summary refs log tree commit diff
path: root/src/plugin
diff options
context:
space:
mode:
authorDmitry Torokhov <dtor@chromium.org>2019-12-26 14:55:21 -0800
committerCommit Bot <commit-bot@chromium.org>2019-12-31 00:19:44 +0000
commit3dc90d0124ca4d797ff9119daf16016b225c1d96 (patch)
tree02304a7654a4de3d5c7fb1e9978cc81ac9fcf7ee /src/plugin
parentd4afd7033cecd2c90829ad52621b94fb1baf6430 (diff)
downloadcrosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.gz
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.bz2
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.lz
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.xz
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.zst
crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.zip
plugin: mount read-only /proc into the jail
Breakpad requires /proc, so let's mount it (as read only) into plugin
jail. We can't initiate it from concierge as concierge can only pass
bind mounts to crosvm, whereas here we need to mount or own copy of
/proc that reflects out own namespace(s).

BUG=None
TEST=Run Plugin VM, check /proc of the plugin process.

Cq-Depend: 1982695
Change-Id: I5d673e3c8733a61afc5986f9bf110b05c45bbdce
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1982820
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
Diffstat (limited to 'src/plugin')
-rw-r--r--src/plugin/mod.rs17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/plugin/mod.rs b/src/plugin/mod.rs
index 5f9a5db..3f6d704 100644
--- a/src/plugin/mod.rs
+++ b/src/plugin/mod.rs
@@ -20,7 +20,7 @@ use std::time::{Duration, Instant};
 use libc::{
     c_int, c_ulong, fcntl, ioctl, socketpair, AF_UNIX, EAGAIN, EBADF, EDEADLK, EEXIST, EINTR,
     EINVAL, ENOENT, EOVERFLOW, EPERM, FIOCLEX, F_SETPIPE_SZ, MS_NODEV, MS_NOEXEC, MS_NOSUID,
-    SIGCHLD, SOCK_SEQPACKET,
+    MS_RDONLY, SIGCHLD, SOCK_SEQPACKET,
 };
 
 use protobuf::ProtobufError;
@@ -70,6 +70,7 @@ pub enum Error {
     MountLib64(io_jail::Error),
     MountPlugin(io_jail::Error),
     MountPluginLib(io_jail::Error),
+    MountProc(io_jail::Error),
     MountRoot(io_jail::Error),
     NoRootDir,
     ParsePivotRoot(io_jail::Error),
@@ -133,7 +134,9 @@ impl Display for Error {
             DropCapabilities(e) => write!(f, "failed to drop process capabilities: {}", e),
             EncodeResponse(e) => write!(f, "failed to encode plugin response: {}", e),
             Mount(e) | MountDev(e) | MountLib(e) | MountLib64(e) | MountPlugin(e)
-            | MountPluginLib(e) | MountRoot(e) => write!(f, "failed to mount: {}", e),
+            | MountPluginLib(e) | MountProc(e) | MountRoot(e) => {
+                write!(f, "failed to mount: {}", e)
+            }
             NoRootDir => write!(f, "no root directory for jailed process to pivot root into"),
             ParsePivotRoot(e) => write!(f, "failed to set jail pivot root: {}", e),
             ParseSeccomp(e) => write!(f, "failed to parse jail seccomp filter: {}", e),
@@ -307,6 +310,16 @@ fn create_plugin_jail(root: &Path, log_failures: bool, seccomp_policy: &Path) ->
     )
     .map_err(Error::MountRoot)?;
 
+    // Because we requested to "run as init", minijail will not mount /proc for us even though
+    // plugin will be running in its own PID namespace, so we have to mount it ourselves.
+    j.mount(
+        Path::new("proc"),
+        Path::new("/proc"),
+        "proc",
+        (MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RDONLY) as usize,
+    )
+    .map_err(Error::MountProc)?;
+
     Ok(j)
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-04 19:19:58 +0000