diff options
| author | Zach Reizner <zachr@google.com> | 2018-01-23 21:16:42 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-02-12 22:42:34 -0800 |
| commit | cc30d58c18353905154173bab850d3610c7d01bc (patch) | |
| tree | 4da2ae3f20644d168309a681e825bdbaa0b9dbad /src/main.rs | |
| parent | 8864cb0f3a9184e2420bbad64c43fcddf161e427 (diff) | |
| download | crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar.gz crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar.bz2 crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar.lz crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar.xz crosvm-cc30d58c18353905154173bab850d3610c7d01bc.tar.zst crosvm-cc30d58c18353905154173bab850d3610c7d01bc.zip | |
crosvm: run plugin process in a jail by default
The plugin process is similar to a virtual device from the perspective of crosvm. Therefore, the plugin process should be run in a jail, similar to the other devices in crosvm. TEST=cargo build --features plugin; ./build_test BUG=chromium:800626 Change-Id: I881d7b0f8a11e2626f69a5fa0eee0aa59bb6b6be Reviewed-on: https://chromium-review.googlesource.com/882131 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/main.rs b/src/main.rs index 27fedfd..7e2d103 100644 --- a/src/main.rs +++ b/src/main.rs @@ -307,7 +307,14 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument:: } else if cfg.plugin.is_some() { return Err(argument::Error::TooManyArguments("`plugin` already given".to_owned())); } - cfg.plugin = Some(PathBuf::from(value.unwrap().to_owned())); + let plugin = PathBuf::from(value.unwrap().to_owned()); + if plugin.is_relative() { + return Err(argument::Error::InvalidValue { + value: plugin.to_string_lossy().into_owned(), + expected: "the plugin path must be an absolute path", + }) + } + cfg.plugin = Some(plugin); } "help" => return Err(argument::Error::PrintHelp), _ => unreachable!(), @@ -354,7 +361,7 @@ fn run_vm(args: std::env::Args) -> i32 { Argument::value("cid", "CID", "Context ID for virtual sockets"), Argument::value("seccomp-policy-dir", "PATH", "Path to seccomp .policy files."), #[cfg(feature = "plugin")] - Argument::value("plugin", "PATH", "Path to plugin process to run under crosvm."), + Argument::value("plugin", "PATH", "Absolute path to plugin process to run under crosvm."), Argument::short_flag('h', "help", "Print help message.")]; let mut cfg = Config::default(); |