From 1a2683b90dbb65326edd07151ce78c277bfa171b Mon Sep 17 00:00:00 2001 From: Chirantan Ekbote Date: Tue, 26 Nov 2019 16:28:23 +0900 Subject: linux.rs: Remove references to chronos Even when run on Chrome OS, the crosvm process does not have enough privilege to add the chronos user/group to the {u,g}idmap of the 9p device process. This was never cleaned up because we don't use the 9p device in crostini VMs (seneschal spawns 9s servers in a separate process tree). Remove all references to the chronos user/group and just do what the other devices do: use the crosvm user/group if it exists or fall back to the current euid/egid. BUG=chromium:1028442 TEST=Add `--shared-dir` to the command line flags of a termina VM and see that it starts properly Change-Id: Iad4927d37c35709aee6e15f79b316eb88483458f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1935581 Auto-Submit: Chirantan Ekbote Tested-by: kokoro Commit-Queue: Daniel Verkamp Reviewed-by: Daniel Verkamp --- src/linux.rs | 41 ++++------------------------------------- 1 file changed, 4 insertions(+), 37 deletions(-) (limited to 'src/linux.rs') diff --git a/src/linux.rs b/src/linux.rs index ffdb829..c0344b1 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -797,22 +797,14 @@ fn create_fs_device( }) } -fn create_9p_device(cfg: &Config, chronos: Ids, src: &Path, tag: &str) -> DeviceResult { +fn create_9p_device(cfg: &Config, src: &Path, tag: &str) -> DeviceResult { let (jail, root) = match simple_jail(&cfg, "9p_device.policy")? { Some(mut jail) => { // The shared directory becomes the root of the device's file system. let root = Path::new("/"); jail.mount_bind(src, root, true)?; - // Set the uid/gid for the jailed process, and give a basic id map. This - // is required for the above bind mount to work. - jail.change_uid(chronos.uid); - jail.change_gid(chronos.gid); - jail.uidmap(&format!("{0} {0} 1", chronos.uid)) - .map_err(Error::SettingUidMap)?; - jail.gidmap(&format!("{0} {0} 1", chronos.gid)) - .map_err(Error::SettingGidMap)?; - + add_crosvm_user_to_jail(&mut jail, "p9")?; (Some(jail), root) } None => { @@ -1001,7 +993,6 @@ fn create_virtio_devices( devs.push(create_vhost_vsock_device(cfg, cid, mem)?); } - let chronos = get_chronos_ids(); for shared_dir in &cfg.shared_dirs { let SharedDir { src, @@ -1014,7 +1005,7 @@ fn create_virtio_devices( let dev = match kind { SharedDirKind::FS => create_fs_device(cfg, uid_map, gid_map, src, tag, fs_cfg.clone())?, - SharedDirKind::P9 => create_9p_device(cfg, chronos, src, tag)?, + SharedDirKind::P9 => create_9p_device(cfg, src, tag)?, }; devs.push(dev); } @@ -1107,36 +1098,12 @@ fn create_devices( } #[derive(Copy, Clone)] +#[cfg_attr(not(feature = "tpm"), allow(dead_code))] struct Ids { uid: uid_t, gid: gid_t, } -fn get_chronos_ids() -> Ids { - let chronos_user_group = CStr::from_bytes_with_nul(b"chronos\0").unwrap(); - - let chronos_uid = match get_user_id(&chronos_user_group) { - Ok(u) => u, - Err(e) => { - warn!("falling back to current user id for 9p: {}", e); - geteuid() - } - }; - - let chronos_gid = match get_group_id(&chronos_user_group) { - Ok(u) => u, - Err(e) => { - warn!("falling back to current group id for 9p: {}", e); - getegid() - } - }; - - Ids { - uid: chronos_uid, - gid: chronos_gid, - } -} - // Set the uid/gid for the jailed process and give a basic id map. This is // required for bind mounts to work. fn add_crosvm_user_to_jail(jail: &mut Minijail, feature: &str) -> Result { -- cgit 1.4.1