based on combination of tool_chain_auto.run and ssh.run I am able to run an instance with toolchain and login into it
I am able to create file using vim with some commands, like this: echo ok
if I try to execute it inside genode bash (eg in /home/build) - I do receive the following: in ssh client : bash-4.4# vim c bash-4.4# ls -la total 1 -rwx------ 1 root 0 1004 Jan 1 2022 c drwx------ 1 root 0 144 Jan 1 1970 depot bash-4.4# ./c bash: ./c: No such file or directory bash-4.4# bash -c ./c bash: ./c: No such file or directory bash-4.4# bash -c c bash: c: command not found
or, if I add this to beginning #!/bin/sh echo ok bash: ./c: /bin/bash: bad interpreter: No such file or directory
in log: [init -> /bin/bash -> 12] Error: ROM-session creation failed (ram_quota=6144, cap_quota=3, label="/home/build/c") [init -> /bin/bash -> 12] Error: Could not open ROM session for "/home/build/c" [init -> /bin/bash -> 12] Warning: execve: executable binary inaccessible as ROM module
I suspect that I need to allow execution via dynamic run file. or may be I need to add some attributes in run file for this dir?
Sincerely, Alexander
Hi Alexander,
if I try to execute it inside genode bash (eg in /home/build) - I do receive the following: in ssh client : bash-4.4# vim c bash-4.4# ls -la total 1 -rwx------ 1 root 0 1004 Jan 1 2022 c drwx------ 1 root 0 144 Jan 1 1970 depot bash-4.4# ./c bash: ./c: No such file or directory bash-4.4# bash -c ./c bash: ./c: No such file or directory bash-4.4# bash -c c bash: c: command not found
or, if I add this to beginning #!/bin/sh echo ok bash: ./c: /bin/bash: bad interpreter: No such file or directory
in log: [init -> /bin/bash -> 12] Error: ROM-session creation failed (ram_quota=6144, cap_quota=3, label="/home/build/c") [init -> /bin/bash -> 12] Error: Could not open ROM session for "/home/build/c" [init -> /bin/bash -> 12] Warning: execve: executable binary inaccessible as ROM module
The "Could not open ROM session for /home/build/c" indicates that there is something wrong with your session routing. It's a bit of a guesswork involved here what your run script looks like but I believe it is similar to ssh.run. Executable binaries must be provided as a ROM module. In other words, when executing "/home/build/c" the bash component tries to open a ROM session with label "/home/build/c". For this purpose, the ssh.run contains the fs_rom component as a proxy between the vfs server and the bash component. When you look at the routing rules defined for the bash component, you see some routing rules for the ROM service. In ssh.run, however, only session requests with labels "/bin/..." are routed to fs_rom. Have you tried adding a rule for "/home/build/..."?
Best Johannes
Hi Johannes, thank you for clarification
[init -> /bin/bash -> 12] Error: ROM-session creation failed (ram_quota=6144, cap_quota=3, label="/home/build/c") [init -> /bin/bash -> 12] Error: Could not open ROM session for "/home/build/c" [init -> /bin/bash -> 12] Warning: execve: executable binary inaccessible as ROM module
The "Could not open ROM session for /home/build/c" indicates that there is something wrong with your session routing. It's a bit of a guesswork involved here what your run script looks like but I believe it is similar to ssh.run. Executable binaries must be provided as a ROM
yes, close, only that part I have in bash part <route> <service name="File_system"> <child name="vfs"/> </service> <service name="ROM" label_suffix=".lib.so"> <parent/> </service> <service name="ROM" label_last="/bin/bash"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/genode/tool"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/usr/bin"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/libexec"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/x86_64-pc-elf"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/arm-none-eabi"> <child name="vfs_rom"/> </service> <service name="ROM" label_prefix="/aarch64-none-elf"> <child name="vfs_rom"/> </service>
<any-service> <parent/> <any-child/> </any-service> </route>
module. In other words, when executing "/home/build/c" the bash component tries to open a ROM session with label "/home/build/c". For this purpose, the ssh.run contains the fs_rom component as a proxy between the vfs server and the bash component. When you look at the routing rules defined for the bash component, you see some routing rules for the ROM service. In ssh.run, however, only session requests with labels "/bin/..." are routed to fs_rom. Have you tried adding a rule for "/home/build/…"?
thank you, now it works, while give a strange messages into log:
[init -> /bin/bash -> 3] Warning: invalid executable binary format: /home/c [init -> /bin/bash -> 3] Error: no plugin found for fcntl(255)
I initially assume something similar as a problem with directory allowance/permissions - even try to copy my script to /bin or /usr/bin - and fail. bash-4.4# echo > c echo ok bash-4.4# ./c ok bash-4.4# cp c /bin (null): cannot create regular file '/bin/c': No such file or directory
if I want to allow writing to the particular directory, e.g. to /bin - where I should specify this? in separate policy or I can add to below? <service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
Sincerely, Alexander
Hi Alexander,
module. In other words, when executing "/home/build/c" the bash component tries to open a ROM session with label "/home/build/c". For this purpose, the ssh.run contains the fs_rom component as a proxy between the vfs server and the bash component. When you look at the routing rules defined for the bash component, you see some routing rules for the ROM service. In ssh.run, however, only session requests with labels "/bin/..." are routed to fs_rom. Have you tried adding a rule for "/home/build/…"?
thank you, now it works, while give a strange messages into log:
[init -> /bin/bash -> 3] Warning: invalid executable binary format: /home/c [init -> /bin/bash -> 3] Error: no plugin found for fcntl(255)
Well, there are two bits of information here. First, bash complains about an invalid binary format. Looking at the execve implementation in libports/src/lib/libc/execve.cc, it appears that the binary is neither detected to be a valid elf file nor a script. The second piece of information is that there is no plugin for fcntl. Could be the case though that bash works fine without this (depending on what it actually tries to do here).
I initially assume something similar as a problem with directory allowance/permissions - even try to copy my script to /bin or /usr/bin - and fail. bash-4.4# echo > c echo ok bash-4.4# ./c ok bash-4.4# cp c /bin (null): cannot create regular file '/bin/c': No such file or directory
if I want to allow writing to the particular directory, e.g. to /bin
- where I should specify this? in separate policy or I can add to
below? <service name="ROM" label_prefix="/bin"> <child name="vfs_rom"/> </service>
The ROM session is only for read-only access to ROM modules, which, in your scenario, are loaded from a VFS server via fs_rom. You need to check the VFS configuration of your bash component which probably forwards file accesses to /bin to the vfs server via a File_system session. Consequently, the problem might either be in the routing of the file system session or the policy of the vfs server. It's hard to tell without a full picture of you run script.
Best Johannes
-
Alexander Tormasov -
Johannes Schlatow