Run system command in sandboxed app

Reinhard · February 17, 2022, 10:31am

I need to add/remove iptables rules inside my legato app how can i do that?
The app must sandboxed. To use an unsandboxed app is not an option!

I check a GPIO and if the GPIO is set to high i need to execute the following command:

iptables -t nat -A POSTROUTING --out-interface rmnet_data0 -j MASQUERADE
iptables -A FORWARD -o ecm0 -i rmnet_data0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ecm0 -o rmnet_data0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks in advanced!

jyijyi · February 17, 2022, 10:34am

it is quite hard to implement this in sandboxed application.

I suggest you to build an unsandboxed application to just call these iptables commands.
And then in your sandboxed application, when you need to set iptables rules, you can use IPC to call your unsandboxed application.

Reinhard · February 17, 2022, 10:54am

Thanks for the quick Answer!

Is there really no way to do this in a single sandboxed app?

jyijyi · February 17, 2022, 11:08am

you can try porting the iptables source code to your application.

Topic		Replies	Views
Popen in sandboxed app Legato Application Framework	2	529	December 12, 2018
Permission denied with the httpServer example Legato Application Framework	5	4120	August 9, 2017
Trying to execute a system "route add" command fails Legato Application Framework	2	852	December 20, 2017
Impossible to use localhost with sandbox Legato Application Framework	7	1676	July 18, 2016
System() call doesn't work	2	369	April 19, 2021

Run system command in sandboxed app

Related topics