From 447329eaee871110fc05def7e2136a19f1a2fd9d Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Fri, 23 Nov 2018 14:40:38 +0100 Subject: [PATCH] Chroot: change root to explicit prefix and label sub-dirs Change the root of a session request into an explicit path and apply the label-to-path conversion using the "path_prefix" policy attribute. This is in addition to only applying a root change with a "path" attribute. Ref #3031 Fix #3056 --- repos/os/src/server/chroot/README | 6 ++++-- repos/os/src/server/chroot/component.cc | 9 +++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/repos/os/src/server/chroot/README b/repos/os/src/server/chroot/README index 18af1bfe1..5843eb198 100644 --- a/repos/os/src/server/chroot/README +++ b/repos/os/src/server/chroot/README @@ -6,8 +6,10 @@ hierarchy of directories. Sessions matching policies with _path_ attributes will be "chrooted" to the configured policy path, sessions not matching policies with _path_ attributes will be chrooted into paths formed from each session label element. Sessions -requests are downgraded to read-only requests unless matched by polices -with an affirmative _writeable_ attribute. Sessions not matching any +matching polices with a _path_prefix_ attribute are both rooted at the +attribute path and in sub-directories formed by the session label. +Sessions requests are downgraded to read-only requests unless matched by +polices with an affirmative _writeable_ attribute. Sessions not matching any policy are rejected. Please note that this server is only effective for File_system servers that diff --git a/repos/os/src/server/chroot/component.cc b/repos/os/src/server/chroot/component.cc index 6e9baeac7..16c7d3393 100644 --- a/repos/os/src/server/chroot/component.cc +++ b/repos/os/src/server/chroot/component.cc @@ -112,8 +112,13 @@ struct Chroot::Main Session_label const label = label_from_args(args.string()); Session_policy const policy(label, config_rom.xml()); - /* Use a chroot path from policy */ - if (policy.has_attribute("path")) { + if (policy.has_attribute("path_prefix")) { + /* Use a chroot path from policy and label sub-directories */ + policy.attribute("path_prefix").value(tmp, sizeof(tmp)); + root_path.import(tmp); + root_path.append(path_from_label(label.string()).string()); + } else if (policy.has_attribute("path")) { + /* Use a chroot path from policy */ policy.attribute("path").value(tmp, sizeof(tmp)); root_path.import(tmp); } else {