diff options
| author | Zach Reizner <zachr@google.com> | 2017-06-30 15:46:25 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-30 22:24:50 -0700 |
| commit | 848b9ff6251ef125d394026d08c1a183395171f9 (patch) | |
| tree | 26b26163f927954e994ac505bf3e8526007d95bd /io_jail/src | |
| parent | 1247525aace195ea30dae8f969f51690aed7c281 (diff) | |
| download | crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar.gz crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar.bz2 crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar.lz crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar.xz crosvm-848b9ff6251ef125d394026d08c1a183395171f9.tar.zst crosvm-848b9ff6251ef125d394026d08c1a183395171f9.zip | |
io_jail: add bind mount
This will be used by some device jails to get access to unix sockets after being jailed. TEST=None BUG=None Change-Id: I870bfb155b275769ccb3248b1441e7c0b8f20ad7 Reviewed-on: https://chromium-review.googlesource.com/558447 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'io_jail/src')
| -rw-r--r-- | io_jail/src/lib.rs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs index 04b8070..d225e85 100644 --- a/io_jail/src/lib.rs +++ b/io_jail/src/lib.rs @@ -18,6 +18,8 @@ use std::str::FromStr; #[derive(Debug)] pub enum Error { + // minijail failed to accept bind mount. + BindMount(i32), /// minjail_new failed, this is an allocation failure. CreatingMinijail, /// The path or name string passed in didn't parse to a valid CString. @@ -208,6 +210,17 @@ impl Minijail { pub fn mount_tmp_size(&mut self, size: usize) { unsafe { libminijail::minijail_mount_tmp_size(self.jail, size); } } + pub fn mount_bind(&mut self, src: &Path, dest: &Path, writable: bool) -> Result<()> { + let src = src.as_os_str().to_str().ok_or(Error::InvalidCString)?; + let src = CString::new(src).map_err(|_| Error::InvalidCString)?; + let dest = dest.as_os_str().to_str().ok_or(Error::InvalidCString)?; + let dest = CString::new(dest).map_err(|_| Error::InvalidCString)?; + let ret = unsafe { libminijail::minijail_bind(self.jail, src.as_ptr(), dest.as_ptr(), writable as _) }; + if ret < 0 { + return Err(Error::BindMount(ret)); + } + Ok(()) + } /// Enters the previously configured minijail. /// `enter` is unsafe because it closes all open FD for this process. That |