mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-25 13:23:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/e2e_tests/Cargo.toml
Changyuan Lyu 757e70339c device: fs/9p: add options to specify uid and gid 
New options uid and gid are added to the virtiofs/virito9p device to
allow specifying the uid/gid of the virtiofs/virito9p process in its
own user namespace created by minijail.

With these options:
* An identity mapping of the current host UID/GID can be set up
  between the host and the VM.
* The crosvm process does not need CAP_SETUID/CAP_SETGID.

Background: go/crosvm-virtiofs-transparent.
If the crosvm process has no CAP_SETGID/CAP_SETUID, the
uid_map/gid_map for the virtiofs process is limited by the kernel
function new_idmap_permitted() in linux/kernel/user_namespace.c.
Say the crosvm process UID is 5000, the uid_map has to be of the form
`<uid inside> 5000 1`. Currently crosvm requires `<uid inside>` to be
0.

These two options are useful when
* crosvm cannot get capabilities,
* there is only one user in the VM accessing the shared files so
  changing uid/gid would not happen,
* Only files owned by the current host user (say 5000) are shared to
  the VM, and these files need to be owned by the same uid (5000)
  in the VM.

If a user use "uid=5000" and "uidmap=5000 5000 1", the device
process changes its uid to 5000 before starting serving requests.
Now we have an identity mapping of user 5000 inside and outside the
device's minijail sandbox, and also inside and outside the VM.

If multiple users want to access the shared
file, gid/uid options are useless. It's be better to create a new
user namespace and give CAP_SETUID/CAP_SETGID to the crosvm.

TEST=cargo test; cargo test -p devices
TEST=cargo test --package e2e_tests --test fs
BUG=b:273346109

Change-Id: I1c59530e1e8bc968a54f40633c444eb64c700e55
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4299943
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Changyuan Lyu <changyuanl@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
2023-04-10 18:47:41 +00:00

16 lines
283 B
TOML
Raw Blame History

[package]
name = "e2e_tests"
version = "0.1.0"
authors = ["The ChromiumOS Authors"]
edition = "2021"
[dev-dependencies]
anyhow = "*"
fixture = { path = "fixture" }
rand = "0.8"
tempfile = "3"
prebuilts = { path = "../prebuilts" }
base = { path = "../base" }
[features]
direct = []
Reference in a new issue View git blame Copy permalink