Noticed following problem with FX30S 3G after update to firmware r17:
- I have legacy app wrapped as Legato app which additionally to other primary functionality (which works both in r14 and r17) listens to 2 network ports
- with firmware r14 and sandboxing connecting to these ports through 127.0.0.1 worked without problems. I could access them also through 192.168.2.2 when connected to USB (not available in production environment except for servicing). I do not want to expose them through rmnet0
- Connecting to these port no more works through 127.0.0.1 after upgrade to r17 both when sandboxed and not sandboxed
Additional information:
- custom built legato 18.06.5 with some additions and some unnecessary parts removed from build (no changes from version I used with firmware r14)
Hi there,
I suspect the issue might be related to the firewall. Could you try flushing it and then run you application (do not reboot your FX30S)?
iptables -F
BR,
Chris
Small script helped:
#! /bin/sh
echo app.LegatoAppName >/proc/self/attr/current
telnet 127.0.0.1 9001
Is there really necessary to forbid access to localhost address by SMACK label even if app is not sandboxed. I did not have this problem also for sandboxed app with r14
I’m using own Legato build anyway with some additional applications added and some unnecessary removed
So it would be no problem for me to disable SMACK use in liblegato.
From the other side only 127.0.0.1 is blocked in case of different SMACK labels. One can connect to any
127.x.y.z (where x.y.z != 0.0.1) without any problems. Currently that solves my problem with localhost
From the other side blocking 127.0.01 as some security precaution is completely non effective as anything as it can easily avoided by using for example 127.0.1.1.