Chroot: remove merge policies

The chroot server was conceived to automatically place File_system sessions into segregated root directories by converting session labels to paths. If multiple children needed to be grouped under the same path, a 'merge' policy would truncate the session label before path conversion. Now that init can rewrite session labels and thus reproduce truncation, the chroot merge feature is redundant and can be removed. Fix #2846
2025-01-18 18:56:29 +00:00 · 2018-05-30 15:04:04 +02:00 · 2018-05-30 15:04:04 +02:00 · 9d8bf1373e
commit 9d8bf1373e
parent 98f1d83194
2 changed files with 13 additions and 54 deletions
--- a/repos/os/src/server/chroot/README
+++ b/repos/os/src/server/chroot/README
@ -1,37 +1,14 @@
 This component intercepts File_system requests and changes
-the root directory of the request using the session label.
+the root directory attached to requests as defined by
+policy or by converting session label elements to a
+hierarchy of directories.

-In this example if cli_monitor had a child named "X", every
-file system session from "X" would be rooted to the directory
-"/cli_monitor/X" at "fs_server".
+Sessions matching policies with _path_ attributes will be "chrooted" to the
+configured policy path, sessions not matching policies with _path_ attributes
+will be chrooted into paths formed from each session label element. Sessions
+requests are downgraded to read-only requests unless matched by polices
+with an affirmative _writeable_ attribute. Sessions not matching any
+policy are rejected.

-! <start name="fs_server">
-!   <provides> <service name="File_system"/> </provides>
-!   ...
-! </start>
-!
-! <start name="chroot">
-!   <provides> <service name="File_system"/> </provides>
-!   <config>
-!     <policy label_prefix="cli_monitor ->" merge="yes"/>
-!   </config>
-!   <route>
-!     <any-service>
-!       <child name="fs_server"/> <parent/>
-!     </any-service>
-!   </route>
-!   ...
-! </start>
-!
-! <start name="cli_monitior">
-!   <route>
-!     <any-service>
-!       <child name="chroot"/> <parent/>
-!     </any-service>
-!   </route>
-!   ...
-! </start>
-
-In addition, the 'chroot' component will intercept the 'writeable' session
-argument and only if its own policy allows it (i.e. the 'writeable' attribute
-is to 'yes') the child is permitted to create a writeable connection.
+Please note that this server is only effective for File_system servers that
+honor the "root" or "writeable" argument to session requests.
--- a/repos/os/src/server/chroot/component.cc
+++ b/repos/os/src/server/chroot/component.cc
@ -116,26 +116,8 @@ struct Chroot::Main
 		if (policy.has_attribute("path")) {
 			policy.attribute("path").value(tmp, sizeof(tmp));
 			root_path.import(tmp);
-		}
-
-		/* if policy specifies a merge, use a truncated label */
-		else if (policy.has_attribute("label_prefix")
-		        && policy.attribute_value("merge", false))
-		{
-			/* merge at the next element */
-			size_t offset = policy.attribute("label_prefix").value_size();
-			for (size_t i = offset; i < label.length()-4; ++i) {
-				if (strcmp(label.string()+i, " -> ", 4))
-					continue;
-
-				strncpy(tmp, label.string(), min(sizeof(tmp), i+1));
-				break;
-			}
-			root_path = path_from_label<Path>(tmp);
-		}
-
-		/* use an implicit chroot path from the label */
-		else {
+		} else {
+			/* generate implicit chroot path from the label */
 			root_path = path_from_label<Path>(label.string());
 		}