summary refs log tree commit diff
path: root/src/linux.rs
diff options
context:
space:
mode:
authorChirantan Ekbote <chirantan@chromium.org>2018-01-24 13:47:58 -0800
committerchrome-bot <chrome-bot@chromium.org>2018-01-25 16:34:25 -0800
commit0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8 (patch)
tree671b831c655b60d877399fb3021dc72d94c47480 /src/linux.rs
parent91fcad35c5a09cdb9379824be4edc84ca09f411d (diff)
downloadcrosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar.gz
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar.bz2
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar.lz
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar.xz
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.tar.zst
crosvm-0ba70d8d3c69a4fa8853d317e2dc1f45dd25acd8.zip
Change the group for the wayland process to crosvm
Now that the crosvm user is part of the wayland group, we don't need to
explicitly set the group of the wayland process to wayland. This also
allows to drop CAP_SETUID and CAP_SETGID from the set of capabilities
granted to crosvm.

BUG=chromium:786663
TEST=Start a VM with graphics through crosvm
CQ-DEPEND=CL:885264

Change-Id: If0675f60a13314d35baca4657a637fd8c3998668
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/885245
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r--src/linux.rs16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/linux.rs b/src/linux.rs
index 6446972..b22c043 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -409,11 +409,6 @@ fn setup_mmio_bus(cfg: &Config,
 
             // Set the uid/gid for the jailed process, and give a basic id map. This
             // is required for the above bind mount to work.
-            let wayland_group = cfg.wayland_group.as_ref().map(|s| s.as_str()).unwrap_or("wayland");
-            let wayland_cstr = CString::new(wayland_group).unwrap();
-            let wayland_gid = get_group_id(&wayland_cstr)
-                .map_err(Error::GetWaylandGroup)?;
-
             let crosvm_user_group = CStr::from_bytes_with_nul(b"crosvm\0").unwrap();
             let crosvm_uid = match get_user_id(&crosvm_user_group) {
                 Ok(u) => u,
@@ -422,11 +417,18 @@ fn setup_mmio_bus(cfg: &Config,
                     geteuid()
                 }
             };
+            let crosvm_gid = match get_group_id(&crosvm_user_group) {
+                Ok(u) => u,
+                Err(e) => {
+                    warn!("falling back to current group id for Wayland: {:?}", e);
+                    getegid()
+                }
+            };
             jail.change_uid(crosvm_uid);
-            jail.change_gid(wayland_gid);
+            jail.change_gid(crosvm_gid);
             jail.uidmap(&format!("{0} {0} 1", crosvm_uid))
                 .map_err(Error::SettingUidMap)?;
-            jail.gidmap(&format!("{0} {0} 1", wayland_gid))
+            jail.gidmap(&format!("{0} {0} 1", crosvm_gid))
                 .map_err(Error::SettingGidMap)?;
 
             Some(jail)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 13:32:42 +0000