diff options
| author | Zach Reizner <zachr@google.com> | 2017-08-24 14:05:48 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-08 17:35:58 -0700 |
| commit | 22175fe3681d7102bb62fb89b0bb0cb317973bcc (patch) | |
| tree | a84b841845b9ff10d1e300399d789db49fb6a490 /src/hw/proxy.rs | |
| parent | d7f036281d876bfc3a5125eb94d20cb87e3d5a20 (diff) | |
| download | crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar.gz crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar.bz2 crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar.lz crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar.xz crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.tar.zst crosvm-22175fe3681d7102bb62fb89b0bb0cb317973bcc.zip | |
crosvm: add uid_map/gid_map support to jailed devices
This CL includes a small tweak to sys_util so that cloned processes PIDs are returned. The proxy device CHILD_SIGNATURE check was removed because it would deadlock with the synchronization that DeviceManager's post clone callback uses to wait for the id maps to be set. The check wasn't that useful to begin with. This also bumps the libc version. TEST=None BUG=None Change-Id: I881e08c9626e035044b0be1dd2e9fff3e7e61ec1 Reviewed-on: https://chromium-review.googlesource.com/634270 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src/hw/proxy.rs')
| -rw-r--r-- | src/hw/proxy.rs | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/src/hw/proxy.rs b/src/hw/proxy.rs index 001a86b..352bd3f 100644 --- a/src/hw/proxy.rs +++ b/src/hw/proxy.rs @@ -4,6 +4,8 @@ //! Runs hardware devices in child processes. +use libc::pid_t; + use std::io::{Error, ErrorKind, Result}; use std::os::unix::net::UnixDatagram; use std::time::Duration; @@ -15,7 +17,6 @@ use sys_util::{clone_process, CloneNamespace}; const SOCKET_TIMEOUT_MS: u64 = 2000; const MSG_SIZE: usize = 24; -const CHILD_SIGNATURE: [u8; MSG_SIZE] = [0x7f; MSG_SIZE]; enum Command { Read = 0, @@ -26,12 +27,6 @@ enum Command { fn child_proc(sock: UnixDatagram, device: &mut BusDevice) { let mut running = true; - let res = handle_eintr!(sock.send(&CHILD_SIGNATURE)); - if let Err(e) = res { - println!("error: failed to send child started signal: {}", e); - running = false; - } - while running { let mut buf = [0; MSG_SIZE]; match handle_eintr!(sock.recv(&mut buf)) { @@ -79,6 +74,7 @@ fn child_proc(sock: UnixDatagram, device: &mut BusDevice) { /// are inherited, this should be used as early as possible in the main process. pub struct ProxyDevice { sock: UnixDatagram, + pid: pid_t, } impl ProxyDevice { @@ -96,20 +92,21 @@ impl ProxyDevice { { let (child_sock, parent_sock) = UnixDatagram::pair()?; - clone_process(CloneNamespace::NewUserPid, move || { + let pid = clone_process(CloneNamespace::NewUserPid, move || { post_clone_cb(&child_sock); child_proc(child_sock, &mut device); }) .map_err(|e| Error::new(ErrorKind::Other, format!("{:?}", e)))?; - let mut buf = [0; MSG_SIZE]; parent_sock .set_write_timeout(Some(Duration::from_millis(SOCKET_TIMEOUT_MS)))?; parent_sock .set_read_timeout(Some(Duration::from_millis(SOCKET_TIMEOUT_MS)))?; - handle_eintr!(parent_sock.recv(&mut buf))?; - assert_eq!(buf, CHILD_SIGNATURE); - Ok(ProxyDevice { sock: parent_sock }) + Ok(ProxyDevice { sock: parent_sock, pid: pid }) + } + + pub fn pid(&self) -> pid_t { + self.pid } fn send_cmd(&self, cmd: Command, offset: u64, len: u32, data: &[u8]) -> Result<()> { |