diff options
| author | Chirantan Ekbote <chirantan@chromium.org> | 2018-01-04 16:17:30 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-01-05 23:59:06 -0800 |
| commit | 77ba796cf91fa671aa250385503219c01a993579 (patch) | |
| tree | 8a1cf8679937c8041e1245bfe128d65e1a6ab23a /io_jail | |
| parent | df48453432ec28ede00d22557975571ec74f8918 (diff) | |
| download | crosvm-77ba796cf91fa671aa250385503219c01a993579.tar crosvm-77ba796cf91fa671aa250385503219c01a993579.tar.gz crosvm-77ba796cf91fa671aa250385503219c01a993579.tar.bz2 crosvm-77ba796cf91fa671aa250385503219c01a993579.tar.lz crosvm-77ba796cf91fa671aa250385503219c01a993579.tar.xz crosvm-77ba796cf91fa671aa250385503219c01a993579.tar.zst crosvm-77ba796cf91fa671aa250385503219c01a993579.zip | |
io_jail: add minijail_mount
Add support for minijail_mount and minijail_mount_with_data. This will be used by the jail for the wayland device. BUG=none TEST=filesystem is mounted inside the jail Change-Id: I6ad9933d057e7642a7551a6a316ff65d3b95a9dd Signed-off-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/851412 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'io_jail')
| -rw-r--r-- | io_jail/src/lib.rs | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs index c7587a1..509722c 100644 --- a/io_jail/src/lib.rs +++ b/io_jail/src/lib.rs @@ -26,6 +26,15 @@ pub enum Error { src: PathBuf, dst: PathBuf, }, + // minijail failed to accept mount. + Mount { + errno: i32, + src: PathBuf, + dest: PathBuf, + fstype: String, + flags: usize, + data: String, + }, /// Failure to count the number of threads in /proc/self/tasks. CheckingMultiThreaded(io::Error), /// minjail_new failed, this is an allocation failure. @@ -74,6 +83,24 @@ impl fmt::Display for Error { dst, errno) } + &Error::Mount { + errno, + ref src, + ref dest, + ref fstype, + flags, + ref data, + } => { + write!(f, + "failed to accept mount {:?} -> {:?} of type {:?} with flags 0x{:x} \ + and data {:?}: {}", + src, + dest, + fstype, + flags, + data, + errno) + } &Error::CheckingMultiThreaded(ref e) => { write!(f, "Failed to count the number of threads from /proc/self/tasks {}", e) }, @@ -322,6 +349,45 @@ impl Minijail { } Ok(()) } + pub fn mount(&mut self, src: &Path, dest: &Path, fstype: &str, flags: usize) -> Result<()> { + self.mount_with_data(src, dest, fstype, flags, "") + } + pub fn mount_with_data(&mut self, src: &Path, dest: &Path, fstype: &str, + flags: usize, data: &str) -> Result<()> { + let src_os = src.as_os_str() + .to_str() + .ok_or(Error::PathToCString(src.to_owned()))?; + let src_path = CString::new(src_os) + .map_err(|_| Error::StrToCString(src_os.to_owned()))?; + let dest_os = dest.as_os_str() + .to_str() + .ok_or(Error::PathToCString(dest.to_owned()))?; + let dest_path = CString::new(dest_os) + .map_err(|_| Error::StrToCString(dest_os.to_owned()))?; + let fstype_string = CString::new(fstype) + .map_err(|_| Error::StrToCString(fstype.to_owned()))?; + let data_string = CString::new(data) + .map_err(|_| Error::StrToCString(data.to_owned()))?; + let ret = unsafe { + libminijail::minijail_mount_with_data(self.jail, + src_path.as_ptr(), + dest_path.as_ptr(), + fstype_string.as_ptr(), + flags as _, + data_string.as_ptr()) + }; + if ret < 0 { + return Err(Error::Mount { + errno: ret, + src: src.to_owned(), + dest: dest.to_owned(), + fstype: fstype.to_owned(), + flags: flags, + data: data.to_owned(), + }); + } + Ok(()) + } pub fn mount_tmp(&mut self) { unsafe { libminijail::minijail_mount_tmp(self.jail); } } |