Sandboxed application running problem


#1

Hello,

I’m trying to install helloWorld app on my (ar6) target, and it doesn’t work.
i make the app in …/apps/sample/helloWorld

after i install it on my target :

on my host i get this

Installing application 'helloWorld' from file 'helloWorld.ar6'. Removing app 'helloWorld'... Deleted user 'apphelloWorld'. Installing app 'helloWorld'... Created user 'apphelloWorld' (uid 1010, gid 1010). DONE

But on my target, when i do app status
i get [stopped] helloWorld

i tried to start my app on target

it displays :

Starting app 'helloWorld'... DONE

and when i do logread i get

... Mar 26 17:15:17 imx6qrex user.info Legato: INFO | supervisor[8957]/security T=main | proc.c proc_SigChildHandler() 1308 | Process 'helloWorld' (PID: 11104) has exited with exit code 1. Mar 26 17:15:17 imx6qrex user.warn Legato: -WRN- | supervisor[8957]/security T=main | proc.c GetFaultAction() 1167 | Unrecognized fault action for process 'helloWorld'. Assume fault action is 'ignore'. Mar 26 17:15:17 imx6qrex user.crit Legato: *CRT* | supervisor[8957]/security T=main | app.c app_SigChildHandler() 1635 | The process 'helloWorld' in app 'helloWorld' has faulted and will be ignored in accordance with its fault policy. Mar 26 17:15:17 imx6qrex user.info Legato: INFO | supervisor[8957]/security T=main | app.c app_SigChildHandler() 1679 | app 'helloWorld' has stopped. Mar 26 17:15:17 imx6qrex user.info Legato: INFO | supervisor[8957]/security T=main | sandbox.c sandbox_Remove() 1463 | 'helloWorld' sandbox removed. Mar 26 17:15:17 imx6qrex user.info Legato: INFO | supervisor[8957]/supervisor T=main | supervisor.c DeleteAppObj() 571 | Application 'helloWorld' has stopped.
:open_mouth: :open_mouth:
Please Help !! :unamused:


#2

Hi,

I tried to disable sandbox on .adef file, and it works, helloWorld unsandboxed app works properly.
when i tried to run it in sandbox it dosn’t work ! :unamused:

Mar 30 17:33:41 imx6qrex user.info Legato: INFO | supervisor[4950]/security T=main | proc.c StartProc() 747 | Execvp || argsPtr[0] = helloWorld | argsPtr[1] = helloWorld | return = -1 |errno= No such file or directory Mar 30 17:33:41 imx6qrex user.emerg Legato: *EMR* | supervisor[4950]/security T=main | proc.c StartProc() 750 | Could not exec 'helloWorld'. Bad file descriptor. Mar 30 17:33:41 imx6qrex user.info Legato: INFO | supervisor[3535]/security T=main | proc.c proc_SigChildHandler() 1285 | Process 'helloWorld' (PID: 4950) has exited with exit code 1. Mar 30 17:33:41 imx6qrex user.warn Legato: -WRN- | supervisor[3535]/security T=main | proc.c GetFaultAction() 1144 | Unrecognized fault action for process 'helloWorld'. Assume fault action is 'ignore'. Mar 30 17:33:41 imx6qrex user.crit Legato: *CRT* | supervisor[3535]/security T=main | app.c app_SigChildHandler() 1637 | The process 'helloWorld' in app 'helloWorld' has faulted and will be ignored in accordance with its fault policy. Mar 30 17:33:41 imx6qrex user.info Legato: INFO | supervisor[3535]/security T=main | app.c app_SigChildHandler() 1681 | app 'helloWorld' has stopped. Mar 30 17:33:41 imx6qrex user.info Legato: INFO | supervisor[3535]/security T=main | sandbox.c sandbox_Remove() 1467 | 'helloWorld' sandbox removed. Mar 30 17:33:41 imx6qrex user.info Legato: INFO | supervisor[3535]/supervisor T=main | supervisor.c DeleteAppObj() 571 | Application 'helloWorld' has stopped.

I need your help guys :smiley:


#3

Hello.

Can you post the source for your app? Is it trying to read a file or access some other resource that’s not bound into the sandbox?

Thanks,
-Kelly


#4

In your second listing, I can see that it looks like it is failing to execute your helloWorld program. This is probably because it is trying to use a library that isn’t visible from inside its sandbox.

Chances are good that there’s an error message on your serial console that says what library it can’t find.

When you know what library it is unable to find, you can make it visible inside your sandbox by telling the build tools that the library is “required”. This can be done in either the Component.cdef or the .adef.

For example, if your component needs /usr/lib/libname.so from the root file system on the target device, then you can add this to your Component.cdef to make it visible in the /lib/ directory inside your sandbox:

requires:
{
    file:
    {
        /usr/lib/libname.so /lib/
    }
}

/lib is in your default library search path, so the dynamic linker will be able to find it when the process starts.

If you need to load a library that isn’t in your default library search path (which includes /lib and /usr/lib), then you can set the LD_LIBRARY_PATH environment variable in your .adef file’s “processes” section like this:

processes:
{
    envVars:
    {
        LD_LIBRARY_PATH=/path/to/library/dir
    }

    run:
    {
        ( helloWorld )
    }
}

I hope this helps.

–Jen


#5

Hi,

It looks like the helloWorld executable cannot be found in the sandbox. Could you post the logs immediately before the app fails. Those logs show the setting up of the sandbox. If you could post your app as well that would be great. Also, which version of Legato are you running?

Thanks,

Alex


#6

Hi,

What sort of modifications did you make to Legato to build for an ar6 (unless typo) target? The default Legato does not support that target.

Thank you,
Enoch


#7

HI everybody,

Thank you for your help,

This the log message when i run helloWorld sandboxed application :

root@imx6qrex:/usr/local/lib# logread -f Mar 31 07:00:03 imx6qrex auth.info sshd[818]: Accepted none for root from 192.168.1.192 port 39848 ssh2 Mar 31 07:00:11 imx6qrex user.warn Legato: -WRN- | appCtrl[832]/framework T=main | mem.c le_mem_ForceAlloc() 663 | Memory pool 'ClientThreadData' overflowed. Expanded to 1 blocks. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/supervisor T=main | supervisor.c LaunchApp() 770 | 1.Supervisor|LaunchApp()|AppName=helloWorld|configPath=apps/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 431 | 1.app|app_Create()|cfgPathRootPtr=apps/helloWorld|appPtr->cfgPathRoot=apps/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 435 | 2.app|app_Create()|appPtr->name=helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 439 | 3.app|app_Create()|appPtr->name=helloWorld|appPtr->state=0 Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 446 | 4.app|app_Create()|appPtr->name=helloWorld|appPtr->state=0|appPtr->sandboxed=1 Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c CreateUserAndGroups() 370 | 5.app|CreateUserAndGroups()|sandboxed|appRef->homeDirPath=/home/apphelloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c CreateUserAndGroups() 386 | 6.app|CreateUserAndGroups()|sandboxed|appRef->uid=1011|appRef->gid=1011 Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c CreateSupplementaryGroups() 284 | 8.app|CreateSupplementaryGroups()|No supplementary groups for app|return LE_OK Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 475 | 9.app|app_Create()|appPtr->installPath=/opt/legato/apps/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 489 | 10.app|app_Create()|appPtr->sandboxPath=/tmp/legato/sandboxes/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 514 | 11.app|app_Create()|procCfgPath=/apps/helloWorld/procs/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c proc_Create() 215 | 12.proc.c|proc_Create()|Starting Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c proc_Create() 240 | 13.proc.c|proc_Create()|ProcName=helloWorld|procPtr->cfgPathRoot=/apps/helloWorld/procs/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Create() 531 | 13.app|app_Create()|proc created Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/supervisor T=main | supervisor.c LaunchApp() 796 | 14.Supervisor|LaunchApp()|app object created Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Start() 744 | 15.app.C|app_Start()|sandboxed app => creat sandboxed area (sandbox_setup()) Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c sandbox_Setup() 1296 | 16.sandbox.C|sandbox_Setup()|SMACK Access Label = 12rwx Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c GetCfgResourceLimit() 187 | Configured resource limit maxFileSystemBytes is not available. Using the default value 131072. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c SetupFileSystem() 1129 | 17.sanbox.c|SetupFileSystem()|the tmpfs for the sandbox mounted No error Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportDir() 738 | Imported directory '/opt/legato/apps/helloWorld/bin' into sandbox '/tmp/legato/sandboxes/helloWorld/bin'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/dev/log' into sandbox '/tmp/legato/sandboxes/helloWorld/dev/log'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/dev/null' into sandbox '/tmp/legato/sandboxes/helloWorld/dev/null'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/dev/zero' into sandbox '/tmp/legato/sandboxes/helloWorld/dev/zero'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportDir() 738 | Imported directory '/opt/legato/apps/helloWorld/lib' into sandbox '/tmp/legato/sandboxes/helloWorld/lib'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/ld-linux.so.3' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/ld-linux.so.3'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/libc.so.6' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/libc.so.6'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/libgcc_s.so.1' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/libgcc_s.so.1'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/usr/local/lib/liblegato.so' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/liblegato.so'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/libm.so.6' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/libm.so.6'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/libpthread.so.0' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/libpthread.so.0'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/lib/librt.so.1' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/librt.so.1'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/usr/lib/libstdc++.so.6' into sandbox '/tmp/legato/sandboxes/helloWorld/lib/libstdc++.so.6'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/tmp/legato/serviceDirectoryClient' into sandbox '/tmp/legato/sandboxes/helloWorld/tmp/legato/serviceDirectoryClient'. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c ImportFile() 694 | Imported file '/tmp/legato/serviceDirectoryServer' into sandbox '/tmp/legato/sandboxes/helloWorld/tmp/legato/serviceDirectoryServer'. Mar 31 07:00:11 imx6qrex user.warn Legato: -WRN- | supervisor[558]/security T=main | cgroups.c cgrp_mem_SetLimit() 474 | The memory limit for apphelloWorld was actually set to 40960000 instead of 40000k because of either page rounding or memory availability. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_Start() 788 | 18.app.c|app_Start()|proc_StartInSandbox|appRef->homeDirPath=/home/apphelloWorld|appRef->sandboxPath=/tmp/legato/sandboxes/helloWorld Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c StartProc() 680 | 19.proc.c|StartProc()|argsPtr[0]=helloWorld|argsPtr[1]=helloWorld|errno=File exists Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c StartProc() 687 | 20.proc.c|StartProc()|smackLabel=12 Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxCoreDumpFileBytes to value 102400. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxFileBytes to value 102400. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxLockedMemoryBytes to value 8192. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxFileDescriptors to value 256. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxMQueueBytes to value 512. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxThreads to value 20. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | resourceLimits.c SetRLimit() 287 | Setting resource limit maxQueuedSignals to value 100. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c StartProc() 775 | Starting process helloWorld with pid 833 Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[833]/security T=main | proc.c StartProc() 743 | Execing 'helloWorld' Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[833]/security T=main | proc.c StartProc() 748 | 1.execvp|argsPtr[0]=helloWorld|argsPtr[1]=helloWorld|errno=Bad file descriptor Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[833]/security T=main | proc.c StartProc() 752 | 2.execvp|argsPtr[0]=helloWorld|argsPtr[1]=helloWorld|ret=-1|errno=No such file or directory Mar 31 07:00:11 imx6qrex user.emerg Legato: *EMR* | supervisor[833]/security T=main | proc.c StartProc() 756 | Could not exec 'helloWorld'. No such file or directory. Mar 31 07:00:11 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | proc.c proc_SigChildHandler() 1291 | Process 'helloWorld' (PID: 833) has exited with exit code 1. Mar 31 07:00:11 imx6qrex user.warn Legato: -WRN- | supervisor[558]/security T=main | proc.c GetFaultAction() 1150 | Unrecognized fault action for process 'helloWorld'. Assume fault action is 'ignore'. Mar 31 07:00:12 imx6qrex user.crit Legato: *CRT* | supervisor[558]/security T=main | app.c app_SigChildHandler() 1645 | The process 'helloWorld' in app 'helloWorld' has faulted and will be ignored in accordance with its fault policy. Mar 31 07:00:12 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | app.c app_SigChildHandler() 1689 | app 'helloWorld' has stopped. Mar 31 07:00:12 imx6qrex user.info Legato: INFO | supervisor[558]/security T=main | sandbox.c sandbox_Remove() 1464 | 'helloWorld' sandbox removed. Mar 31 07:00:12 imx6qrex user.info Legato: INFO | supervisor[558]/supervisor T=main | supervisor.c DeleteAppObj() 571 | Application 'helloWorld' has stopped.

[quote=“kmurphy”]Hello.

Can you post the source for your app? Is it trying to read a file or access some other resource that’s not bound into the sandbox?
[/quote]

—>> I’m using exactly the helloWorld demo, i didn’t modify anything.


[quote=“jchitty”]In your second listing, I can see that it looks like it is failing to execute your helloWorld program. This is probably because it is trying to use a library that isn’t visible from inside its sandbox.

Chances are good that there’s an error message on your serial console that says what library it can’t find.

When you know what library it is unable to find, you can make it visible inside your sandbox by telling the build tools that the library is “required”. This can be done in either the Component.cdef or the .adef.

For example, if your component needs /usr/lib/libname.so from the root file system on the target device, then you can add this to your Component.cdef to make it visible in the /lib/ directory inside your sandbox:

requires:
{
    file:
    {
        /usr/lib/libname.so /lib/
    }
}

/lib is in your default library search path, so the dynamic linker will be able to find it when the process starts.

If you need to load a library that isn’t in your default library search path (which includes /lib and /usr/lib), then you can set the LD_LIBRARY_PATH environment variable in your .adef file’s “processes” section like this:

processes:
{
    envVars:
    {
        LD_LIBRARY_PATH=/path/to/library/dir
    }

    run:
    {
        ( helloWorld )
    }
}

[/quote]

—>> How can I know which library it can’t find ??


–>> I’m using legato 15.01, you can see the logs above.


[quote=“esun”]Hi,
What sort of modifications did you make to Legato to build for an ar6 (unless typo) target? The default Legato does not support that target.
[/quote]

–>> Actually it’s not a a6 target, i’m working on a imx6rex board, i have added my toolchain to scripts to build legato and helloWorld app.

Thanks

Mohcine


#8

Hi,

Same issue, same question.

Is there a list of required features (kernel feature/module, rootfs folders… ??) to port legato on an other platform?

Thank for your feedback.

Help please :unamused:


#9

We don’t publish any guidelines to do what you are doing, instead we publish all of the source code and build tools so that you can port to another platform on your own.

If you go to source.sierrawireless.com/resour … downloads/ you will find links to download our complete distribution as source. Hopefully that will help you do what you need.

Regards,
Andrew


#10

I wasnot asking for a guideline. Just some hints about the minimum requirement of the linux distribution to have a fully working legato. You probably know what i’m talking about, i’ve already figured out the smack and the cgroup.

But, well, i get it. I’ll do on my own. Will let the others now how to have legato on any linux platform as soon as it is stable here.

Regards.
:unamused:


#11

Hi Madjid,

I’m also facing the same issue. Can you please tell me how your resolved it or at least give me some hint.

Regards,
Kamlesh