New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 637830 link

Starred by 4 users
Status: Assigned
Owner:
elijahtaylor@chromium.org
Cc:
atwilson@chromium.org
dgreid@chromium.org
reve...@chromium.org
bartfab@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

/var/run/chrome shared for ARC++ / non-ARC++ purposes

Project Member Reported by mnissler@chromium.org, Aug 15 2016 
Apparently there's a conflict about how /var/run/chrome should be used:

1. There's enterprise scheduled reboot code making use of a "/run/chrome/update_reboot_needed_uptime" file: https://cs.chromium.org/chromium/src/chromeos/chromeos_paths.cc?rcl=1470626560&l=38

2. ARC's wayland compositor code uses "/var/run/chrome/wayland-0" for communication between the container and host side. For this purpose, the /var/run/chrome directory is mounted into the container.

The file from (1) should not be visible to the container; in general we don't want files present in the container that aren't relevant for ARC++ purposes.

I don't think there is an actual security issue at this point, since the file permissions should prevent access to the file from inside the container and the container can't create files (and thus force reboots).

In the interest of avoiding confusion and issues cropping up with code changes in the future, we should still de-tangle dual-purpose use of this directory.

I'll leave it to you to fight over who gets to keep /var/run/chrome ;)

Comment 1 by dgreid@chromium.org, Aug 15 2016 

I'd vote to leave /var/run/chrome for chrome.  Things mounted in to containers can be given their own path.  Giving Wayland and arc-bridge their own directories makes sense anyways, they are unrelated from the containers perspective.

Comment 2 by och...@chromium.org, Aug 15 2016

Labels: -Type-Bug-Security Type-Bug
Flipping to Type=Bug as there's no concrete security issue here.

Comment 3 by atwilson@chromium.org, Aug 16 2016

Labels: Enterprise-Triaged

Comment 4 by dchan@chromium.org, Aug 16 2016

Owner: atwilson@chromium.org
+atwilson, please assign

Comment 5 by dchan@chromium.org, Sep 13 2016

Status: Available (was: Untriaged)

Comment 6 by atwilson@chromium.org, Oct 14 2016

Cc: -elijahtaylor@chromium.org atwilson@chromium.org
Owner: elijahtaylor@chromium.org
Sounds like enterprise's use of /var/run/chrome is correct per comment #1. Reassigning to Elijah to figure out who is the right owner to redirect compositor and arc-bridge to use a different directory.

Comment 7 by dgreid@chromium.org, Oct 15 2016

Cc: reve...@chromium.org
I'm OK making a separate directory for the bridge and moving wayland to a more standard wayland location.
Project Member

Comment 8 by sheriffbot@chromium.org, Oct 16 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 9 by benhenry@chromium.org, Aug 1

Status: Assigned (was: Untriaged)

Sign in to add a comment