# 2 insert a invalid opcode instruction (`ud2`, two bytes)
# 3 insert a real invalid opcode (`push es`, which is not available on x64, single byte)
# 4 instert a instruction causing a general protection fault (`hlt`, which is not allowed in ring 3, single byte)
# 5 disable the mechanism (no redirection)
#LD_TRAP_MODE=0
# Stop the process while applying the update
# This will conform to the Intel manual by sending a SIGSTOP.
# 0: disabled (default)
# 1: enabled
# Please note: it causes a process with an foreground terminal to switch into background.
# In our tests, this seems not to be necessary (on tested processors)
#LD_STOP_ON_UPDATE=0
# Exclude libraries from being loaded as dependencies
# Please note: This will not affect libraries loaded using `dlopen`.
# Multiple libraries have to be separated by the a semicolon.
# The libraries "ld-linux-x86-64.so.2" and "libdl.so.2" are already included by default.
#LD_EXCLUDE=libm.so
# Provide debugger like GDB with file images of each version of the employed binaries
# (even when they've been overwritten on disk during the update).
# Especially useful for debugging during live programming with relocatable object files.
#LD_DEBUG=1