Hi Alexander,
module. In other words, when executing "/home/build/c" the bash component tries to open a ROM session with label "/home/build/c". For this purpose, the ssh.run contains the fs_rom component as a proxy between the vfs server and the bash component. When you look at the routing rules defined for the bash component, you see some routing rules for the ROM service. In ssh.run, however, only session requests with labels "/bin/..." are routed to fs_rom. Have you tried adding a rule for "/home/build/…"?
thank you, now it works, while give a strange messages into log:
[init -> /bin/bash -> 3] Warning: invalid executable binary format: /home/c [init -> /bin/bash -> 3] Error: no plugin found for fcntl(255)
Well, there are two bits of information here. First, bash complains about an invalid binary format. Looking at the execve implementation in libports/src/lib/libc/execve.cc, it appears that the binary is neither detected to be a valid elf file nor a script. The second piece of information is that there is no plugin for fcntl. Could be the case though that bash works fine without this (depending on what it actually tries to do here).
I initially assume something similar as a problem with directory allowance/permissions - even try to copy my script to /bin or /usr/bin - and fail. bash-4.4# echo > c echo ok bash-4.4# ./c ok bash-4.4# cp c /bin (null): cannot create regular file '/bin/c': No such file or directory
if I want to allow writing to the particular directory, e.g. to /bin
- where I should specify this? in separate policy or I can add to
below? <service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
The ROM session is only for read-only access to ROM modules, which, in your scenario, are loaded from a VFS server via fs_rom. You need to check the VFS configuration of your bash component which probably forwards file accesses to /bin to the vfs server via a File_system session. Consequently, the problem might either be in the routing of the file system session or the policy of the vfs server. It's hard to tell without a full picture of you run script.
Best Johannes