New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 703938 link

Starred by 1 user
Status: Fixed
Owner:
smbar...@chromium.org
Closed: Nov 2017
Cc:
hannia@google.com
slavamn@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

NFS exports a subdirectory of the user’s home directory for each installed application

Project Member Reported by hannia@chromium.org, Mar 22 2017 
NFS exports a subdirectory of the user’s home directory for each installed application

Comment 1 by dgreid@chromium.org, Jul 5 2017

Labels: OS-Chrome

Comment 2 by smbar...@chromium.org, Sep 21 2017

Cc: slavamn@chromium.org
Owner: smbar...@chromium.org
Status: Started (was: Untriaged)
Plumbing for this is in progress. Subtasks include:
1) Refactoring vm_launcher support to handle managing export IDs
2) Creating/managing VM sandbox directories on the host (/home/root/<blah>/vm-data/<vm name>
3) Authenticating NFS via IP only, and adding iptables rules on the host to blackhole VM traffic if a VM tries to change its IP.
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/469e9dfd572a82916f67f44d677a0f5b1a4b4195

commit 469e9dfd572a82916f67f44d677a0f5b1a4b4195
Author: Stephen Barber <smbarber@chromium.org>
Date: Tue Oct 03 03:25:24 2017

vm_tools: launcher: refactor nfs_launcher

One instance of ganesha can be shared among multiple VMs, but
each VM will be restricted to a single sandbox directory on
the host. Each sandbox directory will receive its own export,
which will be accessible to a single VM.

BUG= chromium:703938 
TEST=launch VM and observe the joys of NFS

Change-Id: I39d976569dbac58372ddd7e6e639b04edf36aedc
Reviewed-on: https://chromium-review.googlesource.com/679920
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/host.gypi
[delete] https://crrev.com/01c22576c5c7c5090f8c5ec774fe354efb6e8e06/vm_tools/launcher/nfs_launcher.h
[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/subnet.h
[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/vm_launcher.cc
[delete] https://crrev.com/01c22576c5c7c5090f8c5ec774fe354efb6e8e06/vm_tools/launcher/nfs_launcher.cc
[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/crosvm.h
[add] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/nfs_export.cc
[add] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/nfs_export.h
[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/crosvm.cc
[modify] https://crrev.com/469e9dfd572a82916f67f44d677a0f5b1a4b4195/vm_tools/launcher/subnet.cc

Comment 4 by smbar...@chromium.org, Nov 18 2017

Status: Fixed (was: Started)

Comment 5 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Comment 6 by dchan@chromium.org, Jan 23 2018

Status: Fixed (was: Archived)

Comment 7 by vapier@chromium.org, May 9 2018

Components: OS>Systems>Containers

Comment 8 by vapier@chromium.org, May 17 2018

Labels: -Restrict-View-Google

Sign in to add a comment