diff options
author | Dmitry Torokhov <dtor@chromium.org> | 2019-12-26 14:55:21 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-31 00:19:44 +0000 |
commit | 3dc90d0124ca4d797ff9119daf16016b225c1d96 (patch) | |
tree | 02304a7654a4de3d5c7fb1e9978cc81ac9fcf7ee /src/plugin | |
parent | d4afd7033cecd2c90829ad52621b94fb1baf6430 (diff) | |
download | crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.gz crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.bz2 crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.lz crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.xz crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.tar.zst crosvm-3dc90d0124ca4d797ff9119daf16016b225c1d96.zip |
plugin: mount read-only /proc into the jail
Breakpad requires /proc, so let's mount it (as read only) into plugin jail. We can't initiate it from concierge as concierge can only pass bind mounts to crosvm, whereas here we need to mount or own copy of /proc that reflects out own namespace(s). BUG=None TEST=Run Plugin VM, check /proc of the plugin process. Cq-Depend: 1982695 Change-Id: I5d673e3c8733a61afc5986f9bf110b05c45bbdce Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1982820 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Dmitry Torokhov <dtor@chromium.org> Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
Diffstat (limited to 'src/plugin')
-rw-r--r-- | src/plugin/mod.rs | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/plugin/mod.rs b/src/plugin/mod.rs index 5f9a5db..3f6d704 100644 --- a/src/plugin/mod.rs +++ b/src/plugin/mod.rs @@ -20,7 +20,7 @@ use std::time::{Duration, Instant}; use libc::{ c_int, c_ulong, fcntl, ioctl, socketpair, AF_UNIX, EAGAIN, EBADF, EDEADLK, EEXIST, EINTR, EINVAL, ENOENT, EOVERFLOW, EPERM, FIOCLEX, F_SETPIPE_SZ, MS_NODEV, MS_NOEXEC, MS_NOSUID, - SIGCHLD, SOCK_SEQPACKET, + MS_RDONLY, SIGCHLD, SOCK_SEQPACKET, }; use protobuf::ProtobufError; @@ -70,6 +70,7 @@ pub enum Error { MountLib64(io_jail::Error), MountPlugin(io_jail::Error), MountPluginLib(io_jail::Error), + MountProc(io_jail::Error), MountRoot(io_jail::Error), NoRootDir, ParsePivotRoot(io_jail::Error), @@ -133,7 +134,9 @@ impl Display for Error { DropCapabilities(e) => write!(f, "failed to drop process capabilities: {}", e), EncodeResponse(e) => write!(f, "failed to encode plugin response: {}", e), Mount(e) | MountDev(e) | MountLib(e) | MountLib64(e) | MountPlugin(e) - | MountPluginLib(e) | MountRoot(e) => write!(f, "failed to mount: {}", e), + | MountPluginLib(e) | MountProc(e) | MountRoot(e) => { + write!(f, "failed to mount: {}", e) + } NoRootDir => write!(f, "no root directory for jailed process to pivot root into"), ParsePivotRoot(e) => write!(f, "failed to set jail pivot root: {}", e), ParseSeccomp(e) => write!(f, "failed to parse jail seccomp filter: {}", e), @@ -307,6 +310,16 @@ fn create_plugin_jail(root: &Path, log_failures: bool, seccomp_policy: &Path) -> ) .map_err(Error::MountRoot)?; + // Because we requested to "run as init", minijail will not mount /proc for us even though + // plugin will be running in its own PID namespace, so we have to mount it ourselves. + j.mount( + Path::new("proc"), + Path::new("/proc"), + "proc", + (MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RDONLY) as usize, + ) + .map_err(Error::MountProc)?; + Ok(j) } |