From 23e9693641d1796adffca04c33518dc366dcea1f Mon Sep 17 00:00:00 2001 From: Lorenz Meier Date: Tue, 22 Dec 2015 09:48:11 +0100 Subject: [PATCH] Allow chrooting the application --- Tools/sitl_run.sh | 15 ++++++++++++--- src/platforms/posix/main.cpp | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/Tools/sitl_run.sh b/Tools/sitl_run.sh index dcfd21930b..a30897fe7a 100755 --- a/Tools/sitl_run.sh +++ b/Tools/sitl_run.sh @@ -14,6 +14,15 @@ echo program: $program echo model: $model echo build_path: $build_path +if [ "$chroot" == "1" ] +then + chroot_enabled=-c + sudo_enabled=sudo +else + chroot_enabled="" + sudo_enabled="" +fi + if [ "$model" == "" ] || [ "$model" == "none" ] then echo "empty model, setting iris as default" @@ -48,7 +57,7 @@ if [ "$program" == "jmavsim" ] && [ "$no_sim" == "" ] then cd Tools/jMAVSim ant - nice -n -10 java -Djava.ext.dirs= -cp lib/*:out/production/jmavsim.jar me.drton.jmavsim.Simulator -udp 127.0.0.1:14560 & + java -Djava.ext.dirs= -cp lib/*:out/production/jmavsim.jar me.drton.jmavsim.Simulator -udp 127.0.0.1:14560 & SIM_PID=`echo $!` elif [ "$program" == "gazebo" ] && [ "$no_sim" == "" ] then @@ -65,7 +74,7 @@ then cd Tools/sitl_gazebo/Build cmake -Wno-dev .. make -j4 - nice -n -10 gzserver --verbose ../worlds/${model}.world & + gzserver --verbose ../worlds/${model}.world & SIM_PID=`echo $!` gzclient --verbose & GUI_PID=`echo $!` @@ -96,7 +105,7 @@ elif [ "$debugger" == "valgrind" ] then valgrind ./mainapp ../../../../${rc_script}_${program}_${model} else - nice -n -10 ./mainapp ../../../../${rc_script}_${program}_${model} + $sudo_enabled ./mainapp $chroot_enabled ../../../../${rc_script}_${program}_${model} fi if [ "$program" == "jmavsim" ] diff --git a/src/platforms/posix/main.cpp b/src/platforms/posix/main.cpp index 7bf431b4f4..24ba4f6e66 100644 --- a/src/platforms/posix/main.cpp +++ b/src/platforms/posix/main.cpp @@ -44,6 +44,7 @@ #include #include #include +#include #include "apps.h" #include "px4_middleware.h" #include "DriverFramework.hpp" @@ -157,6 +158,7 @@ static void process_line(string &line, bool exit_on_fail) int main(int argc, char **argv) { bool daemon_mode = false; + bool chroot_on = false; signal(SIGINT, _SigIntHandler); signal(SIGFPE, _SigFpeHandler); @@ -174,6 +176,9 @@ int main(int argc, char **argv) usage(); return 0; + } else if (strcmp(argv[index], "-c") == 0) { + chroot_on = true; + } else { PX4_WARN("Unknown/unhandled parameter: %s", argv[index]); return 1; @@ -203,7 +208,7 @@ int main(int argc, char **argv) px4::init(argc, argv, "mainapp"); - //if commandfile is present, process the commands from the file + // if commandfile is present, process the commands from the file if (commands_file != nullptr) { ifstream infile(commands_file); @@ -217,6 +222,34 @@ int main(int argc, char **argv) } } + if (chroot_on) { + // Lock this application in the current working dir + // this is not an attempt to secure the environment, + // rather, to replicate a deployed file system. + char pwd_path[PATH_MAX]; + const char *folderpath = "/rootfs/"; + + if (nullptr == getcwd(pwd_path, sizeof(pwd_path))) { + PX4_ERR("Failed aquiring working dir, abort."); + exit(1); + } + + if (nullptr == strcat(pwd_path, folderpath)) { + PX4_ERR("Failed completing path, abort."); + exit(1); + } + + if (chroot(pwd_path)) { + PX4_ERR("Failed chrooting application, path: %s, error: %s.", pwd_path, strerror(errno)); + exit(1); + } + + if (chdir("/")) { + PX4_ERR("Failed changing to root dir, path: %s, error: %s.", pwd_path, strerror(errno)); + exit(1); + } + } + if (!daemon_mode) { string mystr = ""; string string_buffer[CMD_BUFF_SIZE];