Httpserver example issue

Legato Application Framework
1

Hi,

I’m trying to make a small website to configure interfaces on a fx30s module.

I started from the httpServer example available on github, but I’m running through issues similar with httpServer app can't link to lighttpd .

It seems to be a problem with the .adef file and sandbox write/rewrite permissions, since when I fist install the httpServer it seems to work, even if I had to change de .adef because of 500 internal error mentioned in the linked post. However, when I stop and restart the app, it doesn’t work anymore and I get this error :

Nov 25 11:22:40 fx30s user.err Legato: =ERR= | supervisor[24135]/supervisor T=main | app.c CreateFileLink() 2258 | Could not create file '/legato/systems/current/appsWriteable/webserver/bin/lighttpd'.  Read-only file system
Nov 25 11:22:40 fx30s user.err Legato: =ERR= | supervisor[24135]/supervisor T=main | app.c CreateFileLink() 2277 | Failed to create link at '/bin/lighttpd' in app 'webserver'.

Here is the .adef file I’m working with, as I tried variations from the original at legato-af/apps/sample/httpServer/httpServer.adef at 21.05-release · legatoproject/legato-af · GitHub with the informations provided on the other linked topic.

version: @VERSION@
sandboxed: true

bundles:
{
    dir:
    {
        pages /pages
        cfg /cfg
    }

    file:
    {
        ${LEGATO_SYSROOT}/usr/lib/libutil.so /lib/libutil.so
        ${LEGATO_SYSROOT}/usr/lib/libnss_compat.so /lib/libnss_compat.so
        ${LEGATO_SYSROOT}/usr/lib/libnsl.so /lib/libnsl.so
        ${LEGATO_SYSROOT}/usr/lib/libresolv.so /lib/libresolv.so // Needs this to run shell.
        ${LEGATO_SYSROOT}/usr/lib/libprocps.so /lib/libprocps.so // Need this for ps.
    }
}

requires:
{
    file:
    {
        /etc/nsswitch.conf /etc/nsswitch.conf
        /etc/passwd /etc/passwd    // needed by python to lookup user
        /legato/systems/current/version /legato/systems/current/version
        /legato/systems/current/status /legato/systems/current/status
        /legato/systems/current/apps/webserver/read-only/bin/lighttpd /app/bin/lighttpd
    }

    dir:
    {
        /proc /    // needed by `app` script, and for listing running processes
        /bin  /
        /sbin /
    }

    device:
    {
        [rw] /dev/null /dev/null
        [r] /dev/urandom /dev/urandom
        [r] /dev/random /dev/random
    }

    configTree:
    {
        [r] system
    }
}

extern:
{
    requires:
    {
        le_cfg = $LEGATO_ROOT/interfaces/le_cfg.api
        le_update = $LEGATO_ROOT/interfaces/le_update.api
        le_appInfo = $LEGATO_ROOT/interfaces/le_appInfo.api
    }

}

bindings:
{
    *.le_cfg -> <root>.le_cfg
    *.le_update -> <root>.le_update
    *.le_appInfo -> <root>.le_appInfo
}

start: auto
processes:
{
    envVars:
    {
        HOME="/"
    }

    run:
    {
        ( /app/bin/lighttpd -m /modlibs/ -D -f /cfg/lighttpd.conf )
    }
}

components:
{
    ${LEGATO_ROOT}/components/3rdParty/openssl
    ${LEGATO_ROOT}/components/3rdParty/lighttpd
    sslCertComponent
}

Could someone help understand how it’s supposed to work ?

2

How about this unsandboxed application?

Other user can make it work for fx30

3

Hello jyijyi,

I’ve looked on your work and found the differences with my setup and yours in unsandboxed mode.

I’ve integrated the changes, mostly just referencing the full paths to /legato/systems/current/appsWriteable/ and setting unsandboxed mode, along with deleting the now unneeded “bundles” and “requires” blocks in .adef, and I got it to work.

Yet I think this is more a workaround than a solution, as it would seem preferable to run this webserver with the least amount of privilege possible in a sandboxed environment.

I have the feeling that it is just a matter of rules and defining the requires and bundles the correct way to get it to work sandboxed. Could you help me with that ?

This is the .adef file that got it working in my own environment, which is pretty much the same as in the link you sent.

version: @VERSION@
sandboxed: false

bundles:
{
    dir:
    {
        pages /pages
        cfg /cfg
    }
}

requires:
{
    file:
    {
        /legato/systems/current/apps/webserver/read-only/bin/lighttpd /app/bin/lighttpd
    }
}

extern:
{
    requires:
    {
        le_cfg = $LEGATO_ROOT/interfaces/le_cfg.api
        le_update = $LEGATO_ROOT/interfaces/le_update.api
        le_appInfo = $LEGATO_ROOT/interfaces/le_appInfo.api
    }

}

bindings:
{
    *.le_cfg -> <root>.le_cfg
    *.le_update -> <root>.le_update
    *.le_appInfo -> <root>.le_appInfo
}

start: auto
processes:
{
    envVars:
    {
        HOME="/"
    }

    run:
    {
        ( /legato/systems/current/appsWriteable/webserver/app/bin/lighttpd -m /legato/systems/current/appsWriteable/webserver/modlibs/ -D -f /legato/systems/current/appsWriteable/webserver/cfg/lighttpd.conf )
    }
}

components:
{
    ${LEGATO_ROOT}/components/3rdParty/openssl
    ${LEGATO_ROOT}/components/3rdParty/lighttpd
    sslCertComponent
}
4

Probably it is because in adef file:

  • ${LEGATO_ROOT}/components/3rdParty/lighttpd will install in /legato/systems/current/appsWriteable/httpServer/bin/
  • And “/bin /” will make /legato/systems/current/appsWriteable/httpServer/bin/ read-only.

So the next time running the application, we cannot create link in /legato/systems/current/appsWriteable/httpServer/bin/

Workaround could be one of the followings:

  1. using unsandboxed application
  2. OR using sandboxed application but remove it (i.e. app remove httpServer) and reinstall it (i.e. update httpServer.wp76xx.update) if you need to restart the application
  3. OR using sandboxed application but restart the whole legato framework by “legato restart” instead of restarting single application by “app restart httpserver”
  4. OR using sandboxed application and do an overlay operation on those read-only folder:
app stop httpServer

mkdir /tmp/tmp_httpserver_bin;mkdir /tmp/tmp_httpserver_bin_wr;

mount -t overlay overlay /legato/systems/current/appsWriteable/httpServer/bin/ -o lowerdir=/legato/systems/current/appsWriteable/httpServer/bin/,upperdir=/tmp/tmp_httpserver_bin,workdir=/tmp/tmp_httpserver_bin_wr;

mkdir /tmp/tmp_httpserver_usr_lib;mkdir /tmp/tmp_httpserver_usr_lib_wr;

mount -t overlay overlay /legato/systems/current/appsWriteable/httpServer/usr/lib/ -o lowerdir=/legato/systems/current/appsWriteable/httpServer/usr/lib/,upperdir=/tmp/tmp_httpserver_usr_lib,workdir=/tmp/tmp_httpserver_usr_lib_wr;

app start httpServer
5

Thank you for your replies.

For now I guess the best option is to keep the app unsandboxed. I just have to keep in mind to work with the /legato/systems/current/appsWriteable/ path for everything app related.