-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sometimes ROS_SECURITY_ENCLAVE_OVERRIDE
does not effectively work as introduced
#306
Comments
So this is all about the root@tomoyafujita:~/ros2_ws/colcon_ws# env | grep ROS
ROS_VERSION=2
ROS_SECURITY_ENCLAVE_OVERRIDE=/talker_listener/listener
ROS_PYTHON_VERSION=3
ROS_SECURITY_KEYSTORE=/root/sros2_demo/demo_keystore
ROS_AUTOMATIC_DISCOVERY_RANGE=SUBNET
ROS_SECURITY_STRATEGY=Enforce
ROS_DISTRO=rolling
ROS_SECURITY_ENABLE=true
root@tomoyafujita:~/ros2_ws/colcon_ws# ros2 daemon stop
The daemon is not running
root@tomoyafujita:~/ros2_ws/colcon_ws# ros2 daemon start
The daemon has been started
root@tomoyafujita:~/ros2_ws/colcon_ws# ros2 node list
/listener
/talker
root@tomoyafujita:~/ros2_ws/colcon_ws# ros2 topic list
/chatter
/parameter_events
/rosout as you can see above, if ros2 daemon is already running, it does not have security enclaves, so that it cannot discover those secured apps in the network. restarting daemon can solve this problem. (this actually brings me a question, the other thing is, we should probably introduce the
|
CC: @mikaelarguedas just FYI. |
Thanks @fujitatomoya for testing more thoroughly and reporting! There seem to be 3 different things:
|
@mikaelarguedas thanks for the information. something i am concerned here is, daemon could be spawned with security enclaves and expose the discovery information for everyone. and it does that i guess this topic needs to be discussed on https://github.com/ros2/ros2cli though. |
I guess we'd need to dig a bit deeper with people knowing more about the daemon (either over at ros2cli or here) to figure out what is actually inherited from the parent process and figure out a way to mitigate it |
CC: @mikaelarguedas i want to keep the one issue for the fix, so i will go ahead to close this one. and create another issue to keep the discussion on |
Bug report
Required Info:
Steps to reproduce issue
https://github.com/ros2/sros2/blob/rolling/SROS2_Linux.md#run-the-demo-1 introduces
ROS_SECURITY_ENCLAVE_OVERRIDE
to be used withros2cli
such asros2 node list
andros2 topic list
.But sometimes it does not print the available nodes or topics as explained.
talker
andlistener
, make sure they are working as expected.ros2cli
as followings.--no-daemon
, it sometimes does not work.Expected behavior
node list and topic list should print available nodes (talker and listener) and topic (/chatter).
Actual behavior
described above.
Additional information
originally found on #295
The text was updated successfully, but these errors were encountered: