mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-11 15:33:04 +00:00
b45242c50f
Since the recent move of the process creation into core, the original chroot trampoline mechanism implemented in 'os/src/app/chroot' does not work anymore. A process could simply escape the chroot environment by spawning a new process via core's PD service. Therefore, this patch moves the chroot support into core. So the chroot policy becomes mandatory part of the process creation. For each process created by core, core checks for 'root' argument of the PD session. If a path is present, core takes the precautions needed to execute the new process in the specified chroot environment. This conceptual change implies minor changes with respect to the Genode API and the configuration of the init process. The API changes are the enhancement of the 'Genode::Child' and 'Genode::Process' constructors to take the root path as argument. Init supports the specification of a chroot per process by specifying the new 'root' attribute to the '<start>' node of the process. In line with these changes, the 'Loader::Session::start' function has been enhanced with the additional (optional) root argument.
109 lines
2.5 KiB
Tcl
109 lines
2.5 KiB
Tcl
#
|
|
# \brief Test for using chroot on Linux
|
|
# \author Norman Feske
|
|
# \date 2012-04-18
|
|
#
|
|
#
|
|
if {![have_spec linux]} { puts "Run script requires Linux"; exit 0 }
|
|
|
|
#
|
|
# Build
|
|
#
|
|
|
|
build { core init drivers/timer/linux test/timer }
|
|
|
|
if {[catch { exec which setcap }]} {
|
|
puts stderr "Error: setcap not available, please install the libcap2-bin package"
|
|
return 0
|
|
}
|
|
|
|
|
|
create_boot_directory
|
|
|
|
#
|
|
# Generate config
|
|
#
|
|
|
|
set config {
|
|
<config>
|
|
<parent-provides>
|
|
<service name="ROM"/>
|
|
<service name="LOG"/>
|
|
<service name="CAP"/>
|
|
<service name="RAM"/>
|
|
<service name="CPU"/>
|
|
<service name="RM"/>
|
|
<service name="PD"/>
|
|
</parent-provides>
|
|
<default-route>
|
|
<any-service> <parent/> <any-child/> </any-service>
|
|
</default-route>
|
|
<start name="timer">
|
|
<resource name="RAM" quantum="1M"/>
|
|
<provides><service name="Timer"/></provides>
|
|
</start>
|
|
<start name="test-timer" root="chroot_path">
|
|
<resource name="RAM" quantum="1G"/>
|
|
</start>
|
|
</config>
|
|
}
|
|
|
|
proc chroot_path { } { return "/tmp/chroot-test" }
|
|
proc chroot_cwd_path { } { return "[chroot_path][pwd]/[run_dir]" }
|
|
proc chroot_genode_tmp_path { } { return "[chroot_path]/tmp/genode-[exec id -u]" }
|
|
|
|
proc cleanup_chroot { } {
|
|
catch { exec sudo umount -l [chroot_cwd_path] }
|
|
catch { exec sudo umount -l [chroot_genode_tmp_path] }
|
|
catch { exec sudo umount -l [chroot_path]/lib }
|
|
exec rm -rf [chroot_path]
|
|
}
|
|
|
|
# replace 'chroot_path' marker in config with actual path
|
|
regsub "chroot_path" $config [chroot_path] config
|
|
|
|
install_config $config
|
|
|
|
#
|
|
# Copy boot modules into run directory
|
|
#
|
|
# We cannot use the predefined 'build_boot_image' function here because
|
|
# this would create mere symlinks. However, we want to hardlink the
|
|
# run directory into the chroot environment. If the directory entries
|
|
# were symlinks, those would point to nowhere within the chroot.
|
|
#
|
|
foreach binary { core init timer test-timer } {
|
|
exec cp -H bin/$binary [run_dir] }
|
|
|
|
#
|
|
# Grant chroot permission to core
|
|
#
|
|
# CAP_SYS_ADMIN is needed for bind mounting genode runtime directories
|
|
# CAP_SYS_CHROOT is needed to perform the chroot syscall
|
|
#
|
|
exec sudo setcap cap_sys_admin,cap_sys_chroot=ep [run_dir]/core
|
|
|
|
#
|
|
# Setup chroot environment
|
|
#
|
|
|
|
# start with fresh directory
|
|
cleanup_chroot
|
|
exec mkdir -p [chroot_path]
|
|
exec mkdir -p [chroot_path]/lib
|
|
|
|
# bind mount '/lib' as we need ldso and libc within the chroot environment
|
|
exec sudo mount --bind /lib [chroot_path]/lib
|
|
|
|
#
|
|
# Execute test case
|
|
#
|
|
run_genode_until {.*--- timer test finished ---.*} 60
|
|
|
|
#
|
|
# Remove artifacts created while running the test
|
|
#
|
|
cleanup_chroot
|
|
|
|
# vi: set ft=tcl :
|