how to allow execution of bash scripts inside genode

Johannes Schlatow johannes.schlatow at genode-labs.com
Fri Jan 14 17:28:36 CET 2022 

Hi Alexander,

> > module. In other words, when executing "/home/build/c" the bash
> > component tries to open a ROM session with label "/home/build/c".
> > For this purpose, the ssh.run contains the fs_rom component as a
> > proxy between the vfs server and the bash component. When you look
> > at the routing rules defined for the bash component, you see some
> > routing rules for the ROM service. In ssh.run, however, only
> > session requests with labels "/bin/..." are routed to fs_rom. Have
> > you tried adding a rule for "/home/build/…"?
> 
> thank you, now it works, while give a strange messages into log:
> 
> [init -> /bin/bash -> 3] Warning: invalid executable binary format:
> /home/c [init -> /bin/bash -> 3] Error: no plugin found for fcntl(255)

Well, there are two bits of information here. First, bash complains
about an invalid binary format. Looking at the execve implementation in
libports/src/lib/libc/execve.cc, it appears that the binary is neither
detected to be a valid elf file nor a script. The second piece of
information is that there is no plugin for fcntl. Could be the case
though that bash works fine without this (depending on what it actually
tries to do here).

> I initially assume something similar as a problem with directory
> allowance/permissions - even try to copy my script to /bin or
> /usr/bin - and fail. bash-4.4# echo > c echo ok bash-4.4# ./c
> ok
> bash-4.4# cp c /bin
> (null): cannot create regular file '/bin/c': No such file or directory
> 
> if I want to allow writing to the particular directory, e.g. to /bin
> - where I should specify this? in separate policy or I can add to
> below? <service name="ROM" label_prefix="/bin">              <child
> name="vfs_rom"/> </service>
> 

The ROM session is only for read-only access to ROM modules, which, in
your scenario, are loaded from a VFS server via fs_rom. You need to
check the VFS configuration of your bash component which probably
forwards file accesses to /bin to the vfs server via a File_system
session. Consequently, the problem might either be in the routing of
the file system session or the policy of the vfs server. It's hard to
tell without a full picture of you run script.

Best
Johannes

More information about the users mailing list