mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-24 15:56:41 +00:00
b45242c50f
Since the recent move of the process creation into core, the original chroot trampoline mechanism implemented in 'os/src/app/chroot' does not work anymore. A process could simply escape the chroot environment by spawning a new process via core's PD service. Therefore, this patch moves the chroot support into core. So the chroot policy becomes mandatory part of the process creation. For each process created by core, core checks for 'root' argument of the PD session. If a path is present, core takes the precautions needed to execute the new process in the specified chroot environment. This conceptual change implies minor changes with respect to the Genode API and the configuration of the init process. The API changes are the enhancement of the 'Genode::Child' and 'Genode::Process' constructors to take the root path as argument. Init supports the specification of a chroot per process by specifying the new 'root' attribute to the '<start>' node of the process. In line with these changes, the 'Loader::Session::start' function has been enhanced with the additional (optional) root argument. |
||
---|---|---|
.. | ||
etc | ||
include | ||
lib | ||
mk | ||
run | ||
src | ||
README |
This is generic part of the Genode implementation. It consists of two parts: :_Core_: is the ultimate root of the Genode application tree and provides abstractions for the lowest-level hardware resources such as RAM, ROM, CPU, and generic device access. All generic parts of Core can be found here - for system-specific implementations refer to the appropriate 'base-<system>' directory. :_Base libraries and protocols_: that are used by each Genode component to interact with other components. This is the glue that holds everything together.