genode

History

Josef Söntgen 2e9a19d5b0 chroot: enforce writeable policy decision The writeable decision given in the policy will always override the decision made by the client. Fixes #2643		2018-02-19 20:50:48 +01:00
..
component.cc	chroot: enforce writeable policy decision	2018-02-19 20:50:48 +01:00
README	chroot: enforce writeable policy decision	2018-02-19 20:50:48 +01:00
target.mk	import chroot from world repository	2017-10-05 17:40:04 +02:00

README

This component intercepts File_system requests and changes
the root directory of the request using the session label.

In this example if cli_monitor had a child named "X", every
file system session from "X" would be rooted to the directory
"/cli_monitor/X" at "fs_server".

! <start name="fs_server">
!   <provides> <service name="File_system"/> </provides>
!   ...
! </start>
!
! <start name="chroot">
!   <provides> <service name="File_system"/> </provides>
!   <config>
!     <policy label_prefix="cli_monitor ->" merge="yes"/>
!   </config>
!   <route>
!     <any-service>
!       <child name="fs_server"/> <parent/>
!     </any-service>
!   </route>
!   ...
! </start>
!
! <start name="cli_monitior">
!   <route>
!     <any-service>
!       <child name="chroot"/> <parent/>
!     </any-service>
!   </route>
!   ...
! </start>

In addition, the 'chroot' component will intercept the 'writeable' session
argument and only if its own policy allows it (i.e. the 'writeable' attribute
is to 'yes') the child is permitted to create a writeable connection.