launch_ros_sandbox

https://img.shields.io/github/license/ros-security/launch_ros_sandboxLicense https://readthedocs.org/projects/launch_ros_sandbox/badge/?version=latestDocumentation Status

launch_ros_sandbox is a roslaunch2 extension.

Using launch_ros_sandbox, you can define launch files running nodes in restrained environments, such as Docker containers or separate user accounts with limited privileges.

Package documentation

Installing

Prerequisites

launch_ros_sandbox requires Docker to be installed on your machine and that your user can execute docker commands.

Check that your current user account is a member of the docker group:

groups | grep docker

If docker is not listed, add yourself to the group using:

sudo usermod -aG docker $USER

Binary Packages

launch_ros_sandbox is not yet available as a binary package using APT or any other method.

Installing from source

Dashing (dashing-devel branch)

This is the recommended way to install this software.

  • Install ROS 2 Dashing on your machine following the official instructions. We recommend you use the official binary packages for your platform, if available.
  • Checkout the code source and compile it as follow:
# If you use bash or zsh, source setup.bash or setup.zsh, instead of setup.sh
source /opt/ros/dashing/setup.sh
mkdir -p ~/ros2_dashing_ros_launch_sandbox_ws/src
cd ros2_dashing_ros_launch_sandbox_ws
# Clone this package repository using vcs.
curl https://raw.githubusercontent.com/ros-security/launch_ros_sandbox/master/launch_ros_sandbox.dashing.repos | vcs import src/
# Install all required system dependencies
rosdep update
rosdep install --ignore-packages-from-source --from-paths src/
# Use colcon to compile launch_ros_sandbox code and all its dependencies
colcon build --packages-up-to launch_ros_sandbox

Latest (unstable development - master branch)

Please follow those instructions if you plan to contribute to this repository.

  • Install all software dependencies required for ROS 2 development by following the ROS 2 documentation.
  • Checkout the code source and compile it as follow:
mkdir -p ~/ros2_latest_ros_launch_sandbox_ws/src
cd ros2_latest_ros_launch_sandbox_ws
# Use vcs to clone all required repositories
curl https://raw.githubusercontent.com/ros2/ros2/dashing/ros2.repos | vcs import src/
curl https://raw.githubusercontent.com/ros-security/launch_ros_sandbox/master/launch_ros_sandbox.repos | vcs import src/
# Install all required system dependencies
# Some packages may fail to install, this is expected on an unstable branch,
# and is generally OK.
rosdep update
rosdep install -r --rosdistro=eloquent --ignore-packages-from-source --from-paths src/
# Use colcon to compile launch_ros_sandbox code and all its dependencies
colcon build --packages-up-to launch_ros_sandbox

Usage

A working example is provided in examples/minimal_sandboxed_node_container.launch.py

./examples/minimal_sandboxed_node_container.py

Creating a sandboxed node is very similar to creating a regular launch file.

Add a SandboxedNodeContainer() action like you would with a regular launch file, but make sure to provide the sandbox_name and policy. Adding nodes is also similar to regular launch files, however, you should use launch_ros_sandbox.descriptions.SandboxedNode() instead.

A launch file with nodes running as a certain user would look like:

   def generate_launch_description() -> launch.LaunchDescription:
      ld = launch.LaunchDescription()

      ld.add_action(
            launch_ros_sandbox.actions.SandboxedNodeContainer(
                sandbox_name='my_sandbox',
                policy=UserPolicy(run_as=User.from_username('dashing')),
                node_descriptions=[
                    launch_ros_sandbox.descriptions.SandboxedNode(
                        package='demo_nodes_cpp', node_executable='talker'),
                    launch_ros_sandbox.descriptions.SandboxedNode(
                        package='demo_nodes_cpp', node_executable='listener')
                ]
            )
        )

License

This library is licensed under the Apache 2.0 License.

Build Status

ROS 2 Release Branch Name Development Source Debian Package X86-64 Debian Package ARM64 Debian Package ARMHF Debian package
Latest master Build Status N/A N/A N/A N/A
Dashing dashing-devel Build Status Build Status Build Status N/A N/A