diff options
author | Chirantan Ekbote <chirantan@chromium.org> | 2018-11-16 16:37:45 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-01-07 19:40:15 -0800 |
commit | d41d726c2f977789fdd3f6cd701f0c7616b778ac (patch) | |
tree | 0fb2fb98ea397ad1abbe729ee1e3e7e8e20b667e /src/plugin | |
parent | c1a40a74145b511240bb3f4b894e1955a44b5ed2 (diff) | |
download | crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar.gz crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar.bz2 crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar.lz crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar.xz crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.tar.zst crosvm-d41d726c2f977789fdd3f6cd701f0c7616b778ac.zip |
Add support for plugin mounts
The plugin process may need access to writable directories where it can store its state. Add a plugin-mount option to specify paths that should be mounted into the plugin's jail. BUG=b:80150167 TEST=run plugin_adder and plugin_net_config Change-Id: I2c87d19ab67edaaf99a2cfea6872d3531101d260 Signed-off-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1341106
Diffstat (limited to 'src/plugin')
-rw-r--r-- | src/plugin/mod.rs | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/plugin/mod.rs b/src/plugin/mod.rs index 4f50d5e..7163d7a 100644 --- a/src/plugin/mod.rs +++ b/src/plugin/mod.rs @@ -60,6 +60,7 @@ pub enum Error { CreateVm(SysError), DecodeRequest(ProtobufError), EncodeResponse(ProtobufError), + Mount(io_jail::Error), MountLib(io_jail::Error), MountLib64(io_jail::Error), MountPlugin(io_jail::Error), @@ -127,6 +128,7 @@ impl fmt::Display for Error { Error::CreateVm(ref e) => write!(f, "error creating vm: {:?}", e), Error::DecodeRequest(ref e) => write!(f, "failed to decode plugin request: {}", e), Error::EncodeResponse(ref e) => write!(f, "failed to encode plugin response: {}", e), + Error::Mount(ref e) => write!(f, "failed to mount: {}", e), Error::MountLib(ref e) => write!(f, "failed to mount: {}", e), Error::MountLib64(ref e) => write!(f, "failed to mount: {}", e), Error::MountPlugin(ref e) => write!(f, "failed to mount: {}", e), @@ -492,7 +494,13 @@ pub fn run_config(cfg: Config) -> Result<()> { } let policy_path = cfg.seccomp_policy_dir.join("plugin.policy"); - let jail = create_plugin_jail(root_path, &policy_path)?; + let mut jail = create_plugin_jail(root_path, &policy_path)?; + + for bind_mount in &cfg.plugin_mounts { + jail.mount_bind(&bind_mount.src, &bind_mount.dst, bind_mount.writable) + .map_err(Error::Mount)?; + } + Some(jail) } else { None |