diff options
author | Dylan Reid <dgreid@chromium.org> | 2017-10-02 19:04:50 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-03 17:28:26 -0700 |
commit | d0c9adc642fc968cb347952eed1d7fd0d0a8e80e (patch) | |
tree | 6a35a9bd1515df7b9fa38b430d39c80a231e7b60 /src/main.rs | |
parent | e026ef09181775c3ab5f40157335337b90a5b536 (diff) | |
download | crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar.gz crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar.bz2 crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar.lz crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar.xz crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.tar.zst crosvm-d0c9adc642fc968cb347952eed1d7fd0d0a8e80e.zip |
main: Default to sandboxed devices
Change the default option to use a sanboxxed process for each device. The old behavior can be re-enabled with the `--disable-sandbox` flag. Change-Id: I65762a6cb52afac210fc0e683d999f20fe67a57e Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/696715 Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src/main.rs')
-rw-r--r-- | src/main.rs | 51 |
1 files changed, 35 insertions, 16 deletions
diff --git a/src/main.rs b/src/main.rs index 11a0900..894d3db 100644 --- a/src/main.rs +++ b/src/main.rs @@ -183,7 +183,6 @@ struct DiskOption { writable: bool, } -#[derive(Default)] struct Config { disks: Vec<DiskOption>, vcpu_count: Option<u32>, @@ -197,10 +196,31 @@ struct Config { disable_wayland: bool, socket_path: Option<PathBuf>, multiprocess: bool, - seccomp_policy_dir: Option<String>, + seccomp_policy_dir: PathBuf, cid: Option<u64>, } +impl Default for Config { + fn default() -> Config { + Config { + disks: Vec::new(), + vcpu_count: None, + memory: None, + kernel_path: PathBuf::default(), + params: String::new(), + host_ip: None, + netmask: None, + mac_address: None, + vhost_net: false, + disable_wayland: false, + socket_path: None, + multiprocess: true, + seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), + cid: None, + } + } +} + const KERNEL_START_OFFSET: usize = 0x200000; const CMDLINE_OFFSET: usize = 0x20000; const CMDLINE_MAX_SIZE: usize = KERNEL_START_OFFSET - CMDLINE_OFFSET; @@ -257,11 +277,6 @@ fn wait_all_children() -> bool { } fn run_config(cfg: Config) -> Result<()> { - let seccomp_policy_dir = match cfg.seccomp_policy_dir { - Some(ref p) => PathBuf::from(p), - None => PathBuf::from(SECCOMP_POLICY_DIR), - }; - if cfg.multiprocess { // Printing something to the syslog before entering minijail so that libc's syslogger has a // chance to open files necessary for its operation, like `/etc/localtime`. After jailing, @@ -307,7 +322,7 @@ fn run_config(cfg: Config) -> Result<()> { .map_err(|e| Error::BlockDeviceNew(e))?); let jail = if cfg.multiprocess { let block_root_path = block_root.as_path().unwrap(); // Won't fail if new succeeded. - let policy_path: PathBuf = seccomp_policy_dir.join("block_device.policy"); + let policy_path: PathBuf = cfg.seccomp_policy_dir.join("block_device.policy"); Some(create_base_minijail(block_root_path, &policy_path)?) } else { @@ -323,7 +338,7 @@ fn run_config(cfg: Config) -> Result<()> { let rng_box = Box::new(hw::virtio::Rng::new().map_err(Error::RngDeviceNew)?); let rng_jail = if cfg.multiprocess { let rng_root_path = rng_root.as_path().unwrap(); // Won't fail if new succeeded. - let policy_path: PathBuf = seccomp_policy_dir.join("rng_device.policy"); + let policy_path: PathBuf = cfg.seccomp_policy_dir.join("rng_device.policy"); Some(create_base_minijail(rng_root_path, &policy_path)?) } else { None @@ -348,9 +363,9 @@ fn run_config(cfg: Config) -> Result<()> { let net_root_path = net_root.as_path().unwrap(); // Won't fail if new succeeded. let policy_path: PathBuf = if cfg.vhost_net { - seccomp_policy_dir.join("vhost_net_device.policy") + cfg.seccomp_policy_dir.join("vhost_net_device.policy") } else { - seccomp_policy_dir.join("net_device.policy") + cfg.seccomp_policy_dir.join("net_device.policy") }; Some(create_base_minijail(net_root_path, &policy_path)?) @@ -384,7 +399,7 @@ fn run_config(cfg: Config) -> Result<()> { let jail = if cfg.multiprocess { let wl_root_path = wl_root.as_path().unwrap(); // Won't fail if new succeeded. - let policy_path: PathBuf = seccomp_policy_dir.join("wl_device.policy"); + let policy_path: PathBuf = cfg.seccomp_policy_dir.join("wl_device.policy"); let mut jail = create_base_minijail(wl_root_path, &policy_path)?; // Map the jail's root uid/gid to the main processes effective uid/gid so that // the jailed device can access the wayland-0 socket with the same credentials @@ -410,7 +425,7 @@ fn run_config(cfg: Config) -> Result<()> { let jail = if cfg.multiprocess { let root_path = vsock_root.as_path().unwrap(); - let policy_path: PathBuf = seccomp_policy_dir.join("vhost_vsock_device.policy"); + let policy_path: PathBuf = cfg.seccomp_policy_dir.join("vhost_vsock_device.policy"); Some(create_base_minijail(root_path, &policy_path)?) } else { @@ -871,6 +886,9 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument:: "multiprocess" => { cfg.multiprocess = true; } + "disable-sandbox" => { + cfg.multiprocess = false; + } "cid" => { if cfg.cid.is_some() { return Err(argument::Error::TooManyArguments("`cid` alread given".to_owned())); @@ -883,8 +901,8 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument:: })?); } "seccomp-policy-dir" => { - // Value is Some because we are in this match so it's safe to unwrap. - cfg.seccomp_policy_dir = Some(value.unwrap().to_owned()); + // `value` is Some because we are in this match so it's safe to unwrap. + cfg.seccomp_policy_dir = PathBuf::from(value.unwrap()); }, "help" => return Err(argument::Error::PrintHelp), _ => unreachable!(), @@ -921,7 +939,8 @@ fn run_vm(args: std::env::Args) { "socket", "PATH", "Path to put the control socket. If PATH is a directory, a name will be generated."), - Argument::short_flag('u', "multiprocess", "Run each device in a child process."), + Argument::short_flag('u', "multiprocess", "Run each device in a child process(default)."), + Argument::flag("disable-sandbox", "Run all devices in one, non-sandboxed process."), Argument::value("cid", "CID", "Context ID for virtual sockets"), Argument::value("seccomp-policy-dir", "PATH", "Path to seccomp .policy files."), Argument::short_flag('h', "help", "Print help message.")]; |