Issue 706498 link

Starred by 2 users

Issue metadata

Status:	Assigned
Owner:	apronin@chromium.org
Components:	OS>Systems>Security
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug

attestationd: mkdir not allowed by minijail

Project Member Reported by apronin@chromium.org, Mar 29 2017

Issue description

If /mnt/stateful_partition/unencrypted/preserve directory doesn't exist when attestationd needs to write attestaion.epb file, it attempts to create that directory. That fails since mkdir is not allowed by minijail:
2017-03-29T11:31:42.120079-07:00 ERR attestationd[4871]: libminijail[4871]: blocked syscall: mkdir


Note that if the directory doesn't exist when the daemon starts, the upstart script fails since it attempts the following in pre-start:
  chgrp preserve /mnt/stateful_partition/unencrypted/preserve
  chmod 775 /mnt/stateful_partition/unencrypted/preserve

Same thing should be happening with tpm_managerd and /var/lib/tpm_manager/local_tpm_data

It also starts with base::CreateDirectory() when writing to the file.

Comment 1 by zalcorn@chromium.org, Sep 28

Triage nag: This Chrome OS bug has an owner but no component. Please add a component so that this can be tracked by the relevant team.

Comment 2 by apronin@chromium.org, Oct 12

Components: OS>Systems>Security

►

Issue 706498 link

Issue metadata

attestationd: mkdir not allowed by minijail

Issue description

Comment 1 by zalcorn@chromium.org, Sep 28

Comment 1 Deleted

Comment 2 by apronin@chromium.org, Oct 12

Comment 2 Deleted

Sign in to add a comment