Google Git
Sign in
fuchsia / fuchsia / b0d7666213098c239430eca03b0410c97405ab75 / . / src / developer / sshd-host / meta / sshd-host.cml
blob: ad0d99a52a4f240b601f17818e345d4a8e36f9e9 [file] [log] [blame]
// Copyright 2022 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
{
include: [ "syslog/client.shard.cml" ],
program: {
runner: "elf",
binary: "bin/sshd-host",
forward_stdout_to: "log",
forward_stderr_to: "log",
},
use: [
// Needed to configure sshd-host.
{
directory: "config-data",
rights: [ "r*" ],
path: "/config/data",
},
{
protocol: [
// Needed to get ssh keys from the bootloader file.
"fuchsia.boot.Items",
// Needed to listen on TCP port 22.
"fuchsia.posix.socket.Provider",
// Needed to launch `ssh` child processes.
"fuchsia.process.Launcher",
],
},
// Needed to create the shell environment
// for the ssh child process and its children.
// TODO(fxbug.dev/97903): try to remove each one of the below.
// TODO(fxbug.dev/98086): specifically reduce /bin.
{
directory: "bin",
rights: [ "rx*" ],
path: "/bin",
},
{
directory: "blob",
rights: [ "rw*" ],
path: "/blob",
},
{
directory: "boot",
rights: [ "rx*" ],
path: "/boot",
},
{
directory: "build-info",
rights: [ "r*" ],
path: "/config/build-info",
},
{
directory: "root-ssl-certificates",
rights: [ "r*" ],
path: "/config/ssl",
},
{
directory: "minfs",
rights: [ "rw*" ],
path: "/data",
},
{
directory: "dev",
rights: [ "rw*" ],
path: "/dev",
},
{
directory: "hub-legacy",
rights: [ "rw*" ],
path: "/hub",
},
{
directory: "hub",
rights: [ "rw*" ],
path: "/hub-v2",
},
{
directory: "mnt",
rights: [ "rw*" ],
path: "/mnt",
},
{
directory: "pkgfs",
rights: [ "rx*" ],
path: "/pkgfs",
},
{
directory: "system",
rights: [ "rx*" ],
path: "/system",
},
{
directory: "tmp",
rights: [ "rw*" ],
path: "/tmp",
},
],
}